You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
workloadSelector is the means by which to specify (among other things) which pods EnvoyFilters apply to. It currently only supports filtering based on pod label.
This feature request is to extend workloadSelector to support several additional functionalities:
Filtering based on an inclusion/exclusion list. (eg. it doesn't have X label).
Filtering based on the namespace name. This prevents users from having to deploy the same EnvoyFilter into multiple namespaces.
Filtering based on namespace-level labels. This makes it easier for users to implement something like a per-service opt-out.
Describe alternatives you've considered
Currently, there are three options for configuring EnvoyFilter targeting:
Apply to all Envoys everywhere in the cluster (by deploying EnvoyFilter in the root namespace).
Deploy the same config into each namespace you want to deploy the filter into (this is not DRY).
Deploy on a per-pod basis (and presumably use some sort of admission controller to make sure pods are tagged appropriately).
These aren't ergonomic for the core usecases for EnvoyFilter, which mostly fall on a per-namespace opt-in/opt-out basis.
Affected product area (please put an X in all that apply)
[ ] Ambient
[ ] Docs
[ ] Dual Stack
[ ] Installation
[ ] Networking
[ ] Performance and Scalability
[ ] Extensions and Telemetry
[ ] Security
[ ] Test and Release
[X] User Experience
[ ] Developer Infrastructure
Affected features (please put an X in all that apply)
[ ] Multi Cluster
[ ] Virtual Machine
[ ] Multi Control Plane
Additional context
The text was updated successfully, but these errors were encountered:
(This is used to request new product features, please visit https://github.com/istio/istio/discussions for questions on using Istio)
Describe the feature request
workloadSelectoris the means by which to specify (among other things) which podsEnvoyFilters apply to. It currently only supports filtering based on pod label.workloadSelectorto support several additional functionalities:EnvoyFilterinto multiple namespaces.Describe alternatives you've considered
Currently, there are three options for configuring
EnvoyFiltertargeting:EnvoyFilterin the root namespace).These aren't ergonomic for the core usecases for
EnvoyFilter, which mostly fall on a per-namespace opt-in/opt-out basis.Affected product area (please put an X in all that apply)
[ ] Ambient
[ ] Docs
[ ] Dual Stack
[ ] Installation
[ ] Networking
[ ] Performance and Scalability
[ ] Extensions and Telemetry
[ ] Security
[ ] Test and Release
[X] User Experience
[ ] Developer Infrastructure
Affected features (please put an X in all that apply)
[ ] Multi Cluster
[ ] Virtual Machine
[ ] Multi Control Plane
Additional context
The text was updated successfully, but these errors were encountered: