KubeZero/charts/kubezero-argo/templates/argo-cd/istio-authorization-policy.yaml

29 lines
722 B
YAML
Raw Normal View History

2024-03-27 11:34:19 +00:00
{{- if index .Values "argo-cd" "istio" "enabled" }}
{{- if index .Values "argo-cd" "istio" "ipBlocks" }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: argocd-deny-not-in-ipblocks
namespace: istio-system
labels:
{{- include "kubezero-lib.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
app: istio-ingressgateway
action: DENY
rules:
- from:
- source:
notIpBlocks:
{{- toYaml (index .Values "argo-cd" "istio" "ipBlocks") | nindent 8 }}
2024-03-27 11:34:19 +00:00
to:
- operation:
hosts: [{{ get (urlParse (index .Values "argo-cd" "configs" "cm" "url")) "host" }}]
2024-03-27 11:34:19 +00:00
when:
- key: connection.sni
values:
- '*'
{{- end }}
{{- end }}