policy-generator/cmd/policygen/templates/linkerd/application/meshtlsauthentication.yaml

---
apiVersion: policy.linkerd.io/v1alpha1
kind: MeshTLSAuthentication
metadata:
  name: {{ .app.Name }}-p{{.port}}
  namespace: {{ .app.Namespace.Name }}
spec:
  identityRefs:
  {{- range $sa := .serviceAccounts }}
    - kind: ServiceAccount
      name: {{ $sa.Name }}
      namespace: {{ $sa.Namespace }}
  {{- end }}