From e60ec8c907885791a2681cba896489a645da1e04 Mon Sep 17 00:00:00 2001
From: John Howard <john.howard@solo.io>
Date: Mon, 9 Sep 2024 14:58:28 -0700
Subject: [PATCH] Codify labels and annotations that have been added directly
 to istio/istio

Fixes https://github.com/istio/istio/issues/43437
---
 annotation/annotations.gen.go  |  85 ++++++++++++++-
 annotation/annotations.pb.html |  23 ++++
 annotation/annotations.yaml    |  52 ++++++++-
 label/labels.gen.go            | 160 ++++++++++++++++++++++++++-
 label/labels.pb.html           | 190 +++++++++++++++++++++++++++++++++
 label/labels.yaml              |  95 +++++++++++++++++
 6 files changed, 597 insertions(+), 8 deletions(-)
diff --git a/annotation/annotations.gen.go b/annotation/annotations.gen.go
index 3d3b4f895a..bd42fb19ef 100644
--- a/annotation/annotations.gen.go
+++ b/annotation/annotations.gen.go
@@ -29,6 +29,8 @@ const (
 	Unknown ResourceTypes = iota
     Any
     AuthorizationPolicy
+    Gateway
+    GatewayClass
     Ingress
     Namespace
     Pod
@@ -43,14 +45,18 @@ func (r ResourceTypes) String() string {
 	case 2:
 		return "AuthorizationPolicy"
 	case 3:
-		return "Ingress"
+		return "Gateway"
 	case 4:
-		return "Namespace"
+		return "GatewayClass"
 	case 5:
-		return "Pod"
+		return "Ingress"
 	case 6:
-		return "Service"
+		return "Namespace"
 	case 7:
+		return "Pod"
+	case 8:
+		return "Service"
+	case 9:
 		return "WorkloadEntry"
 	}
 	return "Unknown"
@@ -114,6 +120,34 @@ var (
 		},
 	}
 
+	AmbientRedirection = Instance {
+		Name:          "ambient.istio.io/redirection",
+		Description:   `Automatically configured by Istio to indicate a Pod was successfully enrolled in ambient mode.
+This shows the actual state; to specify intent that a workload should be in ambient mode, see "istio.io/dataplane-mode".`,
+		FeatureStatus: Beta,
+		Hidden:        false,
+		Deprecated:    false,
+		Resources: []ResourceTypes{
+			Pod,
+		},
+	}
+
+	AmbientWaypointInboundBinding = Instance {
+		Name:          "ambient.istio.io/waypoint-inbound-binding",
+		Description:   `When set on a waypoint (either by its specific "Gateway", or for the entire collection on the "GatewayClass"),
+indicates how traffic should be sent to the waypoint. If unset, traffic will be sent to the waypoint as HBONE directly.
+
+This takes the format: "<protocol>" or "<protocol>/<port>".
+`,
+		FeatureStatus: Alpha,
+		Hidden:        true,
+		Deprecated:    false,
+		Resources: []ResourceTypes{
+			GatewayClass,
+			Gateway,
+		},
+	}
+
 	GalleyAnalyzeSuppress = Instance {
 		Name:          "galley.istio.io/analyze-suppress",
 		Description:   "A comma separated list of configuration analysis message "+
@@ -144,6 +178,30 @@ var (
 		},
 	}
 
+	GatewayNameOverride = Instance {
+		Name:          "gateway.istio.io/name-override",
+		Description:   `Overrides the name of the generated "Deployment" and "Service" resource when using [Gateway auto-deployment](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment)
+`,
+		FeatureStatus: Alpha,
+		Hidden:        true,
+		Deprecated:    false,
+		Resources: []ResourceTypes{
+			Gateway,
+		},
+	}
+
+	GatewayServiceAccount = Instance {
+		Name:          "gateway.istio.io/service-account",
+		Description:   `Overrides the name of the generated "ServiceAccount" resource when using [Gateway auto-deployment](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment)
+`,
+		FeatureStatus: Alpha,
+		Hidden:        true,
+		Deprecated:    false,
+		Resources: []ResourceTypes{
+			Gateway,
+		},
+	}
+
 	InjectTemplates = Instance {
 		Name:          "inject.istio.io/templates",
 		Description:   "The name of the inject template(s) to use, as a comma "+
@@ -296,6 +354,18 @@ var (
 		},
 	}
 
+	NetworkingServiceType = Instance {
+		Name:          "networking.istio.io/service-type",
+		Description:   `Overrides the type of the generated "Service" resource when using [Gateway auto-deployment](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment)
+`,
+		FeatureStatus: Alpha,
+		Hidden:        true,
+		Deprecated:    false,
+		Resources: []ResourceTypes{
+			Gateway,
+		},
+	}
+
 	PrometheusMergeMetrics = Instance {
 		Name:          "prometheus.istio.io/merge-metrics",
 		Description:   "Specifies if application Prometheus metric will be merged "+
@@ -829,8 +899,12 @@ func AllResourceAnnotations() []*Instance {
 		&AlphaCanonicalServiceAccounts,
 		&AlphaIdentity,
 		&AlphaKubernetesServiceAccounts,
+		&AmbientRedirection,
+		&AmbientWaypointInboundBinding,
 		&GalleyAnalyzeSuppress,
 		&GatewayControllerVersion,
+		&GatewayNameOverride,
+		&GatewayServiceAccount,
 		&InjectTemplates,
 		&OperatorInstallChartOwner,
 		&OperatorInstallOwnerGeneration,
@@ -843,6 +917,7 @@ func AllResourceAnnotations() []*Instance {
 		&IoIstioWorkloadController,
 		&IoKubernetesIngressClass,
 		&NetworkingExportTo,
+		&NetworkingServiceType,
 		&PrometheusMergeMetrics,
 		&ProxyConfig,
 		&ProxyOverrides,
@@ -892,6 +967,8 @@ func AllResourceTypes() []string {
 	return []string {
 		"Any",
 		"AuthorizationPolicy",
+		"Gateway",
+		"GatewayClass",
 		"Ingress",
 		"Namespace",
 		"Pod",
diff --git a/annotation/annotations.pb.html b/annotation/annotations.pb.html
index 7b1fedf218..f97053a598 100644
--- a/annotation/annotations.pb.html
+++ b/annotation/annotations.pb.html
@@ -9,6 +9,29 @@
 This page presents the various resource <a href="https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/">annotations</a> that
 Istio supports to control its behavior.
 </p>
+<h2 id="AmbientRedirection">ambient.istio.io/redirection</h2>
+<table class="annotations">
+  <tbody>
+    <tr>
+      <th>Name</th>
+      <td><code>ambient.istio.io/redirection</code></td>
+    </tr>
+    <tr>
+      <th>Feature Status</th>
+      <td>Beta</td>
+    </tr>
+    <tr>
+      <th>Resource Types</th>
+      <td>[Pod]</td>
+    </tr>
+    <tr>
+      <th>Description</th>
+      <td><p>Automatically configured by Istio to indicate a Pod was successfully enrolled in ambient mode.
+This shows the actual state; to specify intent that a workload should be in ambient mode, see <code>istio.io/dataplane-mode</code>.</p>
+</td>
+    </tr>
+  </tbody>
+</table>
 <h2 id="GalleyAnalyzeSuppress">galley.istio.io/analyze-suppress</h2>
 <table class="annotations">
   <tbody>
diff --git a/annotation/annotations.yaml b/annotation/annotations.yaml
index a2de944b44..8304014c9a 100644
--- a/annotation/annotations.yaml
+++ b/annotation/annotations.yaml
@@ -529,4 +529,54 @@ annotations:
     deprecated: false
     hidden: true
     resources:
-      - Any
\ No newline at end of file
+      - Any
+
+  - name: ambient.istio.io/redirection
+    featureStatus: Beta
+    description: |-
+      Automatically configured by Istio to indicate a Pod was successfully enrolled in ambient mode.
+      This shows the actual state; to specify intent that a workload should be in ambient mode, see `istio.io/dataplane-mode`.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: ambient.istio.io/waypoint-inbound-binding
+    featureStatus: Alpha
+    description: |
+      When set on a waypoint (either by its specific `Gateway`, or for the entire collection on the `GatewayClass`),
+      indicates how traffic should be sent to the waypoint. If unset, traffic will be sent to the waypoint as HBONE directly.
+
+      This takes the format: `<protocol>` or `<protocol>/<port>`.
+    deprecated: false
+    hidden: true
+    resources:
+      - GatewayClass
+      - Gateway
+
+  - name: gateway.istio.io/service-account
+    featureStatus: Alpha
+    description: |
+      Overrides the name of the generated `ServiceAccount` resource when using [Gateway auto-deployment](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment)
+    deprecated: false
+    hidden: true
+    resources:
+      - Gateway
+
+  - name: gateway.istio.io/name-override
+    featureStatus: Alpha
+    description: |
+      Overrides the name of the generated `Deployment` and `Service` resource when using [Gateway auto-deployment](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment)
+    deprecated: false
+    hidden: true
+    resources:
+      - Gateway
+
+  - name: networking.istio.io/service-type
+    featureStatus: Alpha
+    description: |
+      Overrides the type of the generated `Service` resource when using [Gateway auto-deployment](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment)
+    deprecated: false
+    hidden: true
+    resources:
+      - Gateway
diff --git a/label/labels.gen.go b/label/labels.gen.go
index eec8952303..48b3223e2a 100644
--- a/label/labels.gen.go
+++ b/label/labels.gen.go
@@ -28,10 +28,15 @@ type ResourceTypes int
 const (
 	Unknown ResourceTypes = iota
     Any
+    Deployment
+    Gateway
+    GatewayClass
     Namespace
     Node
     Pod
     Service
+    ServiceAccount
+    ServiceEntry
 )
 
 func (r ResourceTypes) String() string {
@@ -39,13 +44,23 @@ func (r ResourceTypes) String() string {
 	case 1:
 		return "Any"
 	case 2:
-		return "Namespace"
+		return "Deployment"
 	case 3:
-		return "Node"
+		return "Gateway"
 	case 4:
-		return "Pod"
+		return "GatewayClass"
 	case 5:
+		return "Namespace"
+	case 6:
+		return "Node"
+	case 7:
+		return "Pod"
+	case 8:
 		return "Service"
+	case 9:
+		return "ServiceAccount"
+	case 10:
+		return "ServiceEntry"
 	}
 	return "Unknown"
 }
@@ -73,6 +88,55 @@ type Instance struct {
 
 var (
 
+	GatewayManaged = Instance {
+		Name:          "gateway.istio.io/managed",
+		Description:   "Automatically added to all resources [automatically "+
+                        "created](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment) "+
+                        "by Istio Gateway controller, to indicate which controller "+
+                        "created the resource. Users should not set this label "+
+                        "themselves.",
+		FeatureStatus: Stable,
+		Hidden:        false,
+		Deprecated:    false,
+		Resources: []ResourceTypes{
+			ServiceAccount,
+			Deployment,
+			Service,
+		},
+	}
+
+	IoK8sNetworkingGatewayGatewayName = Instance {
+		Name:          "gateway.networking.k8s.io/gateway-name",
+		Description:   "Automatically added to all resources [automatically "+
+                        "created](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment) "+
+                        "by Istio Gateway controller to indicate which `Gateway` "+
+                        "resulted in the object creation. Users should not set "+
+                        "this label themselves.",
+		FeatureStatus: Stable,
+		Hidden:        false,
+		Deprecated:    false,
+		Resources: []ResourceTypes{
+			ServiceAccount,
+			Deployment,
+			Service,
+		},
+	}
+
+	IoIstioDataplaneMode = Instance {
+		Name:          "istio.io/dataplane-mode",
+		Description:   `When set on a resource, indicates the [data plane mode](/docs/overview/dataplane-modes/) to use.
+Possible values: "ambient", "none".
+Note: users wishing to use sidecar mode should see the "istio-injection" label; there is no value on this label to configure sidecars.
+`,
+		FeatureStatus: Beta,
+		Hidden:        false,
+		Deprecated:    false,
+		Resources: []ResourceTypes{
+			Pod,
+			Namespace,
+		},
+	}
+
 	IoIstioRev = Instance {
 		Name:          "istio.io/rev",
 		Description:   "Istio control plane revision associated with the "+
@@ -85,6 +149,83 @@ var (
 		},
 	}
 
+	IoIstioTag = Instance {
+		Name:          "istio.io/tag",
+		Description:   "Istio control plane tag name associated with the "+
+                        "resource; e.g. `canary`",
+		FeatureStatus: Alpha,
+		Hidden:        false,
+		Deprecated:    false,
+		Resources: []ResourceTypes{
+			Namespace,
+		},
+	}
+
+	IoIstioUseWaypoint = Instance {
+		Name:          "istio.io/use-waypoint",
+		Description:   `When set on a resource, indicates the resource has an associated waypoint with the given name.
+The waypoint is assumed to be in the same namespace; for cross-namespace, see "istio.io/use-waypoint-namespace".
+
+When set or a "Pod" or a "Service", this binds that specific resource to the waypoint.
+When set on a "Namespace", this applies to all "Pod"/"Service" in the namespace.
+
+Note: the waypoint must allow the type, see "stio.io/waypoint-for".
+`,
+		FeatureStatus: Beta,
+		Hidden:        false,
+		Deprecated:    false,
+		Resources: []ResourceTypes{
+			Pod,
+			Service,
+			Namespace,
+		},
+	}
+
+	IoIstioUseWaypointNamespace = Instance {
+		Name:          "istio.io/use-waypoint-namespace",
+		Description:   `When set on a resource, indicates the resource has an associated waypoint in the provided namespace.
+This must be set in addition to "istio.io/use-waypoint", when a cross-namespace reference is desired.
+`,
+		FeatureStatus: Beta,
+		Hidden:        false,
+		Deprecated:    false,
+		Resources: []ResourceTypes{
+			Pod,
+			Service,
+			Namespace,
+		},
+	}
+
+	IoIstioWaypointFor = Instance {
+		Name:          "istio.io/waypoint-for",
+		Description:   `When set on a waypoint (either by its specific "Gateway", or for the entire collection on the "GatewayClass"),
+indicates the type of traffic this waypoint can handle.
+
+Valid options: "service", "workload", "all", and "none".
+`,
+		FeatureStatus: Beta,
+		Hidden:        false,
+		Deprecated:    false,
+		Resources: []ResourceTypes{
+			GatewayClass,
+			Gateway,
+		},
+	}
+
+	NetworkingEnableAutoallocateIp = Instance {
+		Name:          "networking.istio.io/enable-autoallocate-ip",
+		Description:   `Configures whether a "ServiceEntry" without any "spec.addresses" set should get an IP address automatically allocated for it.
+
+Valid options: "true", "false"
+`,
+		FeatureStatus: Beta,
+		Hidden:        false,
+		Deprecated:    false,
+		Resources: []ResourceTypes{
+			ServiceEntry,
+		},
+	}
+
 	NetworkingGatewayPort = Instance {
 		Name:          "networking.istio.io/gatewayPort",
 		Description:   "IstioGatewayPortLabel overrides the default 15443 value "+
@@ -269,7 +410,15 @@ resources to help automate Istio's multi-network configuration.
 
 func AllResourceLabels() []*Instance {
 	return []*Instance {
+		&GatewayManaged,
+		&IoK8sNetworkingGatewayGatewayName,
+		&IoIstioDataplaneMode,
 		&IoIstioRev,
+		&IoIstioTag,
+		&IoIstioUseWaypoint,
+		&IoIstioUseWaypointNamespace,
+		&IoIstioWaypointFor,
+		&NetworkingEnableAutoallocateIp,
 		&NetworkingGatewayPort,
 		&OperatorComponent,
 		&OperatorManaged,
@@ -287,9 +436,14 @@ func AllResourceLabels() []*Instance {
 func AllResourceTypes() []string {
 	return []string {
 		"Any",
+		"Deployment",
+		"Gateway",
+		"GatewayClass",
 		"Namespace",
 		"Node",
 		"Pod",
 		"Service",
+		"ServiceAccount",
+		"ServiceEntry",
 	}
 }
diff --git a/label/labels.pb.html b/label/labels.pb.html
index e425a293de..1f095b86ca 100644
--- a/label/labels.pb.html
+++ b/label/labels.pb.html
@@ -9,6 +9,74 @@
 This page presents the various resource <a href="https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/">labels</a> that
 Istio supports to control its behavior.
 </p>
+<h2 id="GatewayManaged">gateway.istio.io/managed</h2>
+<table class="annotations">
+  <tbody>
+    <tr>
+      <th>Name</th>
+      <td><code>gateway.istio.io/managed</code></td>
+    </tr>
+    <tr>
+      <th>Feature Status</th>
+      <td>Stable</td>
+    </tr>
+    <tr>
+      <th>Resource Types</th>
+      <td>[ServiceAccount Deployment Service]</td>
+    </tr>
+    <tr>
+      <th>Description</th>
+      <td><p>Automatically added to all resources <a href="/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment">automatically created</a> by Istio Gateway controller, to indicate which controller created the resource. Users should not set this label themselves.</p>
+</td>
+    </tr>
+  </tbody>
+</table>
+<h2 id="IoK8sNetworkingGatewayGatewayName">gateway.networking.k8s.io/gateway-name</h2>
+<table class="annotations">
+  <tbody>
+    <tr>
+      <th>Name</th>
+      <td><code>gateway.networking.k8s.io/gateway-name</code></td>
+    </tr>
+    <tr>
+      <th>Feature Status</th>
+      <td>Stable</td>
+    </tr>
+    <tr>
+      <th>Resource Types</th>
+      <td>[ServiceAccount Deployment Service]</td>
+    </tr>
+    <tr>
+      <th>Description</th>
+      <td><p>Automatically added to all resources <a href="/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment">automatically created</a> by Istio Gateway controller to indicate which <code>Gateway</code> resulted in the object creation. Users should not set this label themselves.</p>
+</td>
+    </tr>
+  </tbody>
+</table>
+<h2 id="IoIstioDataplaneMode">istio.io/dataplane-mode</h2>
+<table class="annotations">
+  <tbody>
+    <tr>
+      <th>Name</th>
+      <td><code>istio.io/dataplane-mode</code></td>
+    </tr>
+    <tr>
+      <th>Feature Status</th>
+      <td>Beta</td>
+    </tr>
+    <tr>
+      <th>Resource Types</th>
+      <td>[Pod Namespace]</td>
+    </tr>
+    <tr>
+      <th>Description</th>
+      <td><p>When set on a resource, indicates the <a href="/docs/overview/dataplane-modes/">data plane mode</a> to use.
+Possible values: <code>ambient</code>, <code>none</code>.
+Note: users wishing to use sidecar mode should see the <code>istio-injection</code> label; there is no value on this label to configure sidecars.</p>
+</td>
+    </tr>
+  </tbody>
+</table>
 <h2 id="IoIstioRev">istio.io/rev</h2>
 <table class="annotations">
   <tbody>
@@ -31,6 +99,128 @@ <h2 id="IoIstioRev">istio.io/rev</h2>
     </tr>
   </tbody>
 </table>
+<h2 id="IoIstioTag">istio.io/tag</h2>
+<table class="annotations">
+  <tbody>
+    <tr>
+      <th>Name</th>
+      <td><code>istio.io/tag</code></td>
+    </tr>
+    <tr>
+      <th>Feature Status</th>
+      <td>Alpha</td>
+    </tr>
+    <tr>
+      <th>Resource Types</th>
+      <td>[Namespace]</td>
+    </tr>
+    <tr>
+      <th>Description</th>
+      <td><p>Istio control plane tag name associated with the resource; e.g. <code>canary</code></p>
+</td>
+    </tr>
+  </tbody>
+</table>
+<h2 id="IoIstioUseWaypoint">istio.io/use-waypoint</h2>
+<table class="annotations">
+  <tbody>
+    <tr>
+      <th>Name</th>
+      <td><code>istio.io/use-waypoint</code></td>
+    </tr>
+    <tr>
+      <th>Feature Status</th>
+      <td>Beta</td>
+    </tr>
+    <tr>
+      <th>Resource Types</th>
+      <td>[Pod Service Namespace]</td>
+    </tr>
+    <tr>
+      <th>Description</th>
+      <td><p>When set on a resource, indicates the resource has an associated waypoint with the given name.
+The waypoint is assumed to be in the same namespace; for cross-namespace, see <code>istio.io/use-waypoint-namespace</code>.</p>
+
+<p>When set or a <code>Pod</code> or a <code>Service</code>, this binds that specific resource to the waypoint.
+When set on a <code>Namespace</code>, this applies to all <code>Pod</code>/<code>Service</code> in the namespace.</p>
+
+<p>Note: the waypoint must allow the type, see <code>stio.io/waypoint-for</code>.</p>
+</td>
+    </tr>
+  </tbody>
+</table>
+<h2 id="IoIstioUseWaypointNamespace">istio.io/use-waypoint-namespace</h2>
+<table class="annotations">
+  <tbody>
+    <tr>
+      <th>Name</th>
+      <td><code>istio.io/use-waypoint-namespace</code></td>
+    </tr>
+    <tr>
+      <th>Feature Status</th>
+      <td>Beta</td>
+    </tr>
+    <tr>
+      <th>Resource Types</th>
+      <td>[Pod Service Namespace]</td>
+    </tr>
+    <tr>
+      <th>Description</th>
+      <td><p>When set on a resource, indicates the resource has an associated waypoint in the provided namespace.
+This must be set in addition to <code>istio.io/use-waypoint</code>, when a cross-namespace reference is desired.</p>
+</td>
+    </tr>
+  </tbody>
+</table>
+<h2 id="IoIstioWaypointFor">istio.io/waypoint-for</h2>
+<table class="annotations">
+  <tbody>
+    <tr>
+      <th>Name</th>
+      <td><code>istio.io/waypoint-for</code></td>
+    </tr>
+    <tr>
+      <th>Feature Status</th>
+      <td>Beta</td>
+    </tr>
+    <tr>
+      <th>Resource Types</th>
+      <td>[GatewayClass Gateway]</td>
+    </tr>
+    <tr>
+      <th>Description</th>
+      <td><p>When set on a waypoint (either by its specific <code>Gateway</code>, or for the entire collection on the <code>GatewayClass</code>),
+indicates the type of traffic this waypoint can handle.</p>
+
+<p>Valid options: <code>service</code>, <code>workload</code>, <code>all</code>, and <code>none</code>.</p>
+</td>
+    </tr>
+  </tbody>
+</table>
+<h2 id="NetworkingEnableAutoallocateIp">networking.istio.io/enable-autoallocate-ip</h2>
+<table class="annotations">
+  <tbody>
+    <tr>
+      <th>Name</th>
+      <td><code>networking.istio.io/enable-autoallocate-ip</code></td>
+    </tr>
+    <tr>
+      <th>Feature Status</th>
+      <td>Beta</td>
+    </tr>
+    <tr>
+      <th>Resource Types</th>
+      <td>[ServiceEntry]</td>
+    </tr>
+    <tr>
+      <th>Description</th>
+      <td><p>Configures whether a <code>ServiceEntry</code> without any <code>spec.addresses</code> set should get an IP address automatically allocated for it.</p>
+
+<p>Valid options: <code>true</code>, <code>false</code></p>
+</td>
+    </tr>
+  </tbody>
+</table>
 <h2 id="NetworkingGatewayPort">networking.istio.io/gatewayPort</h2>
 <table class="annotations">
   <tbody>
diff --git a/label/labels.yaml b/label/labels.yaml
index e2b19c207d..6e225ee106 100644
--- a/label/labels.yaml
+++ b/label/labels.yaml
@@ -57,6 +57,14 @@ labels:
     resources:
       - Namespace
 
+  - name: istio.io/tag
+    featureStatus: Alpha
+    description: Istio control plane tag name associated with the resource; e.g. `canary`
+    hidden: false
+    deprecated: false
+    resources:
+      - Namespace
+
   - name: operator.istio.io/component
     featureStatus: Alpha
     description: Istio operator component name of the resource, e.g. `Pilot`
@@ -151,3 +159,90 @@ labels:
     hidden: false
     resources:
       - Pod
+
+  - name: gateway.istio.io/managed
+    featureStatus: Stable
+    description: Automatically added to all resources [automatically created](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment)
+      by Istio Gateway controller, to indicate which controller created the resource. Users should not set this label themselves.
+    deprecated: false
+    hidden: false
+    resources:
+      - ServiceAccount
+      - Deployment
+      - Service
+
+  - name: gateway.networking.k8s.io/gateway-name
+    featureStatus: Stable
+    description: Automatically added to all resources [automatically created](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment)
+      by Istio Gateway controller to indicate which `Gateway` resulted in the object creation. Users should not set this label themselves.
+    deprecated: false
+    hidden: false
+    resources:
+      - ServiceAccount
+      - Deployment
+      - Service
+
+  - name: istio.io/dataplane-mode
+    featureStatus: Beta
+    description: |
+      When set on a resource, indicates the [data plane mode](/docs/overview/dataplane-modes/) to use.
+      Possible values: `ambient`, `none`.
+      Note: users wishing to use sidecar mode should see the `istio-injection` label; there is no value on this label to configure sidecars.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+      - Namespace
+
+  - name: istio.io/use-waypoint
+    featureStatus: Beta
+    description: |
+      When set on a resource, indicates the resource has an associated waypoint with the given name.
+      The waypoint is assumed to be in the same namespace; for cross-namespace, see `istio.io/use-waypoint-namespace`.
+
+      When set or a `Pod` or a `Service`, this binds that specific resource to the waypoint.
+      When set on a `Namespace`, this applies to all `Pod`/`Service` in the namespace.
+
+      Note: the waypoint must allow the type, see `stio.io/waypoint-for`.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+      - Service
+      - Namespace
+
+  - name: istio.io/use-waypoint-namespace
+    featureStatus: Beta
+    description: |
+      When set on a resource, indicates the resource has an associated waypoint in the provided namespace.
+      This must be set in addition to `istio.io/use-waypoint`, when a cross-namespace reference is desired.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+      - Service
+      - Namespace
+
+  - name: istio.io/waypoint-for
+    featureStatus: Beta
+    description: |
+      When set on a waypoint (either by its specific `Gateway`, or for the entire collection on the `GatewayClass`),
+      indicates the type of traffic this waypoint can handle.
+
+      Valid options: `service`, `workload`, `all`, and `none`.
+    deprecated: false
+    hidden: false
+    resources:
+      - GatewayClass
+      - Gateway
+
+  - name: networking.istio.io/enable-autoallocate-ip
+    featureStatus: Beta
+    description: |
+      Configures whether a `ServiceEntry` without any `spec.addresses` set should get an IP address automatically allocated for it.
+
+      Valid options: `true`, `false`
+    deprecated: false
+    hidden: false
+    resources:
+      - ServiceEntry

Name	`ambient.istio.io/redirection`
Feature Status	Beta
Resource Types	[Pod]
Description	Automatically configured by Istio to indicate a Pod was successfully enrolled in ambient mode. +This shows the actual state; to specify intent that a workload should be in ambient mode, see `istio.io/dataplane-mode`. +
Name	`gateway.istio.io/managed`
Feature Status	Stable
Resource Types	[ServiceAccount Deployment Service]
Description	Automatically added to all resources automatically created by Istio Gateway controller, to indicate which controller created the resource. Users should not set this label themselves. +
Name	`gateway.networking.k8s.io/gateway-name`
Feature Status	Stable
Resource Types	[ServiceAccount Deployment Service]
Description	Automatically added to all resources automatically created by Istio Gateway controller to indicate which `Gateway` resulted in the object creation. Users should not set this label themselves. +
Name	`istio.io/dataplane-mode`
Feature Status	Beta
Resource Types	[Pod Namespace]
Description	When set on a resource, indicates the data plane mode to use. +Possible values: `ambient`, `none`. +Note: users wishing to use sidecar mode should see the `istio-injection` label; there is no value on this label to configure sidecars. +
Name	`istio.io/tag`
Feature Status	Alpha
Resource Types	[Namespace]
Description	Istio control plane tag name associated with the resource; e.g. `canary` +
Name	`istio.io/use-waypoint`
Feature Status	Beta
Resource Types	[Pod Service Namespace]
Description	When set on a resource, indicates the resource has an associated waypoint with the given name. +The waypoint is assumed to be in the same namespace; for cross-namespace, see `istio.io/use-waypoint-namespace`. + + When set or a `Pod` or a `Service`, this binds that specific resource to the waypoint. +When set on a `Namespace`, this applies to all `Pod`/`Service` in the namespace. + + Note: the waypoint must allow the type, see `stio.io/waypoint-for`. +
Name	`istio.io/use-waypoint-namespace`
Feature Status	Beta
Resource Types	[Pod Service Namespace]
Description	When set on a resource, indicates the resource has an associated waypoint in the provided namespace. +This must be set in addition to `istio.io/use-waypoint`, when a cross-namespace reference is desired. +
Name	`istio.io/waypoint-for`
Feature Status	Beta
Resource Types	[GatewayClass Gateway]
Description	When set on a waypoint (either by its specific `Gateway`, or for the entire collection on the `GatewayClass`), +indicates the type of traffic this waypoint can handle. + + Valid options: `service`, `workload`, `all`, and `none`. +
Name	`networking.istio.io/enable-autoallocate-ip`
Feature Status	Beta
Resource Types	[ServiceEntry]
Description	Configures whether a `ServiceEntry` without any `spec.addresses` set should get an IP address automatically allocated for it. + + Valid options: `true`, `false` +