From b6816275301e545e3daacf4065f937bd78dda317 Mon Sep 17 00:00:00 2001 From: Greg Hanson Date: Mon, 27 Feb 2023 16:02:05 +0000 Subject: [PATCH] add missing labels and annotations used for ambient --- annotation/annotations.gen.go | 29 ++++++++++++--- annotation/annotations.pb.html | 13 +++++++ annotation/annotations.yaml | 11 ++++++ label/labels.gen.go | 64 ++++++++++++++++++++++++++++++++-- label/labels.pb.html | 52 +++++++++++++++++++++++++++ label/labels.yaml | 34 ++++++++++++++++++ 6 files changed, 196 insertions(+), 7 deletions(-) diff --git a/annotation/annotations.gen.go b/annotation/annotations.gen.go index f2ada69d255..bff95f1ab41 100644 --- a/annotation/annotations.gen.go +++ b/annotation/annotations.gen.go @@ -29,6 +29,7 @@ const ( Unknown ResourceTypes = iota Any AuthorizationPolicy + Gateway Ingress Namespace Pod @@ -43,14 +44,16 @@ func (r ResourceTypes) String() string { case 2: return "AuthorizationPolicy" case 3: - return "Ingress" + return "Gateway" case 4: - return "Namespace" + return "Ingress" case 5: - return "Pod" + return "Namespace" case 6: - return "Service" + return "Pod" case 7: + return "Service" + case 8: return "WorkloadEntry" } return "Unknown" @@ -231,6 +234,22 @@ var ( }, } + IoIstioForServiceAccount = Instance { + Name: "istio.io/for-service-account", + Description: "The name of an existing service account added to "+ + "Kubernetes Gateway resources and propagated to to the "+ + "corresponding waypoint proxy pod. Any traffic going to "+ + "services using this service account will be mediated, "+ + "enforced and observed by the waypoint proxy.", + FeatureStatus: Alpha, + Hidden: false, + Deprecated: false, + Resources: []ResourceTypes{ + Pod, + Gateway, + }, + } + IoIstioWorkloadController = Instance { Name: "istio.io/workloadController", Description: "On a WorkloadEntry should store the current/last pilot "+ @@ -795,6 +814,7 @@ func AllResourceAnnotations() []*Instance { &IoIstioConnectedAt, &IoIstioDisconnectedAt, &IoIstioDryRun, + &IoIstioForServiceAccount, &IoIstioWorkloadController, &IoKubernetesIngressClass, &NetworkingExportTo, @@ -846,6 +866,7 @@ func AllResourceTypes() []string { return []string { "Any", "AuthorizationPolicy", + "Gateway", "Ingress", "Namespace", "Pod", diff --git a/annotation/annotations.pb.html b/annotation/annotations.pb.html index 90bbade86fe..a1b6ca0e134 100644 --- a/annotation/annotations.pb.html +++ b/annotation/annotations.pb.html @@ -111,6 +111,19 @@ + + + + istio.io/for-service-account + + Alpha + + [Pod Gateway] + The name of an existing service account added to Kubernetes Gateway resources and propagated to to the corresponding waypoint proxy pod. Any traffic going to services using this service account will be mediated, enforced and observed by the waypoint proxy. + + + + diff --git a/annotation/annotations.yaml b/annotation/annotations.yaml index 87027877ad9..39023c03b46 100644 --- a/annotation/annotations.yaml +++ b/annotation/annotations.yaml @@ -504,3 +504,14 @@ annotations: hidden: false resources: - Namespace + + - name: istio.io/for-service-account + featureStatus: Alpha + description: The name of an existing service account added to Kubernetes Gateway resources and propagated to + to the corresponding waypoint proxy pod. Any traffic going to services using this service account will be + mediated, enforced and observed by the waypoint proxy. + deprecated: false + hidden: false + resources: + - Pod + - Gateway \ No newline at end of file diff --git a/label/labels.gen.go b/label/labels.gen.go index eec89523037..840aebca8c9 100644 --- a/label/labels.gen.go +++ b/label/labels.gen.go @@ -28,6 +28,7 @@ type ResourceTypes int const ( Unknown ResourceTypes = iota Any + Deployment Namespace Node Pod @@ -39,12 +40,14 @@ func (r ResourceTypes) String() string { case 1: return "Any" case 2: - return "Namespace" + return "Deployment" case 3: - return "Node" + return "Namespace" case 4: - return "Pod" + return "Node" case 5: + return "Pod" + case 6: return "Service" } return "Unknown" @@ -73,6 +76,56 @@ type Instance struct { var ( + AmbientRedirection = Instance { + Name: "ambient.istio.io/redirection", + Description: "Specifies whether a pod has ambient redirection (to "+ + "ztunnel) configured.", + FeatureStatus: Alpha, + Hidden: false, + Deprecated: false, + Resources: []ResourceTypes{ + Pod, + }, + } + + GatewayManaged = Instance { + Name: "gateway.istio.io/managed", + Description: "Specifies whether a resource is managed by Istio via "+ + "Kubernetes Gateway API", + FeatureStatus: Alpha, + Hidden: false, + Deprecated: false, + Resources: []ResourceTypes{ + Deployment, + Service, + }, + } + + IoIstioDataplaneMode = Instance { + Name: "istio.io/dataplane-mode", + Description: "Specifies whether or not a workload is managed by Istio "+ + "ambient mesh.", + FeatureStatus: Alpha, + Hidden: false, + Deprecated: false, + Resources: []ResourceTypes{ + Namespace, + }, + } + + IoIstioGatewayName = Instance { + Name: "istio.io/gateway-name", + Description: "Applied to pods which are managed by Istio via Kubernetes "+ + "Gateway API. Contains the name of the corresponding "+ + "Gateway object.", + FeatureStatus: Alpha, + Hidden: false, + Deprecated: false, + Resources: []ResourceTypes{ + Pod, + }, + } + IoIstioRev = Instance { Name: "istio.io/rev", Description: "Istio control plane revision associated with the "+ @@ -269,6 +322,10 @@ resources to help automate Istio's multi-network configuration. func AllResourceLabels() []*Instance { return []*Instance { + &AmbientRedirection, + &GatewayManaged, + &IoIstioDataplaneMode, + &IoIstioGatewayName, &IoIstioRev, &NetworkingGatewayPort, &OperatorComponent, @@ -287,6 +344,7 @@ func AllResourceLabels() []*Instance { func AllResourceTypes() []string { return []string { "Any", + "Deployment", "Namespace", "Node", "Pod", diff --git a/label/labels.pb.html b/label/labels.pb.html index 325f39bbdec..89faeeb0cc9 100644 --- a/label/labels.pb.html +++ b/label/labels.pb.html @@ -22,6 +22,58 @@ + + + ambient.istio.io/redirection + + Alpha + + [Pod] + Specifies whether a pod has ambient redirection (to ztunnel) configured. + + + + + + + + gateway.istio.io/managed + + Alpha + + [Deployment Service] + Specifies whether a resource is managed by Istio via Kubernetes Gateway API + + + + + + + + istio.io/dataplane-mode + + Alpha + + [Namespace] + Specifies whether or not a workload is managed by Istio ambient mesh. + + + + + + + + istio.io/gateway-name + + Alpha + + [Pod] + Applied to pods which are managed by Istio via Kubernetes Gateway API. Contains the name of the corresponding Gateway object. + + + + + istio.io/rev diff --git a/label/labels.yaml b/label/labels.yaml index e2b19c207df..753b7cdbbd7 100644 --- a/label/labels.yaml +++ b/label/labels.yaml @@ -151,3 +151,37 @@ labels: hidden: false resources: - Pod + + - name: gateway.istio.io/managed + featureStatus: Alpha + description: Specifies whether a resource is managed by Istio via Kubernetes Gateway API + deprecated: false + hidden: false + resources: + - Deployment + - Service + + - name: istio.io/dataplane-mode + featureStatus: Alpha + description: Specifies whether or not a workload is managed by Istio ambient mesh. + deprecated: false + hidden: false + resources: + - Namespace + + - name: ambient.istio.io/redirection + featureStatus: Alpha + description: Specifies whether a pod has ambient redirection (to ztunnel) configured. + deprecated: false + hidden: false + resources: + - Pod + + - name: istio.io/gateway-name + featureStatus: Alpha + description: Applied to pods which are managed by Istio via Kubernetes Gateway API. + Contains the name of the corresponding Gateway object. + deprecated: false + hidden: false + resources: + - Pod \ No newline at end of file