---
# a Server matching all pods
# 1. must scan podmonitors and service monitoros
#    must scan for all applicable podmonitor and servicemonitor resources
#    Based on namespaceSelector: any (bool), matchNames ([]string)
#    spec.selector determines the pods.
#
# 2. determine pods targeted
# 2. for each targeted pod, determine the port number
# 3. for each targeted pod determine the application it belongs to (so we know the labels to use)
# 4. create a rule for the given port to the given application to allow access by monitoring.
#
# Build mapping of application -> pod
#                  pod -> podmonitors -> port(s)
#                  pod -> endpoint
#
# linkerd scraping port
#   linkerd-admin port on linkerd-proxy containers in any namespace, as long as they have the label linkerd.io/control-plane-ns=linkerd.

# a MeshTlsAuthentication matching all pods