istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update rbac api version to align with istio/istio#6874. (#1879)

This commit is contained in:
Yangmin 2018-07-18 15:21:37 -07:00 committed by istio-bot
parent fe1e01866c
commit 0b9e3aba5a
2 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
content/docs/concepts/security/index.md
View File

@ -272,7 +272,7 @@ In `RbacConfig` object, the operator can specify “mode”, which can be one of
In the following example, authorization is enabled for the “default” namespace. In the following example, authorization is enabled for the “default” namespace.
{{< text yaml >}} {{< text yaml >}}
apiVersion: “config.istio.io/v1alpha2 apiVersion: “rbac.istio.io/v1alpha1
kind: RbacConfig kind: RbacConfig
metadata: metadata:
name: default name: default
@ -314,7 +314,7 @@ fields in a rule. “paths” is optional. If not specified or set to “*“, i
Here is an example of a simple role “service-admin”, which has full access to all services in the “default” namespace. Here is an example of a simple role “service-admin”, which has full access to all services in the “default” namespace.
{{< text yaml >}} {{< text yaml >}}
apiVersion: "config.istio.io/v1alpha2" apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRole kind: ServiceRole
metadata: metadata:
name: service-admin name: service-admin
@ -329,7 +329,7 @@ Here is another role “products-viewer”, which has read (“GET” and “HEA
“default” namespace. “default” namespace.
{{< text yaml >}} {{< text yaml >}}
apiVersion: "config.istio.io/v1alpha2" apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRole kind: ServiceRole
metadata: metadata:
name: products-viewer name: products-viewer
@ -347,7 +347,7 @@ Read (“GET”) access to all paths with “/reviews” suffix (e.g, “/books/
“bookstore.default.svc.cluster.local”. “bookstore.default.svc.cluster.local”.
{{< text yaml >}} {{< text yaml >}}
apiVersion: "config.istio.io/v1alpha2" apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRole kind: ServiceRole
metadata: metadata:
name: tester name: tester
@ -371,7 +371,7 @@ For example, the following `ServiceRole` definition extends the previous “prod
In the case that the attribute is a “map” (e.g., `request.headers`), the “key” is an entry in the map (e.g., `request.headers[version]`). In the case that the attribute is a “map” (e.g., `request.headers`), the “key” is an entry in the map (e.g., `request.headers[version]`).
{{< text yaml >}} {{< text yaml >}}
apiVersion: "config.istio.io/v1alpha2" apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRole kind: ServiceRole
metadata: metadata:
name: products-viewer-version name: products-viewer-version
@ -403,7 +403,7 @@ Here is an example of `ServiceRoleBinding` “test-binding-products”, which bi
* A service account representing the Ingress service (“istio-ingress-service-account”) **and** where the JWT “email” claim is “a@foo.com”. * A service account representing the Ingress service (“istio-ingress-service-account”) **and** where the JWT “email” claim is “a@foo.com”.
{{< text yaml >}} {{< text yaml >}}
apiVersion: "config.istio.io/v1alpha2" apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRoleBinding kind: ServiceRoleBinding
metadata: metadata:
name: test-binding-products name: test-binding-products
@ -423,7 +423,7 @@ In the case that you want to make a service(s) publicly accessible, you set the
to all users and services. to all users and services.
{{< text yaml >}} {{< text yaml >}}
apiVersion: "config.istio.io/v1alpha2" apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRoleBinding kind: ServiceRoleBinding
metadata: metadata:
name: binding-products-allusers name: binding-products-allusers

16
content/docs/tasks/security/role-based-access-control/index.md
View File

@ -105,7 +105,7 @@ set to one of the values in ["productpage", "details", "reviews", "ratings"]. No
the services must have one of the listed "app" labels. the services must have one of the listed "app" labels.
{{< text yaml >}} {{< text yaml >}}
apiVersion: "config.istio.io/v1alpha2" apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRole kind: ServiceRole
metadata: metadata:
name: service-viewer name: service-viewer
@ -122,7 +122,7 @@ the services must have one of the listed "app" labels.
* Creates a `ServiceRoleBinding` that assign the "service-viewer" role to all services in "istio-system" and "default" namespaces. * Creates a `ServiceRoleBinding` that assign the "service-viewer" role to all services in "istio-system" and "default" namespaces.
{{< text yaml >}} {{< text yaml >}}
apiVersion: "config.istio.io/v1alpha2" apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRoleBinding kind: ServiceRoleBinding
metadata: metadata:
name: bind-service-viewer name: bind-service-viewer
@ -183,7 +183,7 @@ The policy does the following:
* Creates a `ServiceRole` "productpage-viewer" which allows read access to "productpage" service. * Creates a `ServiceRole` "productpage-viewer" which allows read access to "productpage" service.
{{< text yaml >}} {{< text yaml >}}
apiVersion: "config.istio.io/v1alpha2" apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRole kind: ServiceRole
metadata: metadata:
name: productpage-viewer name: productpage-viewer
@ -197,7 +197,7 @@ The policy does the following:
* Creates a `ServiceRoleBinding` "bind-productpager-viewer" which assigns "productpage-viewer" role to all users/services. * Creates a `ServiceRoleBinding` "bind-productpager-viewer" which assigns "productpage-viewer" role to all users/services.
{{< text yaml >}} {{< text yaml >}}
apiVersion: "config.istio.io/v1alpha2" apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRoleBinding kind: ServiceRoleBinding
metadata: metadata:
name: bind-productpager-viewer name: bind-productpager-viewer
@ -234,7 +234,7 @@ The policy does the following:
* Creates a `ServiceRole` "details-reviews-viewer" which allows read access to "details" and "reviews" services. * Creates a `ServiceRole` "details-reviews-viewer" which allows read access to "details" and "reviews" services.
{{< text yaml >}} {{< text yaml >}}
apiVersion: "config.istio.io/v1alpha2" apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRole kind: ServiceRole
metadata: metadata:
name: details-reviews-viewer name: details-reviews-viewer
@ -249,7 +249,7 @@ The policy does the following:
account "cluster.local/ns/default/sa/bookinfo-productpage" (representing the "productpage" service). account "cluster.local/ns/default/sa/bookinfo-productpage" (representing the "productpage" service).
{{< text yaml >}} {{< text yaml >}}
apiVersion: "config.istio.io/v1alpha2" apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRoleBinding kind: ServiceRoleBinding
metadata: metadata:
name: bind-details-reviews name: bind-details-reviews
@ -287,7 +287,7 @@ The policy does the following:
* Creates a `ServiceRole` "ratings-viewer" which allows read access to "ratings" service. * Creates a `ServiceRole` "ratings-viewer" which allows read access to "ratings" service.
{{< text yaml >}} {{< text yaml >}}
apiVersion: "config.istio.io/v1alpha2" apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRole kind: ServiceRole
metadata: metadata:
name: ratings-viewer name: ratings-viewer
@ -302,7 +302,7 @@ The policy does the following:
account "cluster.local/ns/default/sa/bookinfo-reviews", which represents the "reviews" services. account "cluster.local/ns/default/sa/bookinfo-reviews", which represents the "reviews" services.
{{< text yaml >}} {{< text yaml >}}
apiVersion: "config.istio.io/v1alpha2" apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRoleBinding kind: ServiceRoleBinding
metadata: metadata:
name: bind-ratings name: bind-ratings