chore: add authorizationpolicy and kyverno-ext-auth server manifest

Signed-off-by: Sanskarzz <[email protected]>

demo/istio/manifests/authorizationpolicy.yaml

@@ -0,0 +1,34 @@
+# Edit mesh config with command below 
+# kubectl edit configmap -n istio-system
+# add the extension provider definitions shown below:
+
+#  data:
+#    mesh: |-   
+#      extensionProviders:
+#      - name: "kyverno-ext-authz-http"
+#        envoyExtAuthzHttp:
+#          service: "ext-authz.demo.svc.cluster.local"
+#          port: "8000"
+
+
+# AuthorizationPolicy to tell Istio to use kyverno plugin as the Authz Server
+# This should be created in same namespace as kyverno-ext-auth-http which is demo
+
+apiVersion: security.istio.io/v1
+kind: AuthorizationPolicy
+metadata:
+  name: ext-authz
+spec:
+  selector:
+    matchLabels:
+      app: httpbin
+  action: CUSTOM
+  provider:
+    name: kyverno-ext-authz-http
+  rules:
+  - to:
+    - operation:
+        paths: ["/people"]
+
+
+

demo/istio/manifests/echo-service.yaml

@@ -22,7 +22,7 @@ spec:
     spec:
       containers:
       - name: echo
-        image: mendhak/http-https-echo
+        image: sanskardevops/testserver:latest
         ports:
         - containerPort: 8080
 ---

demo/istio/manifests/kyverno-ext-auth.yaml

@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kyverno-ext-authz
+  labels:
+    app: kyverno-ext-authz
+spec:
+  ports:
+  - name: http
+    port: 8000
+    targetPort: 8000
+  selector:
+    app: kyverno-ext-authz
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kyverno-ext-authz
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kyverno-ext-authz
+  template:
+    metadata:
+      labels:
+        app: kyverno-ext-authz
+    spec:
+      containers:
+      - image: sanskardevops/kyverno-envoy-plugin:latest
+        imagePullPolicy: IfNotPresent
+        name: kyverno-ext-authz
+        ports:
+        - containerPort: 8000