20 lines
871 B
YAML
20 lines
871 B
YAML
---
|
|
# a Server matching all pods
|
|
# 1. must scan podmonitors and service monitoros
|
|
# must scan for all applicable podmonitor and servicemonitor resources
|
|
# Based on namespaceSelector: any (bool), matchNames ([]string)
|
|
# spec.selector determines the pods.
|
|
#
|
|
# 2. determine pods targeted
|
|
# 2. for each targeted pod, determine the port number
|
|
# 3. for each targeted pod determine the application it belongs to (so we know the labels to use)
|
|
# 4. create a rule for the given port to the given application to allow access by monitoring.
|
|
#
|
|
# Build mapping of application -> pod
|
|
# pod -> podmonitors -> port(s)
|
|
# pod -> endpoint
|
|
#
|
|
# linkerd scraping port
|
|
# linkerd-admin port on linkerd-proxy containers in any namespace, as long as they have the label linkerd.io/control-plane-ns=linkerd.
|
|
|
|
# a MeshTlsAuthentication matching all pods |