{{- if .Values.grafana.istio.enabled }}
{{- if .Values.grafana.istio.ipBlocks }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: grafana-deny-not-in-ipblocks
  namespace: istio-system
spec:
  selector:
    matchLabels:
      app: istio-ingressgateway
  action: DENY
  rules:
  - from:
    - source:
        notIpBlocks:
        {{- with .Values.grafana.istio.ipBlocks }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}
    to:
    - operation:
        hosts: ["{{ .Values.grafana.istio.url }}"]
{{- end }}
{{- end }}
---
{{- if .Values.prometheus.istio.enabled }}
{{- if .Values.prometheus.istio.ipBlocks }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: prometheus-deny-not-in-ipblocks
  namespace: istio-system
spec:
  selector:
    matchLabels:
      app: istio-ingressgateway
  action: DENY
  rules:
  - from:
    - source:
        notIpBlocks:
        {{- with .Values.prometheus.istio.ipBlocks }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}
    to:
    - operation:
        hosts: ["{{ .Values.prometheus.istio.url }}"]
{{- end }}
{{- end }}