Add ingress bypass annotation to the API (#3338)

Added in istio in https://github.com/istio/istio/pull/53476
2024-10-18 13:16:54 -07:00 · 2024-10-18 13:16:54 -07:00 · 7c8ec5b5ab
parent 585d68d196
commit 7c8ec5b5ab
2 changed files with 24 additions and 0 deletions
--- a/annotation/annotations.gen.go
+++ b/annotation/annotations.gen.go
@ -112,6 +112,19 @@ var (
 		},
 	}

+	AmbientBypassInboundCapture = Instance {
+		Name:          "ambient.istio.io/bypass-inbound-capture",
+		Description:   `When specified on a "Pod" enrolled in ambient mesh, only outbound traffic will be captured.
+This is intended to be used when enrolling a workload that only receives traffic from out-of-the-mesh clients, such as third party ingress controllers.
+`,
+		FeatureStatus: Alpha,
+		Hidden:        true,
+		Deprecated:    false,
+		Resources: []ResourceTypes{
+			Pod,
+		},
+	}
+
 	AmbientRedirection = Instance {
 		Name:          "ambient.istio.io/redirection",
 		Description:   `Automatically configured by Istio to indicate a Pod was successfully enrolled in ambient mode.
@ -878,6 +891,7 @@ func AllResourceAnnotations() []*Instance {
 	return []*Instance {
 		&AlphaCanonicalServiceAccounts,
 		&AlphaKubernetesServiceAccounts,
+		&AmbientBypassInboundCapture,
 		&AmbientRedirection,
 		&AmbientWaypointInboundBinding,
 		&GalleyAnalyzeSuppress,
--- a/annotation/annotations.yaml
+++ b/annotation/annotations.yaml
@ -570,3 +570,13 @@ annotations:
    resources:
      - Service
      - ServiceEntry
+
+  - name: ambient.istio.io/bypass-inbound-capture
+    featureStatus: Alpha
+    description: |
+      When specified on a `Pod` enrolled in ambient mesh, only outbound traffic will be captured.
+      This is intended to be used when enrolling a workload that only receives traffic from out-of-the-mesh clients, such as third party ingress controllers.
+    deprecated: false
+    hidden: true
+    resources:
+      - Pod