diff --git a/annotation/annotations.gen.go b/annotation/annotations.gen.go
index f2ada69d25..bff95f1ab4 100644
--- a/annotation/annotations.gen.go
+++ b/annotation/annotations.gen.go
@@ -29,6 +29,7 @@ const (
Unknown ResourceTypes = iota
Any
AuthorizationPolicy
+ Gateway
Ingress
Namespace
Pod
@@ -43,14 +44,16 @@ func (r ResourceTypes) String() string {
case 2:
return "AuthorizationPolicy"
case 3:
- return "Ingress"
+ return "Gateway"
case 4:
- return "Namespace"
+ return "Ingress"
case 5:
- return "Pod"
+ return "Namespace"
case 6:
- return "Service"
+ return "Pod"
case 7:
+ return "Service"
+ case 8:
return "WorkloadEntry"
}
return "Unknown"
@@ -231,6 +234,22 @@ var (
},
}
+ IoIstioForServiceAccount = Instance {
+ Name: "istio.io/for-service-account",
+ Description: "The name of an existing service account added to "+
+ "Kubernetes Gateway resources and propagated to to the "+
+ "corresponding waypoint proxy pod. Any traffic going to "+
+ "services using this service account will be mediated, "+
+ "enforced and observed by the waypoint proxy.",
+ FeatureStatus: Alpha,
+ Hidden: false,
+ Deprecated: false,
+ Resources: []ResourceTypes{
+ Pod,
+ Gateway,
+ },
+ }
+
IoIstioWorkloadController = Instance {
Name: "istio.io/workloadController",
Description: "On a WorkloadEntry should store the current/last pilot "+
@@ -795,6 +814,7 @@ func AllResourceAnnotations() []*Instance {
&IoIstioConnectedAt,
&IoIstioDisconnectedAt,
&IoIstioDryRun,
+ &IoIstioForServiceAccount,
&IoIstioWorkloadController,
&IoKubernetesIngressClass,
&NetworkingExportTo,
@@ -846,6 +866,7 @@ func AllResourceTypes() []string {
return []string {
"Any",
"AuthorizationPolicy",
+ "Gateway",
"Ingress",
"Namespace",
"Pod",
diff --git a/annotation/annotations.pb.html b/annotation/annotations.pb.html
index 90bbade86f..a1b6ca0e13 100644
--- a/annotation/annotations.pb.html
+++ b/annotation/annotations.pb.html
@@ -111,6 +111,19 @@
+
+
+
+ istio.io/for-service-account |
+
+ Alpha |
+
+ [Pod Gateway] |
+ The name of an existing service account added to Kubernetes Gateway resources and propagated to to the corresponding waypoint proxy pod. Any traffic going to services using this service account will be mediated, enforced and observed by the waypoint proxy. |
+
+
+
+
diff --git a/annotation/annotations.yaml b/annotation/annotations.yaml
index 87027877ad..39023c03b4 100644
--- a/annotation/annotations.yaml
+++ b/annotation/annotations.yaml
@@ -504,3 +504,14 @@ annotations:
hidden: false
resources:
- Namespace
+
+ - name: istio.io/for-service-account
+ featureStatus: Alpha
+ description: The name of an existing service account added to Kubernetes Gateway resources and propagated to
+ to the corresponding waypoint proxy pod. Any traffic going to services using this service account will be
+ mediated, enforced and observed by the waypoint proxy.
+ deprecated: false
+ hidden: false
+ resources:
+ - Pod
+ - Gateway
\ No newline at end of file
diff --git a/label/labels.gen.go b/label/labels.gen.go
index eec8952303..840aebca8c 100644
--- a/label/labels.gen.go
+++ b/label/labels.gen.go
@@ -28,6 +28,7 @@ type ResourceTypes int
const (
Unknown ResourceTypes = iota
Any
+ Deployment
Namespace
Node
Pod
@@ -39,12 +40,14 @@ func (r ResourceTypes) String() string {
case 1:
return "Any"
case 2:
- return "Namespace"
+ return "Deployment"
case 3:
- return "Node"
+ return "Namespace"
case 4:
- return "Pod"
+ return "Node"
case 5:
+ return "Pod"
+ case 6:
return "Service"
}
return "Unknown"
@@ -73,6 +76,56 @@ type Instance struct {
var (
+ AmbientRedirection = Instance {
+ Name: "ambient.istio.io/redirection",
+ Description: "Specifies whether a pod has ambient redirection (to "+
+ "ztunnel) configured.",
+ FeatureStatus: Alpha,
+ Hidden: false,
+ Deprecated: false,
+ Resources: []ResourceTypes{
+ Pod,
+ },
+ }
+
+ GatewayManaged = Instance {
+ Name: "gateway.istio.io/managed",
+ Description: "Specifies whether a resource is managed by Istio via "+
+ "Kubernetes Gateway API",
+ FeatureStatus: Alpha,
+ Hidden: false,
+ Deprecated: false,
+ Resources: []ResourceTypes{
+ Deployment,
+ Service,
+ },
+ }
+
+ IoIstioDataplaneMode = Instance {
+ Name: "istio.io/dataplane-mode",
+ Description: "Specifies whether or not a workload is managed by Istio "+
+ "ambient mesh.",
+ FeatureStatus: Alpha,
+ Hidden: false,
+ Deprecated: false,
+ Resources: []ResourceTypes{
+ Namespace,
+ },
+ }
+
+ IoIstioGatewayName = Instance {
+ Name: "istio.io/gateway-name",
+ Description: "Applied to pods which are managed by Istio via Kubernetes "+
+ "Gateway API. Contains the name of the corresponding "+
+ "Gateway object.",
+ FeatureStatus: Alpha,
+ Hidden: false,
+ Deprecated: false,
+ Resources: []ResourceTypes{
+ Pod,
+ },
+ }
+
IoIstioRev = Instance {
Name: "istio.io/rev",
Description: "Istio control plane revision associated with the "+
@@ -269,6 +322,10 @@ resources to help automate Istio's multi-network configuration.
func AllResourceLabels() []*Instance {
return []*Instance {
+ &AmbientRedirection,
+ &GatewayManaged,
+ &IoIstioDataplaneMode,
+ &IoIstioGatewayName,
&IoIstioRev,
&NetworkingGatewayPort,
&OperatorComponent,
@@ -287,6 +344,7 @@ func AllResourceLabels() []*Instance {
func AllResourceTypes() []string {
return []string {
"Any",
+ "Deployment",
"Namespace",
"Node",
"Pod",
diff --git a/label/labels.pb.html b/label/labels.pb.html
index 325f39bbde..89faeeb0cc 100644
--- a/label/labels.pb.html
+++ b/label/labels.pb.html
@@ -22,6 +22,58 @@
+
+
+ ambient.istio.io/redirection |
+
+ Alpha |
+
+ [Pod] |
+ Specifies whether a pod has ambient redirection (to ztunnel) configured. |
+
+
+
+
+
+
+
+ gateway.istio.io/managed |
+
+ Alpha |
+
+ [Deployment Service] |
+ Specifies whether a resource is managed by Istio via Kubernetes Gateway API |
+
+
+
+
+
+
+
+ istio.io/dataplane-mode |
+
+ Alpha |
+
+ [Namespace] |
+ Specifies whether or not a workload is managed by Istio ambient mesh. |
+
+
+
+
+
+
+
+ istio.io/gateway-name |
+
+ Alpha |
+
+ [Pod] |
+ Applied to pods which are managed by Istio via Kubernetes Gateway API. Contains the name of the corresponding Gateway object. |
+
+
+
+
+
istio.io/rev |
diff --git a/label/labels.yaml b/label/labels.yaml
index e2b19c207d..753b7cdbbd 100644
--- a/label/labels.yaml
+++ b/label/labels.yaml
@@ -151,3 +151,37 @@ labels:
hidden: false
resources:
- Pod
+
+ - name: gateway.istio.io/managed
+ featureStatus: Alpha
+ description: Specifies whether a resource is managed by Istio via Kubernetes Gateway API
+ deprecated: false
+ hidden: false
+ resources:
+ - Deployment
+ - Service
+
+ - name: istio.io/dataplane-mode
+ featureStatus: Alpha
+ description: Specifies whether or not a workload is managed by Istio ambient mesh.
+ deprecated: false
+ hidden: false
+ resources:
+ - Namespace
+
+ - name: ambient.istio.io/redirection
+ featureStatus: Alpha
+ description: Specifies whether a pod has ambient redirection (to ztunnel) configured.
+ deprecated: false
+ hidden: false
+ resources:
+ - Pod
+
+ - name: istio.io/gateway-name
+ featureStatus: Alpha
+ description: Applied to pods which are managed by Istio via Kubernetes Gateway API.
+ Contains the name of the corresponding Gateway object.
+ deprecated: false
+ hidden: false
+ resources:
+ - Pod
\ No newline at end of file