apiVersion: policy.linkerd.io/v1beta1
kind: Server
metadata:
  name: metrics
spec:
  port: metrics
  podSelector:
    # being specific in what pods you are selecting when possible avoids
    # potential headaches caused by overlapping Server objects
    matchLabels:
      platform.edge.ncr.com/component: interlock
  # Configures protocol discovery for inbound connections.
  # Must be one of `unknown`, `HTTP/1`,`HTTP/2`,`gRPC`,`opaque`,`TLS`. Defaults to `unknown` if not set.
  proxyProtocol: HTTP/1
---
apiVersion: policy.linkerd.io/v1beta1
kind: ServerAuthorization
metadata:
  name: metrics
spec:
  client:
    meshTLS:
      serviceAccounts:
      - name: prometheus
        namespace: prometheus
  server:
    # SERVER_NAME will be substituted by kustomize
    name: SERVER_NAME
---
apiVersion: policy.linkerd.io/v1beta1
kind: Server
metadata:
  name: interlock
spec:
  port: interlock-api
  podSelector:
    # being specific in what pods you are selecting when possible avoids
    # potential headaches caused by overlapping Server objects
    matchLabels:
      platform.edge.ncr.com/component: interlock
  # Configures protocol discovery for inbound connections.
  # Must be one of `unknown`, `HTTP/1`,`HTTP/2`,`gRPC`,`opaque`,`TLS`. Defaults to `unknown` if not set.
  proxyProtocol: HTTP/1
---
apiVersion: policy.linkerd.io/v1beta1
kind: ServerAuthorization
metadata:
  name: interlock
spec:
  client:
    unauthenticated: true
  server:
    # SERVER_NAME will be substituted by kustomize
    name: SERVER_NAME