diff --git a/api/v1alpha1/policy_helpers.go b/api/v1alpha1/policy_helpers.go
index 054ca72f71..d27064b400 100644
--- a/api/v1alpha1/policy_helpers.go
+++ b/api/v1alpha1/policy_helpers.go
@@ -38,6 +38,29 @@ type TargetSelector struct {
// MatchLabels are the set of label selectors for identifying the targeted resource
MatchLabels map[string]string `json:"matchLabels"`
+
+ // Namespaces determines if the resource from all namespaces or the current namespace
+ // are considered when matching by label selectors specified in MatchLabels.
+ // Note: when referencing targets in a different namespace, appropriate ReferenceGrants must be
+ // configured to allow the selection.
+ // +optional
+ // +notImplementedHide
+ Namespaces *TargetSelectorNamespaces `json:"namespaces,omitempty"`
+}
+
+type FromNamespaces string
+
+const (
+ // FromNamespacesAll indicates that the target selector should apply to targets from all namespaces
+ FromNamespacesAll FromNamespaces = "All"
+)
+
+// TargetSelectorNamespaces determines which namespaces are used when selecting policy targets.
+type TargetSelectorNamespaces struct {
+ // Indicates where targets would be selected for the Policy's TargetSelector.
+ // +kubebuilder:validation:Enum=All
+ // +kubebuilder:validation:Required
+ FromNamespaces FromNamespaces `json:"from,omitempty"`
}
func (p PolicyTargetReferences) GetTargetRefs() []gwapiv1a2.LocalPolicyTargetReferenceWithSectionName {
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index 69531024a7..54966b2ad0 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -5667,6 +5667,11 @@ func (in *TargetSelector) DeepCopyInto(out *TargetSelector) {
(*out)[key] = val
}
}
+ if in.Namespaces != nil {
+ in, out := &in.Namespaces, &out.Namespaces
+ *out = new(TargetSelectorNamespaces)
+ **out = **in
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetSelector.
@@ -5679,6 +5684,21 @@ func (in *TargetSelector) DeepCopy() *TargetSelector {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TargetSelectorNamespaces) DeepCopyInto(out *TargetSelectorNamespaces) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetSelectorNamespaces.
+func (in *TargetSelectorNamespaces) DeepCopy() *TargetSelectorNamespaces {
+ if in == nil {
+ return nil
+ }
+ out := new(TargetSelectorNamespaces)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Timeout) DeepCopyInto(out *Timeout) {
*out = *in
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
index 6808e7992e..ca843b7791 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
@@ -1514,6 +1514,22 @@ spec:
description: MatchLabels are the set of label selectors for
identifying the targeted resource
type: object
+ namespaces:
+ description: |-
+ Namespaces determines if the resource from all namespaces or the current namespace
+ are considered when matching by label selectors specified in MatchLabels.
+ Note: when referencing targets in a different namespace, appropriate ReferenceGrants must be
+ configured to allow the selection.
+ properties:
+ from:
+ description: Indicates where targets would be selected for
+ the Policy's TargetSelector.
+ enum:
+ - All
+ type: string
+ required:
+ - from
+ type: object
required:
- kind
- matchLabels
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
index ebeba3ae17..c6734cd8fe 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
@@ -614,6 +614,22 @@ spec:
description: MatchLabels are the set of label selectors for
identifying the targeted resource
type: object
+ namespaces:
+ description: |-
+ Namespaces determines if the resource from all namespaces or the current namespace
+ are considered when matching by label selectors specified in MatchLabels.
+ Note: when referencing targets in a different namespace, appropriate ReferenceGrants must be
+ configured to allow the selection.
+ properties:
+ from:
+ description: Indicates where targets would be selected for
+ the Policy's TargetSelector.
+ enum:
+ - All
+ type: string
+ required:
+ - from
+ type: object
required:
- kind
- matchLabels
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
index 6036db8264..0c7e5408ee 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
@@ -1207,6 +1207,22 @@ spec:
description: MatchLabels are the set of label selectors for
identifying the targeted resource
type: object
+ namespaces:
+ description: |-
+ Namespaces determines if the resource from all namespaces or the current namespace
+ are considered when matching by label selectors specified in MatchLabels.
+ Note: when referencing targets in a different namespace, appropriate ReferenceGrants must be
+ configured to allow the selection.
+ properties:
+ from:
+ description: Indicates where targets would be selected for
+ the Policy's TargetSelector.
+ enum:
+ - All
+ type: string
+ required:
+ - from
+ type: object
required:
- kind
- matchLabels
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
index bc228f30f6..0f53b7a525 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
@@ -4453,6 +4453,22 @@ spec:
description: MatchLabels are the set of label selectors for
identifying the targeted resource
type: object
+ namespaces:
+ description: |-
+ Namespaces determines if the resource from all namespaces or the current namespace
+ are considered when matching by label selectors specified in MatchLabels.
+ Note: when referencing targets in a different namespace, appropriate ReferenceGrants must be
+ configured to allow the selection.
+ properties:
+ from:
+ description: Indicates where targets would be selected for
+ the Policy's TargetSelector.
+ enum:
+ - All
+ type: string
+ required:
+ - from
+ type: object
required:
- kind
- matchLabels
diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
index 12181f7cc3..c876ac759d 100644
--- a/site/content/en/latest/api/extension_types.md
+++ b/site/content/en/latest/api/extension_types.md
@@ -1801,6 +1801,20 @@ _Appears in:_
| `after` | _[EnvoyFilter](#envoyfilter)_ | true | | After defines the filter that should come after the filter.
Only one of Before or After must be set. |
+#### FromNamespaces
+
+_Underlying type:_ _string_
+
+
+
+_Appears in:_
+- [TargetSelectorNamespaces](#targetselectornamespaces)
+
+| Value | Description |
+| ----- | ----------- |
+| `All` | FromNamespacesAll indicates that the target selector should apply to targets from all namespaces
|
+
+
#### GRPCActiveHealthChecker
@@ -4299,6 +4313,20 @@ _Appears in:_
| `matchLabels` | _object (keys:string, values:string)_ | true | | MatchLabels are the set of label selectors for identifying the targeted resource |
+#### TargetSelectorNamespaces
+
+
+
+TargetSelectorNamespaces determines which namespaces are used when selecting policy targets.
+
+_Appears in:_
+- [TargetSelector](#targetselector)
+
+| Field | Type | Required | Default | Description |
+| --- | --- | --- | --- | --- |
+| `from` | _[FromNamespaces](#fromnamespaces)_ | true | | Indicates where targets would be selected for the Policy's TargetSelector. |
+
+
#### Timeout
diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md
index 12181f7cc3..c876ac759d 100644
--- a/site/content/zh/latest/api/extension_types.md
+++ b/site/content/zh/latest/api/extension_types.md
@@ -1801,6 +1801,20 @@ _Appears in:_
| `after` | _[EnvoyFilter](#envoyfilter)_ | true | | After defines the filter that should come after the filter.
Only one of Before or After must be set. |
+#### FromNamespaces
+
+_Underlying type:_ _string_
+
+
+
+_Appears in:_
+- [TargetSelectorNamespaces](#targetselectornamespaces)
+
+| Value | Description |
+| ----- | ----------- |
+| `All` | FromNamespacesAll indicates that the target selector should apply to targets from all namespaces
|
+
+
#### GRPCActiveHealthChecker
@@ -4299,6 +4313,20 @@ _Appears in:_
| `matchLabels` | _object (keys:string, values:string)_ | true | | MatchLabels are the set of label selectors for identifying the targeted resource |
+#### TargetSelectorNamespaces
+
+
+
+TargetSelectorNamespaces determines which namespaces are used when selecting policy targets.
+
+_Appears in:_
+- [TargetSelector](#targetselector)
+
+| Field | Type | Required | Default | Description |
+| --- | --- | --- | --- | --- |
+| `from` | _[FromNamespaces](#fromnamespaces)_ | true | | Indicates where targets would be selected for the Policy's TargetSelector. |
+
+
#### Timeout