diff --git a/annotation/annotations.gen.go b/annotation/annotations.gen.go
index f2ada69d255..bff95f1ab41 100644
--- a/annotation/annotations.gen.go
+++ b/annotation/annotations.gen.go
@@ -29,6 +29,7 @@ const (
Unknown ResourceTypes = iota
Any
AuthorizationPolicy
+ Gateway
Ingress
Namespace
Pod
@@ -43,14 +44,16 @@ func (r ResourceTypes) String() string {
case 2:
return "AuthorizationPolicy"
case 3:
- return "Ingress"
+ return "Gateway"
case 4:
- return "Namespace"
+ return "Ingress"
case 5:
- return "Pod"
+ return "Namespace"
case 6:
- return "Service"
+ return "Pod"
case 7:
+ return "Service"
+ case 8:
return "WorkloadEntry"
}
return "Unknown"
@@ -231,6 +234,22 @@ var (
},
}
+ IoIstioForServiceAccount = Instance {
+ Name: "istio.io/for-service-account",
+ Description: "The name of an existing service account added to "+
+ "Kubernetes Gateway resources and propagated to to the "+
+ "corresponding waypoint proxy pod. Any traffic going to "+
+ "services using this service account will be mediated, "+
+ "enforced and observed by the waypoint proxy.",
+ FeatureStatus: Alpha,
+ Hidden: false,
+ Deprecated: false,
+ Resources: []ResourceTypes{
+ Pod,
+ Gateway,
+ },
+ }
+
IoIstioWorkloadController = Instance {
Name: "istio.io/workloadController",
Description: "On a WorkloadEntry should store the current/last pilot "+
@@ -795,6 +814,7 @@ func AllResourceAnnotations() []*Instance {
&IoIstioConnectedAt,
&IoIstioDisconnectedAt,
&IoIstioDryRun,
+ &IoIstioForServiceAccount,
&IoIstioWorkloadController,
&IoKubernetesIngressClass,
&NetworkingExportTo,
@@ -846,6 +866,7 @@ func AllResourceTypes() []string {
return []string {
"Any",
"AuthorizationPolicy",
+ "Gateway",
"Ingress",
"Namespace",
"Pod",
diff --git a/annotation/annotations.pb.html b/annotation/annotations.pb.html
index 90bbade86fe..a1b6ca0e134 100644
--- a/annotation/annotations.pb.html
+++ b/annotation/annotations.pb.html
@@ -111,6 +111,19 @@
+
+
+
+ istio.io/for-service-account |
+
+ Alpha |
+
+ [Pod Gateway] |
+ The name of an existing service account added to Kubernetes Gateway resources and propagated to to the corresponding waypoint proxy pod. Any traffic going to services using this service account will be mediated, enforced and observed by the waypoint proxy. |
+
+
+
+
diff --git a/annotation/annotations.yaml b/annotation/annotations.yaml
index 87027877ad9..39023c03b46 100644
--- a/annotation/annotations.yaml
+++ b/annotation/annotations.yaml
@@ -504,3 +504,14 @@ annotations:
hidden: false
resources:
- Namespace
+
+ - name: istio.io/for-service-account
+ featureStatus: Alpha
+ description: The name of an existing service account added to Kubernetes Gateway resources and propagated to
+ to the corresponding waypoint proxy pod. Any traffic going to services using this service account will be
+ mediated, enforced and observed by the waypoint proxy.
+ deprecated: false
+ hidden: false
+ resources:
+ - Pod
+ - Gateway
\ No newline at end of file
diff --git a/label/labels.gen.go b/label/labels.gen.go
index eec89523037..840aebca8c9 100644
--- a/label/labels.gen.go
+++ b/label/labels.gen.go
@@ -28,6 +28,7 @@ type ResourceTypes int
const (
Unknown ResourceTypes = iota
Any
+ Deployment
Namespace
Node
Pod
@@ -39,12 +40,14 @@ func (r ResourceTypes) String() string {
case 1:
return "Any"
case 2:
- return "Namespace"
+ return "Deployment"
case 3:
- return "Node"
+ return "Namespace"
case 4:
- return "Pod"
+ return "Node"
case 5:
+ return "Pod"
+ case 6:
return "Service"
}
return "Unknown"
@@ -73,6 +76,56 @@ type Instance struct {
var (
+ AmbientRedirection = Instance {
+ Name: "ambient.istio.io/redirection",
+ Description: "Specifies whether a pod has ambient redirection (to "+
+ "ztunnel) configured.",
+ FeatureStatus: Alpha,
+ Hidden: false,
+ Deprecated: false,
+ Resources: []ResourceTypes{
+ Pod,
+ },
+ }
+
+ GatewayManaged = Instance {
+ Name: "gateway.istio.io/managed",
+ Description: "Specifies whether a resource is managed by Istio via "+
+ "Kubernetes Gateway API",
+ FeatureStatus: Alpha,
+ Hidden: false,
+ Deprecated: false,
+ Resources: []ResourceTypes{
+ Deployment,
+ Service,
+ },
+ }
+
+ IoIstioDataplaneMode = Instance {
+ Name: "istio.io/dataplane-mode",
+ Description: "Specifies whether or not a workload is managed by Istio "+
+ "ambient mesh.",
+ FeatureStatus: Alpha,
+ Hidden: false,
+ Deprecated: false,
+ Resources: []ResourceTypes{
+ Namespace,
+ },
+ }
+
+ IoIstioGatewayName = Instance {
+ Name: "istio.io/gateway-name",
+ Description: "Applied to pods which are managed by Istio via Kubernetes "+
+ "Gateway API. Contains the name of the corresponding "+
+ "Gateway object.",
+ FeatureStatus: Alpha,
+ Hidden: false,
+ Deprecated: false,
+ Resources: []ResourceTypes{
+ Pod,
+ },
+ }
+
IoIstioRev = Instance {
Name: "istio.io/rev",
Description: "Istio control plane revision associated with the "+
@@ -269,6 +322,10 @@ resources to help automate Istio's multi-network configuration.
func AllResourceLabels() []*Instance {
return []*Instance {
+ &AmbientRedirection,
+ &GatewayManaged,
+ &IoIstioDataplaneMode,
+ &IoIstioGatewayName,
&IoIstioRev,
&NetworkingGatewayPort,
&OperatorComponent,
@@ -287,6 +344,7 @@ func AllResourceLabels() []*Instance {
func AllResourceTypes() []string {
return []string {
"Any",
+ "Deployment",
"Namespace",
"Node",
"Pod",
diff --git a/label/labels.pb.html b/label/labels.pb.html
index 325f39bbdec..89faeeb0cc9 100644
--- a/label/labels.pb.html
+++ b/label/labels.pb.html
@@ -22,6 +22,58 @@
+
+
+ ambient.istio.io/redirection |
+
+ Alpha |
+
+ [Pod] |
+ Specifies whether a pod has ambient redirection (to ztunnel) configured. |
+
+
+
+
+
+
+
+ gateway.istio.io/managed |
+
+ Alpha |
+
+ [Deployment Service] |
+ Specifies whether a resource is managed by Istio via Kubernetes Gateway API |
+
+
+
+
+
+
+
+ istio.io/dataplane-mode |
+
+ Alpha |
+
+ [Namespace] |
+ Specifies whether or not a workload is managed by Istio ambient mesh. |
+
+
+
+
+
+
+
+ istio.io/gateway-name |
+
+ Alpha |
+
+ [Pod] |
+ Applied to pods which are managed by Istio via Kubernetes Gateway API. Contains the name of the corresponding Gateway object. |
+
+
+
+
+
istio.io/rev |
diff --git a/label/labels.yaml b/label/labels.yaml
index e2b19c207df..753b7cdbbd7 100644
--- a/label/labels.yaml
+++ b/label/labels.yaml
@@ -151,3 +151,37 @@ labels:
hidden: false
resources:
- Pod
+
+ - name: gateway.istio.io/managed
+ featureStatus: Alpha
+ description: Specifies whether a resource is managed by Istio via Kubernetes Gateway API
+ deprecated: false
+ hidden: false
+ resources:
+ - Deployment
+ - Service
+
+ - name: istio.io/dataplane-mode
+ featureStatus: Alpha
+ description: Specifies whether or not a workload is managed by Istio ambient mesh.
+ deprecated: false
+ hidden: false
+ resources:
+ - Namespace
+
+ - name: ambient.istio.io/redirection
+ featureStatus: Alpha
+ description: Specifies whether a pod has ambient redirection (to ztunnel) configured.
+ deprecated: false
+ hidden: false
+ resources:
+ - Pod
+
+ - name: istio.io/gateway-name
+ featureStatus: Alpha
+ description: Applied to pods which are managed by Istio via Kubernetes Gateway API.
+ Contains the name of the corresponding Gateway object.
+ deprecated: false
+ hidden: false
+ resources:
+ - Pod
\ No newline at end of file