Skip to content

docs(MADR): context and user stories for mesh-scoped proxy policies#16209

Closed
lukidzi wants to merge 2 commits intokumahq:masterfrom
lukidzi:user-stories-policies-zone-proxy
Closed

docs(MADR): context and user stories for mesh-scoped proxy policies#16209
lukidzi wants to merge 2 commits intokumahq:masterfrom
lukidzi:user-stories-policies-zone-proxy

Conversation

@lukidzi
Copy link
Copy Markdown
Contributor

@lukidzi lukidzi commented Apr 9, 2026

Motivation

We want to support targeting mesh-scoped zone proxies by policies.

Implementation information

Define context and user stories

Changelog: skip

@lukidzi
docs{MADR): define context and user stories for mesh-scoped proxy and…
ae4596c 
… policies

Signed-off-by: Lukasz Dziedziak <lukidzi@gmail.com>
@lukidzi lukidzi added the ci/skip-test PR: Don't run unit and e2e tests (maybe this is just a doc change) label Apr 9, 2026
Copilot AI review requested due to automatic review settings April 9, 2026 18:45
@lukidzi lukidzi added the ci/skip-e2e-test PR: Don't run e2e tests label Apr 9, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 9, 2026

Reviewer Checklist

🔍 Each of these sections need to be checked by the reviewer of the PR 🔍:
If something doesn't apply please check the box and add a justification if the reason is non obvious.

  • Is the PR title satisfactory? Is this part of a larger feature and should be grouped using > Changelog?
  • PR description is clear and complete. It Links to relevant issue as well as docs and UI issues
  • This will not break child repos: it doesn't hardcode values (.e.g "kumahq" as an image registry)
  • IPv6 is taken into account (.e.g: no string concatenation of host port)
  • Tests (Unit test, E2E tests, manual test on universal and k8s)
    • Don't forget ci/ labels to run additional/fewer tests
  • Does this contain a change that needs to be notified to users? In this case, UPGRADE.md should be updated.
  • Does it need to be backported according to the backporting policy? (this GH action will add "backport" label based on these file globs, if you want to prevent it from adding the "backport" label use no-backport-autolabel label)

@lukidzi lukidzi changed the title docs{MADR): context and user stories for mesh-scoped proxy policies docs(MADR): context and user stories for mesh-scoped proxy policies Apr 9, 2026
lobkovilya
lobkovilya reviewed Apr 10, 2026
View reviewed changes
Comment thread docs/madr/decisions/101-policy-matching-mesh-scoped-zone-proxy.md Outdated
Comment thread docs/madr/decisions/101-policy-matching-mesh-scoped-zone-proxy.md Outdated
@lukidzi
Refactor user stories in policy matching document
a85a297 
Removed redundant bullet point from user stories section.
@lukidzi lukidzi requested a review from a team as a code owner April 10, 2026 21:28
@lukidzi lukidzi requested a review from lobkovilya April 10, 2026 21:28
slonka
slonka reviewed Apr 17, 2026
View reviewed changes
Comment thread docs/madr/decisions/101-policy-matching-mesh-scoped-zone-proxy.md
Comment on lines +26 to +27
MeshExternalService destination on zone egress. It resolves all policy placement items deferred
by [MADR-062](062-meshexternalservice-and-zoneegress.md).
Copy link
Copy Markdown
Contributor

@slonka slonka Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MADR-062 also deferred MeshFaultInjection - do we want to covert it here? Or should we change all to most?

Comment thread docs/madr/decisions/101-policy-matching-mesh-scoped-zone-proxy.md
Comment on lines +42 to +44
* As a mesh operator I want to inject HTTP headers with a token on the egress for all outgoing
requests to an external service so that all clients in the mesh can use the same token without
granting access to the token to individual clients.
Copy link
Copy Markdown
Contributor

@slonka slonka Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we highlight that this is a new functionality (compared to other user stories)?

Comment thread docs/madr/decisions/101-policy-matching-mesh-scoped-zone-proxy.md

## User Stories

* As a mesh operator I want to give access to service owners to a specific external resource
Copy link
Copy Markdown
Contributor

@slonka slonka Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: these could be numbered so it's easier to refer to them later on

@lobkovilya
Copy link
Copy Markdown
Contributor

lobkovilya commented Apr 20, 2026

@lukidzi you can probably close this one and have both context and implem in #16275

@lukidzi lukidzi closed this Apr 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@slonka slonka slonka left review comments

Copilot code review Copilot Awaiting requested review from Copilot

@Automaat Automaat Awaiting requested review from Automaat

@bartsmykla bartsmykla Awaiting requested review from bartsmykla

@lobkovilya lobkovilya Awaiting requested review from lobkovilya

Assignees

No one assigned

Labels

ci/skip-e2e-test PR: Don't run e2e tests ci/skip-test PR: Don't run unit and e2e tests (maybe this is just a doc change)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lukidzi @lobkovilya @slonka