From f8e1aadaae562cff0a2751309daba5d52f410863 Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Thu, 11 Nov 2021 16:58:58 +0100
Subject: [PATCH] fix: argocd istio rules

---
 charts/kubezero-argocd/Chart.yaml                          | 2 +-
 .../templates/istio-authorization-policy.yaml              | 7 +++----
 charts/kubezero-argocd/templates/istio-service.yaml        | 1 +
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/charts/kubezero-argocd/Chart.yaml b/charts/kubezero-argocd/Chart.yaml
index e9fb10c..691db11 100644
--- a/charts/kubezero-argocd/Chart.yaml
+++ b/charts/kubezero-argocd/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 description: KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
 name: kubezero-argocd
-version: 0.8.7
+version: 0.8.8
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
diff --git a/charts/kubezero-argocd/templates/istio-authorization-policy.yaml b/charts/kubezero-argocd/templates/istio-authorization-policy.yaml
index 7397547..0cffc69 100644
--- a/charts/kubezero-argocd/templates/istio-authorization-policy.yaml
+++ b/charts/kubezero-argocd/templates/istio-authorization-policy.yaml
@@ -4,8 +4,9 @@ apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
   name: argocd-deny-not-in-ipblocks
+  namespace: istio-system
   labels:
-{{ include "kubezero-lib.labels" . | indent 4 }}
+    {{- include "kubezero-lib.labels" . | nindent 4 }}
 spec:
   selector:
     matchLabels:
@@ -15,9 +16,7 @@ spec:
   - from:
     - source:
         notIpBlocks:
-        {{- with .Values.istio.ipBlocks }}
-        {{- . | toYaml | nindent 8 }}
-        {{- end }}
+        {{- toYaml .Values.istio.ipBlocks | nindent 8 }}
     to:
     - operation:
         hosts: ["{{ index .Values "argo-cd" "server" "config" "url" }}"]
diff --git a/charts/kubezero-argocd/templates/istio-service.yaml b/charts/kubezero-argocd/templates/istio-service.yaml
index 16ae10a..0ef393c 100644
--- a/charts/kubezero-argocd/templates/istio-service.yaml
+++ b/charts/kubezero-argocd/templates/istio-service.yaml
@@ -3,6 +3,7 @@ apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
   name: argocd-server
+  namespace: {{ $.Release.Namespace }}
   labels:
 {{ include "kubezero-lib.labels" . | indent 4 }}
 spec: