1apiVersion: policy.linkerd.io/v1beta1
2kind: Server
3metadata:
4 name: external-secrets-probe-server
5spec:
6 port: health
7 podSelector:
8 matchLabels:
9 app.kubernetes.io/instance: external-secrets
10 proxyProtocol: HTTP/1
11---
12apiVersion: policy.linkerd.io/v1beta1
13kind: ServerAuthorization
14metadata:
15 name: external-secrets-probe-server-auth
16spec:
17 client:
18 unauthenticated: true
19 server:
20 name: external-secrets-probe-server
21# external-secrets metrics server/server auth for prometheus
22---
23apiVersion: policy.linkerd.io/v1beta1 # external-secrets metrics server/server auth for prometheus
24kind: Server
25metadata:
26 name: external-secrets-metrics-server
27 namespace: external-secrets
28spec:
29 port: metrics
30 podSelector:
31 matchLabels:
32 app.kubernetes.io/instance: external-secrets
33 proxyProtocol: HTTP/1
34---
35apiVersion: policy.linkerd.io/v1beta1
36kind: ServerAuthorization
37metadata:
38 name: external-secrets-metrics-server-auth
39spec:
40 client:
41 meshTLS:
42 serviceAccounts:
43 # authorize access to the metrics port from prometheus
44 - name: prometheus
45 namespace: prometheus
46 server:
47 name: external-secrets-metrics-server
48---
49apiVersion: policy.linkerd.io/v1beta1
50kind: Server
51metadata:
52 name: external-secrets-webhook-server
53spec:
54 port: webhook
55 podSelector:
56 matchLabels:
57 app.kubernetes.io/name: external-secrets-webhook
58 proxyProtocol: opaque
59---
60apiVersion: policy.linkerd.io/v1beta1
61kind: ServerAuthorization
62metadata:
63 name: external-secrets-webhook-server-auth
64 namespace: external-secrets
65spec:
66 client:
67 unauthenticated: true
68 server:
69 name: external-secrets-webhook-server
View as plain text