KubeZero/charts/kubezero-argo-cd/templates/istio-authorization-policy.yaml
2020-07-24 12:24:21 +01:00

26 lines
614 B
YAML

{{- if index .Values "argo-cd" "istio" "enabled" }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: argocd-allow-only
namespace: istio-system
spec:
selector:
matchLabels:
app: istio-ingressgateway
rules:
{{- if index .Values "argo-cd" "istio" "ipBlocks" }}
- from:
- source:
ipBlocks:
{{- with index .Values "argo-cd" "istio" "ipBlocks" }}
{{- . | toYaml | nindent 8 }}
{{- end }}
to:
- operation:
hosts: ["{{ index .Values "argo-cd" "server" "config" "url" }}"]
{{- else }}
- {}
{{- end }}
{{- end }}