diff --git a/api/v1alpha1/policy_helpers.go b/api/v1alpha1/policy_helpers.go
index 64dab444497..57f6ba92003 100644
--- a/api/v1alpha1/policy_helpers.go
+++ b/api/v1alpha1/policy_helpers.go
@@ -38,19 +38,28 @@ type TargetSelector struct {
// MatchLabels are the set of label selectors for identifying the targeted resource
MatchLabels map[string]string `json:"matchLabels"`
- // NamespaceSelector determines if the label selectors specified in MatchLabels are applied in
- // the policy namespace or across all namespaces.
+ // Namespaces determines if the resource from all namespaces or the current namespace
+ // are considered when matching by label selectors specified in MatchLabels.
// Note: when referencing targets in a different namespace, appropriate ReferenceGrants must be
// configured to allow the selection.
// +optional
// +notImplementedHide
- NamespaceSelector *NamespaceSelector `json:"namespaceSelector,omitempty"`
+ Namespaces *TargetSelectorNamespaces `json:"namespaces,omitempty"`
}
-// NamespaceSelector is a selector for selecting either all namespaces or the current namespace.
-type NamespaceSelector struct {
- // Boolean describing whether all namespaces are selected.
- Any bool `json:"any,omitempty"`
+type FromNamespaces string
+
+const (
+ // FromNamespacesAll indicates that the target selector should apply to targets from all namespaces
+ FromNamespacesAll FromNamespaces = "All"
+)
+
+// TargetSelectorNamespaces determines which namespaces are used when selecting policy targets.
+type TargetSelectorNamespaces struct {
+ // Indicates where targets would be selected for the Policy's TargetSelector.
+ // +kubebuilder:validation:Enum=All
+ // +kubebuilder:validation:Required
+ FromNamespaces FromNamespaces `json:"omitempty"`
}
func (p PolicyTargetReferences) GetTargetRefs() []gwapiv1a2.LocalPolicyTargetReferenceWithSectionName {
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index 02e7e07241d..75047bc0311 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -4010,21 +4010,6 @@ func (in *Lua) DeepCopy() *Lua {
return out
}
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *NamespaceSelector) DeepCopyInto(out *NamespaceSelector) {
- *out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceSelector.
-func (in *NamespaceSelector) DeepCopy() *NamespaceSelector {
- if in == nil {
- return nil
- }
- out := new(NamespaceSelector)
- in.DeepCopyInto(out)
- return out
-}
-
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDC) DeepCopyInto(out *OIDC) {
*out = *in
@@ -5677,9 +5662,9 @@ func (in *TargetSelector) DeepCopyInto(out *TargetSelector) {
(*out)[key] = val
}
}
- if in.NamespaceSelector != nil {
- in, out := &in.NamespaceSelector, &out.NamespaceSelector
- *out = new(NamespaceSelector)
+ if in.Namespaces != nil {
+ in, out := &in.Namespaces, &out.Namespaces
+ *out = new(TargetSelectorNamespaces)
**out = **in
}
}
@@ -5694,6 +5679,21 @@ func (in *TargetSelector) DeepCopy() *TargetSelector {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TargetSelectorNamespaces) DeepCopyInto(out *TargetSelectorNamespaces) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetSelectorNamespaces.
+func (in *TargetSelectorNamespaces) DeepCopy() *TargetSelectorNamespaces {
+ if in == nil {
+ return nil
+ }
+ out := new(TargetSelectorNamespaces)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Timeout) DeepCopyInto(out *Timeout) {
*out = *in
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
index 3f667a48f61..e94df2112d4 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
@@ -1504,17 +1504,21 @@ spec:
description: MatchLabels are the set of label selectors for
identifying the targeted resource
type: object
- namespaceSelector:
+ namespaces:
description: |-
- NamespaceSelector determines if the label selectors specified in MatchLabels are applied in
- the policy namespace or across all namespaces.
+ Namespaces determines if the resource from all namespaces or the current namespace
+ are considered when matching by label selectors specified in MatchLabels.
Note: when referencing targets in a different namespace, appropriate ReferenceGrants must be
configured to allow the selection.
properties:
- any:
- description: Boolean describing whether all namespaces are
- selected.
- type: boolean
+ omitempty:
+ description: Indicates where targets would be selected for
+ the Policy's TargetSelector.
+ enum:
+ - All
+ type: string
+ required:
+ - omitempty
type: object
required:
- kind
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
index 703be1862cd..5a71e6cedea 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
@@ -614,17 +614,21 @@ spec:
description: MatchLabels are the set of label selectors for
identifying the targeted resource
type: object
- namespaceSelector:
+ namespaces:
description: |-
- NamespaceSelector determines if the label selectors specified in MatchLabels are applied in
- the policy namespace or across all namespaces.
+ Namespaces determines if the resource from all namespaces or the current namespace
+ are considered when matching by label selectors specified in MatchLabels.
Note: when referencing targets in a different namespace, appropriate ReferenceGrants must be
configured to allow the selection.
properties:
- any:
- description: Boolean describing whether all namespaces are
- selected.
- type: boolean
+ omitempty:
+ description: Indicates where targets would be selected for
+ the Policy's TargetSelector.
+ enum:
+ - All
+ type: string
+ required:
+ - omitempty
type: object
required:
- kind
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
index 7ff4b13bd95..cbd45bed279 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
@@ -1197,17 +1197,21 @@ spec:
description: MatchLabels are the set of label selectors for
identifying the targeted resource
type: object
- namespaceSelector:
+ namespaces:
description: |-
- NamespaceSelector determines if the label selectors specified in MatchLabels are applied in
- the policy namespace or across all namespaces.
+ Namespaces determines if the resource from all namespaces or the current namespace
+ are considered when matching by label selectors specified in MatchLabels.
Note: when referencing targets in a different namespace, appropriate ReferenceGrants must be
configured to allow the selection.
properties:
- any:
- description: Boolean describing whether all namespaces are
- selected.
- type: boolean
+ omitempty:
+ description: Indicates where targets would be selected for
+ the Policy's TargetSelector.
+ enum:
+ - All
+ type: string
+ required:
+ - omitempty
type: object
required:
- kind
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
index 6b5ea1fbcc0..9b0419cf2fd 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
@@ -4413,17 +4413,21 @@ spec:
description: MatchLabels are the set of label selectors for
identifying the targeted resource
type: object
- namespaceSelector:
+ namespaces:
description: |-
- NamespaceSelector determines if the label selectors specified in MatchLabels are applied in
- the policy namespace or across all namespaces.
+ Namespaces determines if the resource from all namespaces or the current namespace
+ are considered when matching by label selectors specified in MatchLabels.
Note: when referencing targets in a different namespace, appropriate ReferenceGrants must be
configured to allow the selection.
properties:
- any:
- description: Boolean describing whether all namespaces are
- selected.
- type: boolean
+ omitempty:
+ description: Indicates where targets would be selected for
+ the Policy's TargetSelector.
+ enum:
+ - All
+ type: string
+ required:
+ - omitempty
type: object
required:
- kind
diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
index 4adf1c8b750..af759c14508 100644
--- a/site/content/en/latest/api/extension_types.md
+++ b/site/content/en/latest/api/extension_types.md
@@ -1801,6 +1801,20 @@ _Appears in:_
| `after` | _[EnvoyFilter](#envoyfilter)_ | true | | After defines the filter that should come after the filter.
Only one of Before or After must be set. |
+#### FromNamespaces
+
+_Underlying type:_ _string_
+
+
+
+_Appears in:_
+- [TargetSelectorNamespaces](#targetselectornamespaces)
+
+| Value | Description |
+| ----- | ----------- |
+| `All` | FromNamespacesAll indicates that the target selector should apply to targets from all namespaces
|
+
+
#### GRPCActiveHealthChecker
@@ -2898,20 +2912,6 @@ _Appears in:_
| `OpenTelemetry` | |
-#### NamespaceSelector
-
-
-
-NamespaceSelector is a selector for selecting either all namespaces or the current namespace.
-
-_Appears in:_
-- [TargetSelector](#targetselector)
-
-| Field | Type | Required | Default | Description |
-| --- | --- | --- | --- | --- |
-| `any` | _boolean_ | true | | Boolean describing whether all namespaces are selected. |
-
-
#### OIDC
@@ -4318,6 +4318,20 @@ _Appears in:_
| `matchLabels` | _object (keys:string, values:string)_ | true | | MatchLabels are the set of label selectors for identifying the targeted resource |
+#### TargetSelectorNamespaces
+
+
+
+TargetSelectorNamespaces determines which namespaces are used when selecting policy targets.
+
+_Appears in:_
+- [TargetSelector](#targetselector)
+
+| Field | Type | Required | Default | Description |
+| --- | --- | --- | --- | --- |
+| `omitempty` | _[FromNamespaces](#fromnamespaces)_ | true | | Indicates where targets would be selected for the Policy's TargetSelector. |
+
+
#### Timeout
diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md
index 4adf1c8b750..af759c14508 100644
--- a/site/content/zh/latest/api/extension_types.md
+++ b/site/content/zh/latest/api/extension_types.md
@@ -1801,6 +1801,20 @@ _Appears in:_
| `after` | _[EnvoyFilter](#envoyfilter)_ | true | | After defines the filter that should come after the filter.
Only one of Before or After must be set. |
+#### FromNamespaces
+
+_Underlying type:_ _string_
+
+
+
+_Appears in:_
+- [TargetSelectorNamespaces](#targetselectornamespaces)
+
+| Value | Description |
+| ----- | ----------- |
+| `All` | FromNamespacesAll indicates that the target selector should apply to targets from all namespaces
|
+
+
#### GRPCActiveHealthChecker
@@ -2898,20 +2912,6 @@ _Appears in:_
| `OpenTelemetry` | |
-#### NamespaceSelector
-
-
-
-NamespaceSelector is a selector for selecting either all namespaces or the current namespace.
-
-_Appears in:_
-- [TargetSelector](#targetselector)
-
-| Field | Type | Required | Default | Description |
-| --- | --- | --- | --- | --- |
-| `any` | _boolean_ | true | | Boolean describing whether all namespaces are selected. |
-
-
#### OIDC
@@ -4318,6 +4318,20 @@ _Appears in:_
| `matchLabels` | _object (keys:string, values:string)_ | true | | MatchLabels are the set of label selectors for identifying the targeted resource |
+#### TargetSelectorNamespaces
+
+
+
+TargetSelectorNamespaces determines which namespaces are used when selecting policy targets.
+
+_Appears in:_
+- [TargetSelector](#targetselector)
+
+| Field | Type | Required | Default | Description |
+| --- | --- | --- | --- | --- |
+| `omitempty` | _[FromNamespaces](#fromnamespaces)_ | true | | Indicates where targets would be selected for the Policy's TargetSelector. |
+
+
#### Timeout