Skip to content

docs(mesh): same-namespace consumer precedence #5282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lmilan merged 5 commits into from
May 21, 2026
+79 −0
Merged

docs(mesh): same-namespace consumer precedence #5282

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a2394c9
docs(mesh): same-namespace consumer precedence
slonka May 19, 2026
685d199
fix(mesh): add tab_group to navtabs
slonka May 19, 2026
c9a2617
fix wrong target ref
slonka May 19, 2026
1ced51a
Merge branch 'main' into mesh-same-namespace-exception
slonka May 20, 2026
883b073
review
lmilan May 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 79 additions & 0 deletions app/mesh/policies-introduction.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,9 @@ Producer policies allow service owners to define recommended client-side behavio
This lets backend owners publish sensible defaults (timeouts, retries, limits) for consumers,
while individual clients can still refine those settings with their own [consumer](#consumer-policies) policies.

{:.warning}
> A default consumer policy can override a service-specific producer policy if they are in the same namespace. For more information, see [Same-namespace exception](#same-namespace-exception).

The following policy tells {{ site.mesh_product_name }} to apply 3 retries with a backoff from `15s` to `1m`
on 5xx errors to any client calling `backend`:

Expand Down Expand Up @@ -373,6 +376,82 @@ default:
maxStreamDuration: 1m # added by consumer
```

### Same-namespace exception

On Kubernetes, a consumer default in the same namespace can still override a producer policy for a specific service.
This happens because the policy role is evaluated before `spec.to[].targetRef`.

{% navtabs "same-namespace-exception" %}
{% navtab "Producer" %}

```yaml
apiVersion: kuma.io/v1alpha1
kind: MeshTimeout
metadata:
name: producer-policy
namespace: kuma-demo
spec:
targetRef:
kind: Mesh
to:
- targetRef:
kind: MeshService
name: redis
namespace: kuma-demo
default:
connectionTimeout: 10s
```

{% endnavtab %}
{% navtab "Consumer default" %}

```yaml
apiVersion: kuma.io/v1alpha1
kind: MeshTimeout
metadata:
name: consumer-default
namespace: kuma-demo
spec:
targetRef:
kind: Mesh
to:
- targetRef:
kind: Mesh
default:
connectionTimeout: 5s
```

{% endnavtab %}
{% navtab "Updated consumer policy" %}

```yaml
apiVersion: kuma.io/v1alpha1
kind: MeshTimeout
metadata:
name: consumer-specific
namespace: kuma-demo
spec:
targetRef:
kind: Mesh
to:
- targetRef:
kind: MeshService
name: checkout
default:
connectionTimeout: 5s
- targetRef:
kind: MeshService
name: payments
default:
connectionTimeout: 5s
```

{% endnavtab %}
{% endnavtabs %}

In this example, `consumer-default` overrides `producer-policy`.
To keep `producer-policy` effective, replace the mesh-wide consumer default with service-specific entries like `consumer-specific`, or split them into separate consumer policies and leave `redis` out.

## Metadata

Metadata identifies a policy by its name, type/kind, and the mesh it belongs to:
Expand Down
Loading