If the selector and the targetRef are not set, the selector will match all workloads. At most one of the selector and targetRef can be set.
+ +targetRefPolicyTargetReferenceOptional. The targetRef specifies the gateway the policy should be
+applied to. The targeted resource specified will determine which
+workloads the authorization policy applies to. The targeted resource
+must be a Gateway in the group gateway.networking.k8s.io. The
+gateway must be in the same namespace as the authorization policy.
If not set, the policy is applied as defined by the selector. +At most one of the selector and targetRef can be set.
+NOTE: If you are using the targetRef field in a multi-revision environment with Istio versions prior to 1.20,
+it is highly recommended that you pin the authorization policy to a revision running 1.20+ via the istio.io/rev label.
+This is to prevent proxies connected to older istiod control planes (that don’t know about the targetRef field)
+from misinterpreting the policy as namespace-wide during the upgrade process.
If not set, the selector will match all workloads. At most one of the selector and targetRef can be set.
+targetRefPolicyTargetReferenceOptional. The targetRef specifies the gateway the policy should be
+applied to. The targeted resource specified will determine which
+workloads the request authentication policy to. The targeted resource
+must be a Gateway in the group gateway.networking.k8s.io. The
+gateway must be in the same namespace as the request authentication
+policy.
If not set, the policy is applied as defined by the selector. +At most one of the selector and targetRef can be set. +Waypoint proxies will not respect selectors even if they match.
+If the selector and the targetRef are not set, the selector will match all workloads. At most one of the selector and targetRef can be set.
+targetRefPolicyTargetReferenceOptional. The targetRef specifies the gateway the policy should be
+applied to. The targeted resource specified will determine which
+workloads the authorization policy applies to. The targeted resource
+must be a Gateway in the group gateway.networking.k8s.io. The
+gateway must be in the same namespace as the authorization policy.
If not set, the policy is applied as defined by the selector. +At most one of the selector and targetRef can be set.
+NOTE: If you are using the targetRef field in a multi-revision environment with Istio versions prior to 1.20,
+it is highly recommended that you pin the authorization policy to a revision running 1.20+ via the istio.io/rev label.
+This is to prevent proxies connected to older istiod control planes (that don’t know about the targetRef field)
+from misinterpreting the policy as namespace-wide during the upgrade process.
If not set, the selector will match all workloads. At most one of the selector and targetRef can be set.
+targetRefPolicyTargetReferenceOptional. The targetRef specifies the gateway the policy should be
+applied to. The targeted resource specified will determine which
+workloads the request authentication policy to. The targeted resource
+must be a Gateway in the group gateway.networking.k8s.io. The
+gateway must be in the same namespace as the request authentication
+policy.
If not set, the policy is applied as defined by the selector. +At most one of the selector and targetRef can be set. +Waypoint proxies will not respect selectors even if they match.
+