You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Find where workloadSelector is used (explicitly or implicitly) and add checks for the existence of a targetRef. Defaulting to the current label selector if targetRef doesn't exist for the policy.
Some things to note:
RBAC and policy enforcement in general is a listener concern in Envoy as seen in listener_waypoint.go. telemetryFilters may be where this enforcement occurs.
There may be resources precomputed based on namespace or workload selectors to provide a more effective lookup in Ambient . As seen here for Authorization Policy
targetRef applies to ingress gateways and waypoints
Validation is done to ensure the policies and the targetReferent is valid
The text was updated successfully, but these errors were encountered:
Part of #46360
Related to #46560
Find where workloadSelector is used (explicitly or implicitly) and add checks for the existence of a targetRef. Defaulting to the current label selector if targetRef doesn't exist for the policy.
Some things to note:
The text was updated successfully, but these errors were encountered: