...

Text file src/github.com/linkerd/linkerd2/test/integration/viz/policy/testdata/emoji-policy.yaml

Documentation: github.com/linkerd/linkerd2/test/integration/viz/policy/testdata 

     1---
     2apiVersion: policy.linkerd.io/v1beta2
     3kind: Server
     4metadata:
     5  name: emoji-grpc
     6  labels:
     7    app.kubernetes.io/part-of: emojivoto
     8    app.kubernetes.io/name: emoji
     9    app.kubernetes.io/version: v11
    10spec:
    11  podSelector:
    12    matchLabels:
    13      app: emoji-svc
    14  port: grpc
    15  proxyProtocol: gRPC
    16---
    17apiVersion: policy.linkerd.io/v1beta1
    18kind: ServerAuthorization
    19metadata:
    20  name: emoji-grpc
    21  labels:
    22    app.kubernetes.io/part-of: emojivoto
    23    app.kubernetes.io/name: emoji
    24    app.kubernetes.io/version: v11
    25spec:
    26  # Allow all authenticated clients to access the (read-only) emoji service.
    27  server:
    28    name: emoji-grpc
    29  client:
    30    meshTLS:
    31      identities:
    32        - "*.linkerd-stat-authz-test.serviceaccount.identity.linkerd.cluster.local"
    33---
    34apiVersion: policy.linkerd.io/v1beta2
    35kind: Server
    36metadata:
    37  name: voting-grpc
    38  labels:
    39    app: voting-svc
    40spec:
    41  podSelector:
    42    matchLabels:
    43      app: voting-svc
    44  port: grpc
    45  proxyProtocol: gRPC
    46---
    47apiVersion: policy.linkerd.io/v1beta1
    48kind: ServerAuthorization
    49metadata:
    50  name: voting-grpc
    51  labels:
    52    app.kubernetes.io/part-of: emojivoto
    53    app.kubernetes.io/name: voting
    54    app.kubernetes.io/version: v11
    55spec:
    56  server:
    57    name: voting-grpc
    58  # The voting service only allows requests from the web service.
    59  client:
    60    meshTLS:
    61      serviceAccounts:
    62        - name: web
    63---
    64apiVersion: policy.linkerd.io/v1beta2
    65kind: Server
    66metadata:
    67  name: web-http
    68  labels:
    69    app.kubernetes.io/part-of: emojivoto
    70    app.kubernetes.io/name: web
    71    app.kubernetes.io/version: v11
    72spec:
    73  podSelector:
    74    matchLabels:
    75      app: web-svc
    76  port: http
    77  proxyProtocol: HTTP/1
    78---
    79apiVersion: policy.linkerd.io/v1beta1
    80kind: ServerAuthorization
    81metadata:
    82  name: web-public
    83  labels:
    84    app.kubernetes.io/part-of: emojivoto
    85    app.kubernetes.io/name: web
    86    app.kubernetes.io/version: v11
    87spec:
    88  server:
    89    name: web-http
    90  # Allow all clients to access the web HTTP port without regard for
    91  # authentication. If unauthenticated connections are permitted, there is no
    92  # need to describe authenticated clients.
    93  client:
    94    unauthenticated: true
    95    networks:
    96      - cidr: 0.0.0.0/0
    97      - cidr: ::/0

View as plain text