KubeZero/charts/kubezero-redis/templates/istio-authorization-policy.yaml

27 lines
649 B
YAML
Raw Normal View History

{{- if .Values.istio.enabled }}
{{- if .Values.istio.ipBlocks }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: {{ .Release.Namespace }}-redis-deny-not-in-ipblocks
namespace: {{ .Release.Namespace }}
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
spec:
selector:
matchLabels:
app: istio-private-ingressgateway
action: DENY
rules:
- from:
- source:
notIpBlocks:
{{- with .Values.istio.ipBlocks }}
{{- . | toYaml | nindent 8 }}
{{- end }}
to:
- operation:
ports: ["{{ default 6379 .Values.redis.redisPort }}"]
{{- end }}
{{- end }}