In the Onboard Clusters panel, under Namespace Inclusion, or in the Edit Cluster window, you can specify which namespaces on the cluster are included for automatic Istio sidecar injection.

Including a namespace enables automatic Istio sidecar injection for pods in the namespace. For more information about automatic Istio sidecar injection, see Onboard a Cluster to Tanzu Service Mesh. See the paragraph that begins with "During onboarding, you can select which namespaces on your cluster are included."

Select Select Namespaces or Create Namespace Inclusion Rule.

Important:

When you select the Cluster admin owned check box in the Onboard Clusters panel or the Edit Cluster window, you delegate all responsibility for namespace labeling, including selection for inclusion, to the cluster administrator who operates the cluster. This means that the Select Namespaces and Create Namespace Inclusion Rule options will no longer be visible or available. For more information about the Cluster admin owned setting and how it affects namespace labeling, see Customer-Managed Namespace Labeling in Getting Started with VMware Tanzu Service Mesh.

Option

Description

Select Namespaces

To enable automatic Istio sidecar injection, select the check boxes next to the names of the namespaces that you want to include.

Create Namespace Inclusion Rule

Define inclusion rules based on a namespace naming pattern. If the name of a namespace matches a rule, it will be included for automatic sidecar injection.

To set up rules for namespace inclusion based on a naming pattern, follow these steps:

  1. Select a matching condition for the namespace name.

  2. To specify an exact match, in the left drop-down menu, select Is Exactly and select the name in the right drop-down menu.

  3. To use a name start pattern, in the left drop-down menu, select Starts With and in the right drop-down menu, enter the pattern that the namespace name must match. For example, if a namespace must start with "acme," enter acme in the right drop-down menu.

  4. To include all namespaces for automatic Istio sidecar injection, enter * in the right drop-down menu.

To define more than one rule, click Add Namespace Inclusion Rule and repeat the steps above.

To remove a namespace inclusion rule, click the trash bin icon at the right end.
Important:

If you don’t select any namespaces for automatic sidecar injection or create any namespace inclusion rules, Tanzu Service Mesh will not include any namespaces in the cluster.

Note:

The system namespaces, such as kube-system and kube-public, are automatically excluded from Istio sidecar injection.