Created
August 31, 2021 08:12
-
-
Save Pothulapati/69edb59fb1c54c3d993e1ad5145571d4 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: policy.linkerd.io/v1alpha1 | |
| kind: Server | |
| metadata: | |
| namespace: emojivoto | |
| name: emoji-grpc | |
| labels: | |
| app.kubernetes.io/part-of: emojivoto | |
| app.kubernetes.io/name: emoji | |
| app.kubernetes.io/version: v11 | |
| spec: | |
| podSelector: | |
| matchLabels: | |
| app: emoji-svc | |
| port: grpc | |
| proxyProtocol: gRPC | |
| --- | |
| apiVersion: policy.linkerd.io/v1alpha1 | |
| kind: ServerAuthorization | |
| metadata: | |
| namespace: emojivoto | |
| name: emoji-grpc | |
| labels: | |
| app.kubernetes.io/part-of: emojivoto | |
| app.kubernetes.io/name: emoji | |
| app.kubernetes.io/version: v11 | |
| spec: | |
| # Allow all authenticated clients to access the (read-only) emoji service. | |
| server: | |
| name: emoji-grpc | |
| client: | |
| meshTLS: | |
| identities: | |
| - "*.emojivoto.serviceaccount.identity.linkerd.cluster.local" | |
| --- | |
| apiVersion: policy.linkerd.io/v1alpha1 | |
| kind: Server | |
| metadata: | |
| namespace: emojivoto | |
| name: prom | |
| labels: | |
| app.kubernetes.io/part-of: emojivoto | |
| app.kubernetes.io/version: v11 | |
| spec: | |
| port: prom | |
| podSelector: | |
| matchLabels: | |
| app.kubernetes.io/part-of: emojivoto | |
| proxyProtocol: HTTP/1 | |
| --- | |
| apiVersion: policy.linkerd.io/v1alpha1 | |
| kind: ServerAuthorization | |
| metadata: | |
| namespace: emojivoto | |
| name: prom-prometheus | |
| labels: | |
| app.kubernetes.io/part-of: emojivoto | |
| app.kubernetes.io/version: v11 | |
| spec: | |
| server: | |
| name: prom | |
| client: | |
| meshTLS: | |
| serviceAccounts: | |
| - namespace: linkerd-viz | |
| name: prometheus | |
| --- | |
| apiVersion: policy.linkerd.io/v1alpha1 | |
| kind: Server | |
| metadata: | |
| namespace: emojivoto | |
| name: voting-grpc | |
| labels: | |
| app: voting-svc | |
| spec: | |
| podSelector: | |
| matchLabels: | |
| app: voting-svc | |
| port: grpc | |
| proxyProtocol: gRPC | |
| --- | |
| apiVersion: policy.linkerd.io/v1alpha1 | |
| kind: ServerAuthorization | |
| metadata: | |
| namespace: emojivoto | |
| name: voting-grpc | |
| labels: | |
| app.kubernetes.io/part-of: emojivoto | |
| app.kubernetes.io/name: voting | |
| app.kubernetes.io/version: v11 | |
| spec: | |
| server: | |
| name: voting-grpc | |
| # The voting service only allows requests from the web service. | |
| client: | |
| meshTLS: | |
| serviceAccounts: | |
| - name: web | |
| --- | |
| apiVersion: policy.linkerd.io/v1alpha1 | |
| kind: Server | |
| metadata: | |
| namespace: emojivoto | |
| name: web-http | |
| labels: | |
| app.kubernetes.io/part-of: emojivoto | |
| app.kubernetes.io/name: web | |
| app.kubernetes.io/version: v11 | |
| spec: | |
| podSelector: | |
| matchLabels: | |
| app: web-svc | |
| port: http | |
| proxyProtocol: HTTP/1 | |
| --- | |
| apiVersion: policy.linkerd.io/v1alpha1 | |
| kind: ServerAuthorization | |
| metadata: | |
| namespace: emojivoto | |
| name: web-public | |
| labels: | |
| app.kubernetes.io/part-of: emojivoto | |
| app.kubernetes.io/name: web | |
| app.kubernetes.io/version: v11 | |
| spec: | |
| server: | |
| name: web-http | |
| # Allow all clients to access the web HTTP port without regard for | |
| # authentication. If unauthenticated connections are permitted, there is no | |
| # need to describe authenticated clients. | |
| client: | |
| unauthenticated: true | |
| networks: | |
| - cidr: 0.0.0.0/0 | |
| - cidr: ::/0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment