From 0614d6b91a8d4038acbe605b1e06dfbf86e9137c Mon Sep 17 00:00:00 2001
From: Chris Farhood <chris@farhood.org>
Date: Fri, 15 May 2026 22:46:21 -0400
Subject: [PATCH] fix(irc): bind services to waypoint for AuthorizationPolicy
 enforcement
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

WaypointAccepted: False on both policies — Istio 1.29 requires
istio.io/use-waypoint on the Service directly, namespace label alone
is insufficient for targetRefs: kind: Service policy binding.
---
 thelounge/service.yaml | 1 +
 znc/service.yaml       | 1 +
 2 files changed, 2 insertions(+)

diff --git a/thelounge/service.yaml b/thelounge/service.yaml
index 3f0b9dc..1487b2e 100644
--- a/thelounge/service.yaml
+++ b/thelounge/service.yaml
@@ -6,6 +6,7 @@ metadata:
   name: thelounge
   labels:
     app.kubernetes.io/name: thelounge
+    istio.io/use-waypoint: waypoint
 spec:
   type: ClusterIP
   ports:
diff --git a/znc/service.yaml b/znc/service.yaml
index b850dcd..6586c5b 100644
--- a/znc/service.yaml
+++ b/znc/service.yaml
@@ -6,6 +6,7 @@ metadata:
   name: znc
   labels:
     app.kubernetes.io/name: znc
+    istio.io/use-waypoint: waypoint
   annotations:
     external-dns.alpha.kubernetes.io/hostname: ${ZNC_HOSTNAME}
 spec: