apiVersion: policy.linkerd.io/v1beta1
kind: Server
metadata:
  name: k8s-gateway-metrics
spec:
  port: metrics
  podSelector:
    matchLabels:
      platform.edge.ncr.com/component: k8s-gateway
  proxyProtocol: HTTP/1
---
apiVersion: policy.linkerd.io/v1beta1
kind: ServerAuthorization
metadata:
  name: k8s-gateway-metrics
spec:
  client:
    meshTLS:
      serviceAccounts:
      - name: prometheus
        namespace: prometheus
  server:
    name: k8s-gateway-metrics
---
apiVersion: policy.linkerd.io/v1beta1
kind: Server
metadata:
  name: k8s-gateway-tcp
spec:
  port: 53
  podSelector:
    matchLabels:
      k8s-app: excoredns
      platform.edge.ncr.com/component: k8s-gateway
  proxyProtocol: opaque
---
apiVersion: policy.linkerd.io/v1alpha1
kind: AuthorizationPolicy
metadata:
  name: k8s-gateway-tcp
spec:
  requiredAuthenticationRefs:
  - name: cluster-network
    kind: NetworkAuthentication
    group: policy.linkerd.io
  targetRef:
    name: k8s-gateway-tcp
    kind: Server
    group: policy.linkerd.io
---
apiVersion: policy.linkerd.io/v1alpha1
kind: NetworkAuthentication
metadata:
  name: cluster-network
spec:
  networks:
  - cidr: 0.0.0.0/0