Last active
February 19, 2020 19:43
-
-
Save grampelberg/731bc878b285baffdb273d6a85dee4a6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
kind: TrafficTarget | |
apiVersion: access.smi-spec.io/v1alpha1 | |
metadata: | |
name: path-specific | |
namespace: default | |
destination: | |
# Note: no service account name | |
name: service-a | |
# Note: no namespace, these policies should live in the namespace they are matching. | |
port: 8080 | |
specs: | |
- kind: HTTPRouteGroup | |
name: the-routes | |
matches: | |
- metrics | |
sources: | |
- kind: ServiceAccount | |
name: prometheus | |
namespace: default | |
# Sources are all object references today, so we don't actually need to change the spec to do this. | |
- kind: AzurePrinciple | |
name: my-vm-group | |
namespace: default | |
# I think this will actually be much easier for implementations, with the downside that it is a little harder for users to understand. | |
- kind: ServiceIdentity | |
name: example | |
namespace: default | |
--- | |
kind: ServiceIdentity | |
apiVersion: identity.smi-spec.io/v1alpha1 | |
metadata: | |
name: example | |
namespace: default | |
# This definitely needs more work. There must be a better way to refer to what piece of the certificate someone's using. | |
field: SAN.URI | |
value: spiffe://cluster.local/ns/default/sa/foobar | |
--- | |
kind: ServiceIdentity | |
apiVersion: identity.smi-spec.io/v1alpha1 | |
metadata: | |
name: cn-example | |
namespace: default | |
field: CN | |
value: default.default.serviceaccount.identity.linkerd.cluster.local |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment