diff --git a/pilot/pkg/serviceregistry/kube/controller/ambient/waypoints.go b/pilot/pkg/serviceregistry/kube/controller/ambient/waypoints.go index f84f916818b6..abe972d6adf0 100644 --- a/pilot/pkg/serviceregistry/kube/controller/ambient/waypoints.go +++ b/pilot/pkg/serviceregistry/kube/controller/ambient/waypoints.go @@ -200,21 +200,23 @@ func WaypointsCollection( return p.Spec.ServiceAccountName }) + // default traffic type if neither GatewayClass nor Gateway specify a type + trafficType := constants.ServiceTraffic + gatewayClass := ptr.OrEmpty(krt.FetchOne(ctx, GatewayClasses, krt.FilterKey(string(gateway.Spec.GatewayClassName)))) if gatewayClass == nil { log.Warnf("could not find GatewayClass %s for Gateway %s/%s", gateway.Spec.GatewayClassName, gateway.Namespace, gateway.Name) + } else if tt, found := gatewayClass.Labels[constants.AmbientWaypointForTrafficTypeLabel]; found { + // Check for a declared traffic type that is allowed to pass through the Waypoint's GatewayClass + trafficType = tt } // Check for a declared traffic type that is allowed to pass through the Waypoint if tt, found := gateway.Labels[constants.AmbientWaypointForTrafficTypeLabel]; found { - return makeWaypoint(gateway, gatewayClass, serviceAccounts, tt) + trafficType = tt } - // If a value is not declared on a Gateway or its associated GatewayClass - // then the network layer should default to service when redirecting traffic. - // - // This is a safety measure to ensure that the Gateway is not misconfigured, but - // we will likely not hit this case as the CLI will validate the traffic type. - return makeWaypoint(gateway, gatewayClass, serviceAccounts, constants.ServiceTraffic) + + return makeWaypoint(gateway, gatewayClass, serviceAccounts, trafficType) }, krt.WithName("Waypoints")) } diff --git a/releasenotes/notes/50933.yaml b/releasenotes/notes/50933.yaml new file mode 100644 index 000000000000..edc89b028dd2 --- /dev/null +++ b/releasenotes/notes/50933.yaml @@ -0,0 +1,34 @@ +apiVersion: release-notes/v2 + +# This YAML file describes the format for specifying a release notes entry for Istio. +# This should be filled in for all user facing changes. + +# kind describes the type of change that this represents. +# Valid Values are: +# - bug-fix -- Used to specify that this change represents a bug fix. +# - security-fix -- Used to specify that this change represents a vulnerability fix. +# - feature -- Used to specify a new feature that has been added. +# - test -- Used to describe additional testing added. This file is optional for +# tests, but included for completeness. +kind: feature + +# area describes the area that this change affects. +# Valid values are: +# - traffic-management +# - security +# - telemetry +# - installation +# - istioctl +# - documentation +area: traffic-management + +# issue is a list of GitHub issues resolved in this note. +# If issue is not in the current repo, specify its full URL instead. +issue: +- 50933 + +# releaseNotes is a markdown listing of any user facing changes. This will appear in the +# release notes. +releaseNotes: +- | + **Added** reading the traffic type for a waypoint from the istio.io/waypoint-for label on the parent gateway class. This value overrides the global default and will be overridden if the label is applied to the waypoint resource.