From a78d857a87a084b332a12b493480fa74115a4fc0 Mon Sep 17 00:00:00 2001 From: Erik Brakkee Date: Thu, 10 Apr 2025 20:28:16 +0200 Subject: [PATCH] some improved formatting. --- README.md | 39 ++++++++++----------------------------- 1 file changed, 10 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index bdcd7c3..b741602 100644 --- a/README.md +++ b/README.md @@ -7,13 +7,15 @@ Basic idea: Allowed communication betwen applications is configured as follows: +``` communication: - from: app1 to: app2 ports: - 80 - linkerd-admin - +``` + Ports are optional. When omitted all ports are intended There are pre-defined applications such as api-server. @@ -28,11 +30,8 @@ There are also standard capablities for an application such as: * linkerd: addes egress to linkerd-jaeger, egress to linkerd, ingress from linkerd-viz -capablities can also be defined at the namespace level, which means they -apply to each pod in the namespace. - - +``` networks: - name: internet cidr: 0.0.0.0/0 @@ -40,8 +39,11 @@ networks: - 10.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 +``` - +capablities can also be defined at the namespace level, which means they +apply to each pod in the namespace +``` namespaces: - namespace: wamblee-org capabilities: @@ -75,32 +77,11 @@ communications: - httpd-wamblee-org to: - nexus-server - porst: + ports: - 8081 - 8082 - -Handling of capabilities: -1. capabilities at namespace level is defined a template that gets the namespace name. - - Ingress template - - from: - - linkerd-viz - to: - - {{ application }} - - egress template - - from: - - {{ application }} - to: - - linkerd-jaeger - - linkerd - - The templates are evaluated for an application and then parsed, and added - to the allowed communications. - + Linkerd extension: * for each application an optional service account is defined, when not