meshtlsauthentications are now generated.

2025-01-19 22:05:14 +01:00 · 2025-01-19 22:05:14 +01:00 · f27f3610ab
commit f27f3610ab
parent ef99ad61e8
3 changed files with 30 additions and 6 deletions
--- a/cmd/policygen/linkerd_generator.go
+++ b/cmd/policygen/linkerd_generator.go
@ -15,7 +15,7 @@ func (g LinkerdPolicyGenerator) Init(writer io.Writer) error {
 	// start by generating network authentications
 	for _, network := range g.config.Networks {
 		fmt.Fprintf(os.Stderr, "NetworkAuthentication default/%s\n", network.Name)
-		template := g.policyTemplates.PredefineApplicationPolicyTemplate("linkerd", "network-authentication")
+		template := g.policyTemplates.PredefineApplicationPolicyTemplate("linkerd", "networkauthentication")
 		if template == nil {
 			return fmt.Errorf("Linkerd template for network authentication not found")
 		}
@ -28,11 +28,6 @@ func (g LinkerdPolicyGenerator) Init(writer io.Writer) error {
 }

 func (g LinkerdPolicyGenerator) GenerateNamespace(writer io.Writer, namespace *Namespace) error {
-	// and then the meshTLSAuthentications
-	for _, app := range namespace.Applications {
-		fmt.Fprintf(os.Stderr, "MeshTLSAuthentication %s/%s %v\n",
-			namespace.Name, app.Name, app.ServiceAccounts)
-	}
 	return nil
 }

@ -42,6 +37,18 @@ func (g LinkerdPolicyGenerator) GenerateCommunicationRule(
 	ingress *Ingress,
 	egress *Egress) error {

+	// and then the meshTLSAuthentications
+	fmt.Fprintf(os.Stderr, "MeshTLSAuthentication %s/%s %v\n",
+		app.Namespace.Name, app.Name, app.ServiceAccounts)
+	template := g.policyTemplates.PredefineApplicationPolicyTemplate("linkerd", "meshtlsauthentication")
+	if template == nil {
+		return fmt.Errorf("Could not find meshtlsauthentication template")
+	}
+	err := template.Execute(writer, app)
+	if err != nil {
+		return err
+	}
+
 	if len(ingress.Applications)+
 		len(ingress.Networks)+
 		len(egress.Applications)+
--- a/cmd/policygen/templates/linkerd/application/meshtlsauthentication.yaml
+++ b/cmd/policygen/templates/linkerd/application/meshtlsauthentication.yaml
@ -0,0 +1,17 @@
+---
+apiVersion: policy.linkerd.io/v1alpha1
+kind: MeshTLSAuthentication
+metadata:
+  name: {{ .Name }}
+  namespace: {{ .Namespace.Name }}
+spec:
+  {{- if .ServiceAccounts }}
+  identityRefs:
+  {{- range $sa := .ServiceAccounts }}
+    - kind: ServiceAccount
+      name: {{ $sa }}
+  {{- end }}
+  {{- else }}
+    fail (printf "no service accounts defined for app %s" .Name )
+  {{- end}}
+  
--- a/cmd/policygen/templates/linkerd/application/network-authentication.yaml
+++ b/cmd/policygen/templates/linkerd/application/network-authentication.yaml