diff --git a/charts/account-service/Chart.yaml b/charts/account-service/Chart.yaml index 79760b3f804188f6c05fa1ace7fc91bbecb08537..e5ff513dd52828a68e6bd060d3047f46436c7b4d 100644 --- a/charts/account-service/Chart.yaml +++ b/charts/account-service/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Deployment of the nynja account service. name: account-service -version: 0.1.3 +version: 0.1.4 diff --git a/charts/account-service/templates/authentication-policy.yaml b/charts/account-service/templates/authentication-policy.yaml index 63aab210a1c45cfb046dbda053fadca70542fb8c..768fe93e0eeb8bde9301e5482b9257ebbf8f00b2 100644 --- a/charts/account-service/templates/authentication-policy.yaml +++ b/charts/account-service/templates/authentication-policy.yaml @@ -1,19 +1,22 @@ -#apiVersion: "authentication.istio.io/v1alpha1" -#kind: "Policy" -#metadata: -# name: {{ template "account-service.fullname" . }} -# labels: -# app: {{ template "account-service.name" . }} -# chart: {{ template "account-service.chart" . }} -# release: {{ .Release.Name }} -# heritage: {{ .Release.Service }} -#spec: -# targets: -# - name: {{ template "account-service.name" . }} -# origins: -# - jwt: -# issuer: https://auth.nynja.biz/ -# jwksUri: http://auth-service.auth.svc.cluster.local:8008/keys/public -# audiences: -# - dGVzdEluc3RhbmNl:NynjaApp:NynjaOrg -# principalBinding: USE_ORIGIN +apiVersion: "authentication.istio.io/v1alpha1" +kind: "Policy" +metadata: + name: {{ template "account-service.fullname" . }} + labels: + app: {{ template "account-service.name" . }} + chart: {{ template "account-service.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + targets: + - name: {{ template "account-service.name" . }} + origins: + - jwt: + issuer: https://auth.nynja.biz/ + jwksUri: http://auth-service.auth.svc.cluster.local:8008/keys/public + trigger_rules: + - excluded_paths: + - exact: /actuator/health + - exact: /actuator/info + - exact: /actuator/status + principalBinding: USE_ORIGIN diff --git a/releases/dev/account-service.yaml b/releases/dev/account-service.yaml index 4d8e23d56c7d357b8b0dba06e50e7d2ef9407b49..18dc4891cd4d3fe9b951a33d63740f7857c1dfef 100644 --- a/releases/dev/account-service.yaml +++ b/releases/dev/account-service.yaml @@ -8,7 +8,7 @@ spec: chart: repository: https://nynjagroup.jfrog.io/nynjagroup/helm/ name: account-service - version: 0.1.3 + version: 0.1.4 values: replicaCount: 1 @@ -24,11 +24,11 @@ spec: resources: limits: - cpu: 1 - memory: 1500Mi + cpu: 750m + memory: 1250Mi requests: - cpu: 500m - memory: 1000Mi + cpu: 750m + memory: 1250Mi ports: containerPort: diff --git a/releases/staging/account-service.yaml b/releases/staging/account-service.yaml index 22a6ef2f449524ba5fb49b420f2b04a3e29b757f..56579b30cce661bd0ca7f5bd32954774d6c6c6c5 100644 --- a/releases/staging/account-service.yaml +++ b/releases/staging/account-service.yaml @@ -8,7 +8,7 @@ spec: chart: repository: https://nynjagroup.jfrog.io/nynjagroup/helm/ name: account-service - version: 0.1.3 + version: 0.1.4 values: replicaCount: 2 @@ -24,11 +24,11 @@ spec: resources: limits: - cpu: 2 - memory: 1500Mi + cpu: 750m + memory: 1250Mi requests: - cpu: 500m - memory: 1000Mi + cpu: 750m + memory: 1250Mi ports: containerPort: @@ -65,4 +65,3 @@ spec: - x-grpc-web - authorization maxAge: "600s" -