1apiVersion: policy.linkerd.io/v1beta1
2kind: Server
3metadata:
4 name: flux-healthz
5 namespace: flux-system
6 labels:
7 app.kubernetes.io/instance: flux-system
8 app.kubernetes.io/part-of: flux
9 workload.edge.ncr.com: 'platform'
10spec:
11 port: healthz
12 podSelector:
13 matchLabels: {} # every pod
14 proxyProtocol: HTTP/1
15---
16apiVersion: policy.linkerd.io/v1beta1
17kind: ServerAuthorization
18metadata:
19 name: flux-healthz
20 namespace: flux-system
21 labels:
22 app.kubernetes.io/instance: flux-system
23 app.kubernetes.io/part-of: flux
24 workload.edge.ncr.com: 'platform'
25spec:
26 client:
27 unauthenticated: true
28 server:
29 name: flux-healthz
30---
31apiVersion: policy.linkerd.io/v1beta1
32kind: Server
33metadata:
34 name: flux-http-prom
35 namespace: flux-system
36 labels:
37 app.kubernetes.io/instance: flux-system
38 app.kubernetes.io/part-of: flux
39 workload.edge.ncr.com: 'platform'
40spec:
41 port: http-prom
42 podSelector:
43 matchLabels: {} # every pod
44 proxyProtocol: HTTP/1
45---
46apiVersion: policy.linkerd.io/v1beta1
47kind: ServerAuthorization
48metadata:
49 name: flux-http-prom
50 namespace: flux-system
51 labels:
52 app.kubernetes.io/instance: flux-system
53 app.kubernetes.io/part-of: flux
54 workload.edge.ncr.com: 'platform'
55spec:
56 client:
57 meshTLS:
58 serviceAccounts:
59 - name: prometheus
60 namespace: prometheus
61 server:
62 name: flux-http-prom
63---
64apiVersion: policy.linkerd.io/v1beta1
65kind: Server
66metadata:
67 name: flux-source-controller-file-server
68 namespace: flux-system
69 labels:
70 app.kubernetes.io/instance: flux-system
71 app.kubernetes.io/part-of: flux
72 workload.edge.ncr.com: 'platform'
73spec:
74 port: http
75 podSelector:
76 matchLabels:
77 app: source-controller
78 proxyProtocol: HTTP/1
79---
80apiVersion: policy.linkerd.io/v1beta1
81kind: ServerAuthorization
82metadata:
83 name: flux-source-controller-file-server
84 namespace: flux-system
85 labels:
86 app.kubernetes.io/instance: flux-system
87 app.kubernetes.io/part-of: flux
88 workload.edge.ncr.com: 'platform'
89spec:
90 client:
91 # source controller uses http endpoint for readiness probe
92 # this should be removed after the following issue is closed:
93 # https://github.com/linkerd/linkerd2/issues/7050#issuecomment-1054808996
94 unauthenticated: true
95 server:
96 name: flux-source-controller-file-server
97---
98apiVersion: policy.linkerd.io/v1beta1
99kind: Server
100metadata:
101 name: flux-notification-controller-event-server
102 namespace: flux-system
103 labels:
104 app.kubernetes.io/instance: flux-system
105 app.kubernetes.io/part-of: flux
106 workload.edge.ncr.com: 'platform'
107spec:
108 port: http
109 podSelector:
110 matchLabels:
111 app: notification-controller
112 proxyProtocol: HTTP/1
113---
114apiVersion: policy.linkerd.io/v1beta1
115kind: ServerAuthorization
116metadata:
117 name: flux-notification-controller-event-server
118 namespace: flux-system
119 labels:
120 app.kubernetes.io/instance: flux-system
121 app.kubernetes.io/part-of: flux
122 workload.edge.ncr.com: 'platform'
123spec:
124 # this doesnt allow for webhook receivers:
125 # https://github.com/fluxcd/notification-controller/blob/main/docs/spec/README.md#webhook-receivers-1
126 client:
127 meshTLS:
128 identities:
129 # all service accounts in the flux-system namespace
130 - "*.flux-system.serviceaccount.identity.linkerd.cluster.local"
131 server:
132 name: flux-notification-controller-event-server
View as plain text