Text file src/github.com/linkerd/linkerd2/multicluster/charts/linkerd-multicluster/templates/gateway-policy.yaml

Documentation: github.com/linkerd/linkerd2/multicluster/charts/linkerd-multicluster/templates

     1{{if .Values.gateway.enabled -}}
     2---
     3apiVersion: policy.linkerd.io/v1beta2
     4kind: Server
     5metadata:
     6  namespace: {{ .Release.Namespace }}
     7  name: linkerd-gateway
     8  labels:
     9    linkerd.io/extension: multicluster
    10    app: {{.Values.gateway.name}}
    11    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
    12  annotations:
    13    {{ include "partials.annotations.created-by" . }}
    14spec:
    15  podSelector:
    16    matchLabels:
    17      app: {{.Values.gateway.name}}
    18  port: linkerd-proxy
    19---
    20apiVersion: policy.linkerd.io/v1alpha1
    21kind: AuthorizationPolicy
    22metadata:
    23  namespace: {{ .Release.Namespace }}
    24  name: linkerd-gateway
    25  labels:
    26    linkerd.io/extension: multicluster
    27    app: {{.Values.gateway.name}}
    28    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
    29  annotations:
    30    {{ include "partials.annotations.created-by" . }}
    31spec:
    32  targetRef:
    33    group: policy.linkerd.io
    34    kind: Server
    35    name: linkerd-gateway
    36  requiredAuthenticationRefs:
    37    - group: policy.linkerd.io
    38      kind: MeshTLSAuthentication
    39      name: any-meshed
    40      namespace: {{ .Release.Namespace }}
    41    - group: policy.linkerd.io
    42      kind: NetworkAuthentication
    43      name: source-cluster
    44      namespace: {{ .Release.Namespace }}
    45---
    46apiVersion: policy.linkerd.io/v1alpha1
    47kind: MeshTLSAuthentication
    48metadata:
    49  namespace: {{ .Release.Namespace }}
    50  name: any-meshed
    51  labels:
    52    linkerd.io/extension: multicluster
    53    app: {{.Values.gateway.name}}
    54    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
    55  annotations:
    56    {{ include "partials.annotations.created-by" . }}
    57spec:
    58  identities:
    59  - '*'
    60---
    61apiVersion: policy.linkerd.io/v1alpha1
    62kind: NetworkAuthentication
    63metadata:
    64  namespace: {{ .Release.Namespace }}
    65  name: source-cluster
    66  labels:
    67    linkerd.io/extension: multicluster
    68    app: {{.Values.gateway.name}}
    69    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
    70  annotations:
    71    {{ include "partials.annotations.created-by" . }}
    72spec:
    73  networks:
    74    # Change this to the source cluster cidrs pointing to this gateway.
    75    # Note that the source IP in some providers (e.g. GKE) will be the local
    76    # node's IP and not the source cluster's
    77  - cidr: "0.0.0.0/0"
    78  - cidr: "::/0"
    79{{end -}}

View as plain text