NOTE 3: Ambient mode does not support wildcard hostsnames.
@@ -482,6 +483,8 @@For a Kubernetes Service, the equivalent effect can be achieved by setting the annotation “networking.istio.io/exportTo” to a comma-separated list of namespace names.
+Note: Ambient mode does not support this field. Service entries will +be exported to all namespaces.
diff --git a/networking/v1alpha3/service_entry.proto b/networking/v1alpha3/service_entry.proto index a551fee8c6..f22d16acc7 100644 --- a/networking/v1alpha3/service_entry.proto +++ b/networking/v1alpha3/service_entry.proto @@ -464,6 +464,9 @@ message ServiceEntry { // 1. subjectAltNames: In addition to verifying the SANs of the // service accounts associated with the pods of the service, the // SANs specified here will also be verified. + // + // **NOTE 3:** Ambient mode does not support wildcard hostsnames. + // // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=256 // +protoc-gen-crd:list-value-validation:XValidation:message="hostname cannot be wildcard",rule="self != '*'" @@ -595,6 +598,9 @@ message ServiceEntry { // For a Kubernetes Service, the equivalent effect can be achieved by setting // the annotation "networking.istio.io/exportTo" to a comma-separated list // of namespace names. + // + // **Note:** Ambient mode does not support this field. Service entries will + // be exported to all namespaces. repeated string export_to = 7; // If specified, the proxy will verify that the server certificate's diff --git a/networking/v1alpha3/sidecar.pb.go b/networking/v1alpha3/sidecar.pb.go index bf86c1a082..9c2f2da418 100644 --- a/networking/v1alpha3/sidecar.pb.go +++ b/networking/v1alpha3/sidecar.pb.go @@ -25,8 +25,9 @@ // $aliases: [/docs/reference/config/networking/v1alpha3/sidecar] // `Sidecar` describes the configuration of the sidecar proxy that mediates -// inbound and outbound communication to the workload instance it is attached to. By -// default, Istio will program all sidecar proxies in the mesh with the +// inbound and outbound communication to the workload instance it is attached to. +// `Sidecar` only applies to Sidecar mode. +// By default, Istio will program all sidecar proxies in the mesh with the // necessary configuration required to reach every workload instance in the mesh, as // well as accept traffic on all the ports associated with the // workload. The `Sidecar` configuration provides a way to fine tune the set of diff --git a/networking/v1alpha3/sidecar.pb.html b/networking/v1alpha3/sidecar.pb.html index a4d72f07ba..6990863057 100644 --- a/networking/v1alpha3/sidecar.pb.html +++ b/networking/v1alpha3/sidecar.pb.html @@ -9,8 +9,9 @@ number_of_entries: 8 ---Sidecar describes the configuration of the sidecar proxy that mediates
-inbound and outbound communication to the workload instance it is attached to. By
-default, Istio will program all sidecar proxies in the mesh with the
+inbound and outbound communication to the workload instance it is attached to.
+Sidecar only applies to Sidecar mode.
+By default, Istio will program all sidecar proxies in the mesh with the
necessary configuration required to reach every workload instance in the mesh, as
well as accept traffic on all the ports associated with the
workload. The Sidecar configuration provides a way to fine tune the set of
diff --git a/networking/v1alpha3/sidecar.proto b/networking/v1alpha3/sidecar.proto
index 2d60a306d5..332f6ceabb 100644
--- a/networking/v1alpha3/sidecar.proto
+++ b/networking/v1alpha3/sidecar.proto
@@ -21,8 +21,9 @@ syntax = "proto3";
// $aliases: [/docs/reference/config/networking/v1alpha3/sidecar]
// `Sidecar` describes the configuration of the sidecar proxy that mediates
-// inbound and outbound communication to the workload instance it is attached to. By
-// default, Istio will program all sidecar proxies in the mesh with the
+// inbound and outbound communication to the workload instance it is attached to.
+// `Sidecar` only applies to Sidecar mode.
+// By default, Istio will program all sidecar proxies in the mesh with the
// necessary configuration required to reach every workload instance in the mesh, as
// well as accept traffic on all the ports associated with the
// workload. The `Sidecar` configuration provides a way to fine tune the set of
diff --git a/networking/v1alpha3/virtual_service.pb.go b/networking/v1alpha3/virtual_service.pb.go
index b72b594e71..6960ab7b92 100644
--- a/networking/v1alpha3/virtual_service.pb.go
+++ b/networking/v1alpha3/virtual_service.pb.go
@@ -61,6 +61,11 @@
// The source of traffic can also be matched in a routing rule. This allows routing
// to be customized for specific client contexts.
//
+// *Note for Ambient Users*: Support for `VirtualService` in Ambient mode is alpha, and
+// there are no plans to increase support.
+// Use [Gateway API](https://istio.io/latest/docs/tasks/traffic-management/ingress/gateway-api/#mesh-traffic)
+// for a stable traffic management API.
+//
// The following example on Kubernetes, routes all HTTP traffic by default to
// pods of the reviews service with label "version: v1". In addition,
// HTTP requests with path starting with /wpcatalog/ or /consumercatalog/ will
@@ -1395,6 +1400,8 @@ type HTTPMatchRequest struct {
//
// **Note:** This is not a runtime match, but is a selector; it filters which workloads the
// VirtualService applies to.
+ //
+ // **Note:** Ambient mode does not support this field.
SourceLabels map[string]string `protobuf:"bytes,7,rep,name=source_labels,json=sourceLabels,proto3" json:"source_labels,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
// Names of gateways where the rule should be applied. Gateway names
// in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway
@@ -1431,6 +1438,8 @@ type HTTPMatchRequest struct {
//
// **Note:** This is not a runtime match, but is a selector; it filters which workloads the
// VirtualService applies to.
+ //
+ // **Note:** Ambient mode does not support this field.
SourceNamespace string `protobuf:"bytes,13,opt,name=source_namespace,json=sourceNamespace,proto3" json:"source_namespace,omitempty"`
// The human readable prefix to use when emitting statistics for this route.
// The statistics are generated with prefix route.
The source of traffic can also be matched in a routing rule. This allows routing to be customized for specific client contexts.
+Note for Ambient Users: Support for VirtualService in Ambient mode is alpha, and
+there are no plans to increase support.
+Use Gateway API
+for a stable traffic management API.
The following example on Kubernetes, routes all HTTP traffic by default to pods of the reviews service with label “version: v1”. In addition, HTTP requests with path starting with /wpcatalog/ or /consumercatalog/ will @@ -1088,6 +1092,7 @@
mesh for this field to be applicable.
Note: This is not a runtime match, but is a selector; it filters which workloads the VirtualService applies to.
+Note: Ambient mode does not support this field.
@@ -1162,6 +1167,7 @@mesh for this field to be applicable.
Note: This is not a runtime match, but is a selector; it filters which workloads the VirtualService applies to.
+Note: Ambient mode does not support this field.
@@ -1367,6 +1373,7 @@mesh in order for this field to be applicable.
Note: This is not a runtime match, but is a selector; it filters which workloads the VirtualService applies to.
+Note: Ambient mode does not support this field.
@@ -1391,6 +1398,7 @@mesh for this field to be applicable.
Note: This is not a runtime match, but is a selector; it filters which workloads the VirtualService applies to.
+Note: Ambient mode does not support this field.
@@ -1455,6 +1463,7 @@mesh in order for this field to be applicable.
Note: This is not a runtime match, but is a selector; it filters which workloads the VirtualService applies to.
+Note: Ambient mode does not support this field.
@@ -1479,6 +1488,7 @@mesh for this field to be applicable.
Note: This is not a runtime match, but is a selector; it filters which workloads the VirtualService applies to.
+Note: Ambient mode does not support this field.
diff --git a/networking/v1alpha3/virtual_service.proto b/networking/v1alpha3/virtual_service.proto index d81ad2d72c..c47d8a49d0 100644 --- a/networking/v1alpha3/virtual_service.proto +++ b/networking/v1alpha3/virtual_service.proto @@ -57,6 +57,11 @@ syntax = "proto3"; // The source of traffic can also be matched in a routing rule. This allows routing // to be customized for specific client contexts. // +// *Note for Ambient Users*: Support for `VirtualService` in Ambient mode is alpha, and +// there are no plans to increase support. +// Use [Gateway API](https://istio.io/latest/docs/tasks/traffic-management/ingress/gateway-api/#mesh-traffic) +// for a stable traffic management API. +// // The following example on Kubernetes, routes all HTTP traffic by default to // pods of the reviews service with label "version: v1". In addition, // HTTP requests with path starting with /wpcatalog/ or /consumercatalog/ will @@ -818,6 +823,8 @@ message HTTPMatchRequest { // // **Note:** This is not a runtime match, but is a selector; it filters which workloads the // VirtualService applies to. + // + // **Note:** Ambient mode does not support this field. map