A prototype of policy for Linkerd.
See DESIGN.md for details.
- A Kubernetes 1.16+ cluster, available via kubectl;
- Linkerd 2.10+--so that workloads are labeled appropriately;
:; kubectl apply -f ./k8s/crdsWe create a new polixy namespace with a controller ServiceAccount, with
limited cluster access, and extract a kubeconfig to the local filesystem to use with the controller:
:; kubectl apply -f ./k8s/controller/sa.yml
:; KUBECONFIG=$(./k8s/controller/kubeconfig.sh) cargo run -p polixy-controller:; kubectl apply -f ./k8s/emojivoto/ns.yml && kubectl apply -f ./k8s/emojivoto:; pod=$(kubectl get -n emojivoto po -l app.kubernetes.io/name=web -o 'jsonpath={.items[*].metadata.name}')
:; cargo run -p polixy-client -- get -n emojivoto $pod 8080:; pod=$(kubectl get -n emojivoto po -l app.kubernetes.io/name=voting -o 'jsonpath={.items[*].metadata.name}')
:; cargo run -p polixy-client -- get -n emojivoto $pod 8080:; pod=$(kubectl get -n emojivoto po -l app.kubernetes.io/name=voting -o 'jsonpath={.items[*].metadata.name}')
:; cargo run -p polixy-client -- watch -n emojivoto $pod 8801
`