KubeZero/charts/kubezero-metrics/templates/istio-authorization-policy.yaml

50 lines
1.1 KiB
YAML

{{- if .Values.grafana.istio.enabled }}
{{- if .Values.grafana.istio.ipBlocks }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: grafana-deny-not-in-ipblocks
namespace: istio-system
spec:
selector:
matchLabels:
app: istio-ingressgateway
action: DENY
rules:
- from:
- source:
notIpBlocks:
{{- with .Values.grafana.istio.ipBlocks }}
{{- . | toYaml | nindent 8 }}
{{- end }}
to:
- operation:
hosts: ["{{ .Values.grafana.istio.url }}"]
{{- end }}
{{- end }}
---
{{- if .Values.prometheus.istio.enabled }}
{{- if .Values.prometheus.istio.ipBlocks }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: prometheus-deny-not-in-ipblocks
namespace: istio-system
spec:
selector:
matchLabels:
app: istio-ingressgateway
action: DENY
rules:
- from:
- source:
notIpBlocks:
{{- with .Values.prometheus.istio.ipBlocks }}
{{- . | toYaml | nindent 8 }}
{{- end }}
to:
- operation:
hosts: ["{{ .Values.prometheus.istio.url }}"]
{{- end }}
{{- end }}