...
1{{if .Values.gateway.enabled -}}
2---
3apiVersion: policy.linkerd.io/v1beta2
4kind: Server
5metadata:
6 namespace: {{ .Release.Namespace }}
7 name: linkerd-gateway
8 labels:
9 linkerd.io/extension: multicluster
10 app: {{.Values.gateway.name}}
11 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
12 annotations:
13 {{ include "partials.annotations.created-by" . }}
14spec:
15 podSelector:
16 matchLabels:
17 app: {{.Values.gateway.name}}
18 port: linkerd-proxy
19---
20apiVersion: policy.linkerd.io/v1alpha1
21kind: AuthorizationPolicy
22metadata:
23 namespace: {{ .Release.Namespace }}
24 name: linkerd-gateway
25 labels:
26 linkerd.io/extension: multicluster
27 app: {{.Values.gateway.name}}
28 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
29 annotations:
30 {{ include "partials.annotations.created-by" . }}
31spec:
32 targetRef:
33 group: policy.linkerd.io
34 kind: Server
35 name: linkerd-gateway
36 requiredAuthenticationRefs:
37 - group: policy.linkerd.io
38 kind: MeshTLSAuthentication
39 name: any-meshed
40 namespace: {{ .Release.Namespace }}
41 - group: policy.linkerd.io
42 kind: NetworkAuthentication
43 name: source-cluster
44 namespace: {{ .Release.Namespace }}
45---
46apiVersion: policy.linkerd.io/v1alpha1
47kind: MeshTLSAuthentication
48metadata:
49 namespace: {{ .Release.Namespace }}
50 name: any-meshed
51 labels:
52 linkerd.io/extension: multicluster
53 app: {{.Values.gateway.name}}
54 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
55 annotations:
56 {{ include "partials.annotations.created-by" . }}
57spec:
58 identities:
59 - '*'
60---
61apiVersion: policy.linkerd.io/v1alpha1
62kind: NetworkAuthentication
63metadata:
64 namespace: {{ .Release.Namespace }}
65 name: source-cluster
66 labels:
67 linkerd.io/extension: multicluster
68 app: {{.Values.gateway.name}}
69 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
70 annotations:
71 {{ include "partials.annotations.created-by" . }}
72spec:
73 networks:
74 # Change this to the source cluster cidrs pointing to this gateway.
75 # Note that the source IP in some providers (e.g. GKE) will be the local
76 # node's IP and not the source cluster's
77 - cidr: "0.0.0.0/0"
78 - cidr: "::/0"
79{{end -}}
View as plain text