The following examples show you different ways you can configure data plane proxy membership constraints.
In this example, we allow data plane proxies to join the mesh if they are in either the ns-1 namespace or the ns-2 namespace:
apiVersion: kuma.io/v1alpha1
kind: Mesh
metadata:
name: default
spec:
constraints:
dataplaneProxy:
requirements:
- tags:
kuma.io/namespace: ns-1
- tags:
kuma.io/namespace: ns-2
type: Mesh
name: default
constraints:
dataplaneProxy:
requirements:
- tags:
kuma.io/namespace: ns-1
- tags:
kuma.io/namespace: ns-2
In this example, every data plane proxy must have non-empty team and cloud tags and can’t have a legacy tag.
apiVersion: kuma.io/v1alpha1
kind: Mesh
metadata:
name: default
spec:
constraints:
dataplaneProxy:
requirements:
- tags:
team: '*'
cloud: '*'
restrictions:
- tags:
legacy: '*'
type: Mesh
name: default
constraints:
dataplaneProxy:
requirements:
- tags:
team: '*'
cloud: '*'
restrictions:
- tags:
legacy: '*'
In this example, only data plane proxies from the east zone can join the default mesh, and only data plane proxies from the west zone can join the demo mesh.
apiVersion: kuma.io/v1alpha1
kind: Mesh
metadata:
name: default
spec:
constraints:
dataplaneProxy:
requirements:
- tags:
kuma.io/zone: east
---
apiVersion: kuma.io/v1alpha1
kind: Mesh
metadata:
name: demo
spec:
constraints:
dataplaneProxy:
requirements:
- tags:
kuma.io/zone: west
type: Mesh
name: default
constraints:
dataplaneProxy:
requirements:
- tags:
kuma.io/zone: east
---
type: Mesh
name: demo
constraints:
dataplaneProxy:
requirements:
- tags:
kuma.io/zone: west