public/policy-generator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

meshtlsauthentications are now generated.

Browse Source
This commit is contained in:
Erik Brakkee 2025-01-19 22:05:14 +01:00
parent ef99ad61e8
commit f27f3610ab
3 changed files with 30 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
cmd/policygen/linkerd_generator.go
View File

@ -15,7 +15,7 @@ func (g LinkerdPolicyGenerator) Init(writer io.Writer) error {
// start by generating network authentications // start by generating network authentications
for _, network := range g.config.Networks { for _, network := range g.config.Networks {
fmt.Fprintf(os.Stderr, "NetworkAuthentication default/%s\n", network.Name) fmt.Fprintf(os.Stderr, "NetworkAuthentication default/%s\n", network.Name)
template := g.policyTemplates.PredefineApplicationPolicyTemplate("linkerd", "network-authentication") template := g.policyTemplates.PredefineApplicationPolicyTemplate("linkerd", "networkauthentication")
if template == nil { if template == nil {
return fmt.Errorf("Linkerd template for network authentication not found") return fmt.Errorf("Linkerd template for network authentication not found")
} }
@ -28,11 +28,6 @@ func (g LinkerdPolicyGenerator) Init(writer io.Writer) error {
} }
func (g LinkerdPolicyGenerator) GenerateNamespace(writer io.Writer, namespace *Namespace) error { func (g LinkerdPolicyGenerator) GenerateNamespace(writer io.Writer, namespace *Namespace) error {
// and then the meshTLSAuthentications
for _, app := range namespace.Applications {
fmt.Fprintf(os.Stderr, "MeshTLSAuthentication %s/%s %v\n",
namespace.Name, app.Name, app.ServiceAccounts)
}
return nil return nil
} }
@ -42,6 +37,18 @@ func (g LinkerdPolicyGenerator) GenerateCommunicationRule(
ingress *Ingress, ingress *Ingress,
egress *Egress) error { egress *Egress) error {
// and then the meshTLSAuthentications
fmt.Fprintf(os.Stderr, "MeshTLSAuthentication %s/%s %v\n",
app.Namespace.Name, app.Name, app.ServiceAccounts)
template := g.policyTemplates.PredefineApplicationPolicyTemplate("linkerd", "meshtlsauthentication")
if template == nil {
return fmt.Errorf("Could not find meshtlsauthentication template")
}
err := template.Execute(writer, app)
if err != nil {
return err
}
if len(ingress.Applications)+ if len(ingress.Applications)+
len(ingress.Networks)+ len(ingress.Networks)+
len(egress.Applications)+ len(egress.Applications)+

17
cmd/policygen/templates/linkerd/application/meshtlsauthentication.yaml Normal file
View File

@ -0,0 +1,17 @@
---
apiVersion: policy.linkerd.io/v1alpha1
kind: MeshTLSAuthentication
metadata:
name: {{ .Name }}
namespace: {{ .Namespace.Name }}
spec:
{{- if .ServiceAccounts }}
identityRefs:
{{- range $sa := .ServiceAccounts }}
- kind: ServiceAccount
name: {{ $sa }}
{{- end }}
{{- else }}
fail (printf "no service accounts defined for app %s" .Name )
{{- end}}

0
cmd/policygen/templates/linkerd/application/network-authentication.yaml → cmd/policygen/templates/linkerd/application/networkauthentication.yaml
View File