NOTE 3: Ambient mode does not support wildcard hostsnames.
@@ -482,6 +483,8 @@For a Kubernetes Service, the equivalent effect can be achieved by setting the annotation “networking.istio.io/exportTo” to a comma-separated list of namespace names.
+Note: Ambient mode does not support this field. Service entries will +be exported to all namespaces.
diff --git a/networking/v1alpha3/service_entry.proto b/networking/v1alpha3/service_entry.proto index a551fee8c6..f22d16acc7 100644 --- a/networking/v1alpha3/service_entry.proto +++ b/networking/v1alpha3/service_entry.proto @@ -464,6 +464,9 @@ message ServiceEntry { // 1. subjectAltNames: In addition to verifying the SANs of the // service accounts associated with the pods of the service, the // SANs specified here will also be verified. + // + // **NOTE 3:** Ambient mode does not support wildcard hostsnames. + // // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=256 // +protoc-gen-crd:list-value-validation:XValidation:message="hostname cannot be wildcard",rule="self != '*'" @@ -595,6 +598,9 @@ message ServiceEntry { // For a Kubernetes Service, the equivalent effect can be achieved by setting // the annotation "networking.istio.io/exportTo" to a comma-separated list // of namespace names. + // + // **Note:** Ambient mode does not support this field. Service entries will + // be exported to all namespaces. repeated string export_to = 7; // If specified, the proxy will verify that the server certificate's diff --git a/networking/v1alpha3/sidecar.pb.go b/networking/v1alpha3/sidecar.pb.go index bf86c1a082..9c2f2da418 100644 --- a/networking/v1alpha3/sidecar.pb.go +++ b/networking/v1alpha3/sidecar.pb.go @@ -25,8 +25,9 @@ // $aliases: [/docs/reference/config/networking/v1alpha3/sidecar] // `Sidecar` describes the configuration of the sidecar proxy that mediates -// inbound and outbound communication to the workload instance it is attached to. By -// default, Istio will program all sidecar proxies in the mesh with the +// inbound and outbound communication to the workload instance it is attached to. +// `Sidecar` only applies to Sidecar mode. +// By default, Istio will program all sidecar proxies in the mesh with the // necessary configuration required to reach every workload instance in the mesh, as // well as accept traffic on all the ports associated with the // workload. The `Sidecar` configuration provides a way to fine tune the set of diff --git a/networking/v1alpha3/sidecar.pb.html b/networking/v1alpha3/sidecar.pb.html index a4d72f07ba..6990863057 100644 --- a/networking/v1alpha3/sidecar.pb.html +++ b/networking/v1alpha3/sidecar.pb.html @@ -9,8 +9,9 @@ number_of_entries: 8 ---Sidecar describes the configuration of the sidecar proxy that mediates
-inbound and outbound communication to the workload instance it is attached to. By
-default, Istio will program all sidecar proxies in the mesh with the
+inbound and outbound communication to the workload instance it is attached to.
+Sidecar only applies to Sidecar mode.
+By default, Istio will program all sidecar proxies in the mesh with the
necessary configuration required to reach every workload instance in the mesh, as
well as accept traffic on all the ports associated with the
workload. The Sidecar configuration provides a way to fine tune the set of
diff --git a/networking/v1alpha3/sidecar.proto b/networking/v1alpha3/sidecar.proto
index 2d60a306d5..332f6ceabb 100644
--- a/networking/v1alpha3/sidecar.proto
+++ b/networking/v1alpha3/sidecar.proto
@@ -21,8 +21,9 @@ syntax = "proto3";
// $aliases: [/docs/reference/config/networking/v1alpha3/sidecar]
// `Sidecar` describes the configuration of the sidecar proxy that mediates
-// inbound and outbound communication to the workload instance it is attached to. By
-// default, Istio will program all sidecar proxies in the mesh with the
+// inbound and outbound communication to the workload instance it is attached to.
+// `Sidecar` only applies to Sidecar mode.
+// By default, Istio will program all sidecar proxies in the mesh with the
// necessary configuration required to reach every workload instance in the mesh, as
// well as accept traffic on all the ports associated with the
// workload. The `Sidecar` configuration provides a way to fine tune the set of
diff --git a/networking/v1alpha3/virtual_service.pb.go b/networking/v1alpha3/virtual_service.pb.go
index b72b594e71..8cc266d00a 100644
--- a/networking/v1alpha3/virtual_service.pb.go
+++ b/networking/v1alpha3/virtual_service.pb.go
@@ -1395,6 +1395,8 @@ type HTTPMatchRequest struct {
//
// **Note:** This is not a runtime match, but is a selector; it filters which workloads the
// VirtualService applies to.
+ //
+ // **Note:** Ambient mode does not support this field.
SourceLabels map[string]string `protobuf:"bytes,7,rep,name=source_labels,json=sourceLabels,proto3" json:"source_labels,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
// Names of gateways where the rule should be applied. Gateway names
// in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway
@@ -1431,6 +1433,8 @@ type HTTPMatchRequest struct {
//
// **Note:** This is not a runtime match, but is a selector; it filters which workloads the
// VirtualService applies to.
+ //
+ // **Note:** Ambient mode does not support this field.
SourceNamespace string `protobuf:"bytes,13,opt,name=source_namespace,json=sourceNamespace,proto3" json:"source_namespace,omitempty"`
// The human readable prefix to use when emitting statistics for this route.
// The statistics are generated with prefix route.HTTPMatchRequest
mesh for this field to be applicable.
Note: This is not a runtime match, but is a selector; it filters which workloads the VirtualService applies to.
+Note: Ambient mode does not support this field.
@@ -1162,6 +1163,7 @@mesh for this field to be applicable.
Note: This is not a runtime match, but is a selector; it filters which workloads the VirtualService applies to.
+Note: Ambient mode does not support this field.
@@ -1367,6 +1369,7 @@mesh in order for this field to be applicable.
Note: This is not a runtime match, but is a selector; it filters which workloads the VirtualService applies to.
+Note: Ambient mode does not support this field.
@@ -1391,6 +1394,7 @@mesh for this field to be applicable.
Note: This is not a runtime match, but is a selector; it filters which workloads the VirtualService applies to.
+Note: Ambient mode does not support this field.
@@ -1455,6 +1459,7 @@mesh in order for this field to be applicable.
Note: This is not a runtime match, but is a selector; it filters which workloads the VirtualService applies to.
+Note: Ambient mode does not support this field.
@@ -1479,6 +1484,7 @@mesh for this field to be applicable.
Note: This is not a runtime match, but is a selector; it filters which workloads the VirtualService applies to.
+Note: Ambient mode does not support this field.
diff --git a/networking/v1alpha3/virtual_service.proto b/networking/v1alpha3/virtual_service.proto index d81ad2d72c..466c32df75 100644 --- a/networking/v1alpha3/virtual_service.proto +++ b/networking/v1alpha3/virtual_service.proto @@ -818,6 +818,8 @@ message HTTPMatchRequest { // // **Note:** This is not a runtime match, but is a selector; it filters which workloads the // VirtualService applies to. + // + // **Note:** Ambient mode does not support this field. map