Namespace-scoped VirtualServices

I’m trying to specify fault injection rules in client namespaces, rather than having all clients using the configuration provided on a single VirtualService in the server’s namespace. Different gRPC clients have different requirements on how they’d like to do fault injection (some don’t want it, others want a higher prob that others, etc.).

Currently, if one client wants to simulate 100% unavailability, this means making the server 100% unavailable across all clients. We can simply partition the hostnames by client, and have separate fault injection configuration there, but that gets a little messy with lots of clients.

We can also use the sourceLabels field with a filter on labels we set for the apps in the client namespaces, but this also suffers from lots of match entries in the VirtualService.

I’m wondering if there’s a way to scope a VirtualService for a given hostname per-namespace such that the routing configuration is only applied to requests to originate from within that namespace.

For example, if I have namespaces A and B, I’d like to be able to have a VirtualService in both namespaces that match on example.com, each with independent routing rules.

Thoughts / ideas appreciated!