apiVersion: policy.linkerd.io/v1beta1 kind: Server metadata: name: k8s-gateway-metrics spec: port: metrics podSelector: matchLabels: platform.edge.ncr.com/component: k8s-gateway proxyProtocol: HTTP/1 --- apiVersion: policy.linkerd.io/v1beta1 kind: ServerAuthorization metadata: name: k8s-gateway-metrics spec: client: meshTLS: serviceAccounts: - name: prometheus namespace: prometheus server: name: k8s-gateway-metrics --- apiVersion: policy.linkerd.io/v1beta1 kind: Server metadata: name: k8s-gateway-tcp spec: port: 53 podSelector: matchLabels: k8s-app: excoredns platform.edge.ncr.com/component: k8s-gateway proxyProtocol: opaque --- apiVersion: policy.linkerd.io/v1alpha1 kind: AuthorizationPolicy metadata: name: k8s-gateway-tcp spec: requiredAuthenticationRefs: - name: cluster-network kind: NetworkAuthentication group: policy.linkerd.io targetRef: name: k8s-gateway-tcp kind: Server group: policy.linkerd.io --- apiVersion: policy.linkerd.io/v1alpha1 kind: NetworkAuthentication metadata: name: cluster-network spec: networks: - cidr: 0.0.0.0/0