Revert "Revert "ITHC - Neuvector: enable workload identity (#24687)" (#…

…24701)" (#24718)

This reverts commit e955c7e.

apps/neuvector/base/kustomization.yaml

@@ -2,6 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ../../base
+  - ../../base/workload-identity
   - ../fluentbit-log/fluentbit-log.yaml
   - ../neuvector/neuvector.yaml
   - ../identity/identity.yaml
+namespace: neuvector
+patches:
+  - path: workload-identity.yaml

apps/neuvector/base/workload-identity.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ${NAMESPACE}
+  namespace: ${NAMESPACE}
+  annotations:
+    azure.workload.identity/client-id: ${WORKLOAD_IDENTITY_ID}
+  labels:
+    azure.workload.identity/use: "true"

apps/neuvector/ithc/base/kustomize.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: neuvector
+  namespace: flux-system
+spec:
+  path: ./apps/neuvector/ithc/base
+  postBuild:
+    substitute:
+      WORKLOAD_IDENTITY_ID: "d0fe9aae-68b9-4c4a-9afb-9b6422a571b0"

clusters/ithc/base/kustomization.yaml

@@ -61,4 +61,5 @@ patches:
     target:
       kind: Kustomization
       annotationSelector: hmcts.github.com/kustomize-defaults != disabled
-  - path: ../../../apps/cnp/ithc/base/kustomize.yaml
+  - path: ../../../apps/cnp/ithc/base/kustomize.yaml
+  - path: ../../../apps/neuvector/ithc/base/kustomize.yaml

clusters/sbox/base/kustomization.yaml

@@ -20,4 +20,4 @@ patches:
   target:
     annotationSelector: hmcts.github.com/kustomize-defaults != disabled
     kind: Kustomization
-- path: ../../../apps/cnp/sbox/base/kustomize.yaml
+- path: ../../../apps/cnp/sbox/base/kustomize.yaml