About policies

With traffic policies, you can specify how you want to manipulate and respond to incoming requests in your service mesh. For example, you might want to add or remove header information before forwarding the request to your service, implement retries, timeouts, and failover scenarios, or ensure that services use mutual TLS (mTLS) when communicating with each other.

For an overview of supported traffic policies in Gloo Mesh, see Supported policies in Gloo Mesh.

Resources to apply policies to

Policies might apply to the following resources:

You can apply the policies by using Kubernetes labels and selectors that match the route table, virtual destination, or workload. Remember, all of these resources must be in the same workspace for the policy to apply the resource. To see what resources a policy might select, check the Kubernetes labels such as with the following commands.

kubectl get <KIND> <RESOURCE> -n <NAMESPACE> -l <KEY=VALUE>
kubectl get all -A -l env=prod

Import and export policies to other workspaces

You cannot import or export policies across workspaces. However, policies might still apply to Gloo Mesh resources that you import and export to other workspaces as described in the following table.

Resource Description
Route Routes that are exported via a route table keep their policies from the source workspace. Policies in the new workspace do not apply to imported routes. You can add the policy in the source workspace, or create another route in your current workspace.
Destination Destinations that are exported keep their server-side destination policies from the source workspace. You can only apply client-side route policies to imported destinations.
Workloads Workloads cannot be imported or exported. If their Kubernetes services are imported or exported, these are treated as part of Destinations, with the same rules as described previously.