authorization policy added

charts/base/base-ms-chart/Chart.yaml

@@ -21,4 +21,4 @@ version: 0.1.2
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.2"
+appVersion: "0.1.3"

charts/base/base-ms-chart/templates/authorizationpolicy.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.authorizationPolicy.enabled }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  name: {{ include "ms.fullname" . }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "ms.name" . }}
+  action: ALLOW
+  rules:
+{{- range .Values.authorizationPolicy.allowedSources }}
+  - from:
+    - source:
+        # namespaces: ["{{ .namespace }}"]
+        principals: ["cluster.local/ns/{{ .namespace }}/sa/{{ .serviceAccount }}"]
+{{- end }}
+{{- end }}

charts/base/base-ms-chart/values.yaml

@@ -52,6 +52,16 @@ destinationRule:
   #     interval: "1s"
   #     baseEjectionTime: "1m"
 
+
+authorizationPolicy:
+  enabled: false
+
+  # allowedSources:
+  #   - namespace: transfer
+  #     serviceAccount: transfer-service-account
+  #   - namespace: customer
+  #     serviceAccount: payments-service-account
+
 replicaCount: 1
 
 image: