apiVersion: policy.linkerd.io/v1beta1 kind: Server metadata: name: metrics spec: port: metrics podSelector: # being specific in what pods you are selecting when possible avoids # potential headaches caused by overlapping Server objects matchLabels: platform.edge.ncr.com/component: interlock # Configures protocol discovery for inbound connections. # Must be one of `unknown`, `HTTP/1`,`HTTP/2`,`gRPC`,`opaque`,`TLS`. Defaults to `unknown` if not set. proxyProtocol: HTTP/1 --- apiVersion: policy.linkerd.io/v1beta1 kind: ServerAuthorization metadata: name: metrics spec: client: meshTLS: serviceAccounts: - name: prometheus namespace: prometheus server: # SERVER_NAME will be substituted by kustomize name: SERVER_NAME --- apiVersion: policy.linkerd.io/v1beta1 kind: Server metadata: name: interlock spec: port: interlock-api podSelector: # being specific in what pods you are selecting when possible avoids # potential headaches caused by overlapping Server objects matchLabels: platform.edge.ncr.com/component: interlock # Configures protocol discovery for inbound connections. # Must be one of `unknown`, `HTTP/1`,`HTTP/2`,`gRPC`,`opaque`,`TLS`. Defaults to `unknown` if not set. proxyProtocol: HTTP/1 --- apiVersion: policy.linkerd.io/v1beta1 kind: ServerAuthorization metadata: name: interlock spec: client: unauthenticated: true server: # SERVER_NAME will be substituted by kustomize name: SERVER_NAME