KubeZero/charts/kubezero-argocd/templates/istio-authorization-policy.yaml

29 lines
647 B
YAML
Raw Normal View History

2020-11-24 14:44:57 +00:00
{{- if .Values.istio.enabled }}
{{- if .Values.istio.ipBlocks }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
2020-07-29 17:02:18 +00:00
name: argocd-deny-not-in-ipblocks
2021-11-11 15:58:58 +00:00
namespace: istio-system
2020-08-06 17:15:20 +00:00
labels:
2021-11-11 15:58:58 +00:00
{{- include "kubezero-lib.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
app: istio-ingressgateway
2020-07-29 17:02:18 +00:00
action: DENY
rules:
- from:
- source:
2020-07-29 17:02:18 +00:00
notIpBlocks:
2021-11-11 15:58:58 +00:00
{{- toYaml .Values.istio.ipBlocks | nindent 8 }}
2022-01-28 16:22:39 +00:00
to:
- operation:
hosts: [{{ index .Values "argo-cd" "server" "config" "url" | quote }}]
2022-01-07 14:19:50 +00:00
when:
- key: connection.sni
2022-01-28 16:22:39 +00:00
values:
- '*'
2020-07-29 17:02:18 +00:00
{{- end }}
{{- end }}