update rbac api version to align with istio/istio#6874. (#1879)

2018-07-18 15:21:37 -07:00 · 2018-07-18 15:21:37 -07:00 · 0b9e3aba5a
parent fe1e01866c
commit 0b9e3aba5a
2 changed files with 15 additions and 15 deletions
--- a/content/docs/concepts/security/index.md
+++ b/content/docs/concepts/security/index.md
@ -272,7 +272,7 @@ In `RbacConfig` object, the operator can specify “mode”, which can be one of
 In the following example, authorization is enabled for the “default” namespace.

 {{< text yaml >}}
-apiVersion: “config.istio.io/v1alpha2”
+apiVersion: “rbac.istio.io/v1alpha1”
 kind: RbacConfig
 metadata:
  name: default
@ -314,7 +314,7 @@ fields in a rule. “paths” is optional. If not specified or set to “*“, i
 Here is an example of a simple role “service-admin”, which has full access to all services in the “default” namespace.

 {{< text yaml >}}
-apiVersion: "config.istio.io/v1alpha2"
+apiVersion: "rbac.istio.io/v1alpha1"
 kind: ServiceRole
 metadata:
  name: service-admin
@ -329,7 +329,7 @@ Here is another role “products-viewer”, which has read (“GET” and “HEA
 “default” namespace.

 {{< text yaml >}}
-apiVersion: "config.istio.io/v1alpha2"
+apiVersion: "rbac.istio.io/v1alpha1"
 kind: ServiceRole
 metadata:
  name: products-viewer
@ -347,7 +347,7 @@ Read (“GET”) access to all paths with “/reviews” suffix (e.g, “/books/
 “bookstore.default.svc.cluster.local”.

 {{< text yaml >}}
-apiVersion: "config.istio.io/v1alpha2"
+apiVersion: "rbac.istio.io/v1alpha1"
 kind: ServiceRole
 metadata:
  name: tester
@ -371,7 +371,7 @@ For example, the following `ServiceRole` definition extends the previous “prod
 In the case that the attribute is a “map” (e.g., `request.headers`), the “key” is an entry in the map (e.g., `request.headers[version]`).

 {{< text yaml >}}
-apiVersion: "config.istio.io/v1alpha2"
+apiVersion: "rbac.istio.io/v1alpha1"
 kind: ServiceRole
 metadata:
  name: products-viewer-version
@ -403,7 +403,7 @@ Here is an example of `ServiceRoleBinding` “test-binding-products”, which bi
 * A service account representing the Ingress service (“istio-ingress-service-account”) **and** where the JWT “email” claim is “a@foo.com”.

 {{< text yaml >}}
-apiVersion: "config.istio.io/v1alpha2"
+apiVersion: "rbac.istio.io/v1alpha1"
 kind: ServiceRoleBinding
 metadata:
  name: test-binding-products
@ -423,7 +423,7 @@ In the case that you want to make a service(s) publicly accessible, you set the
 to all users and services.

 {{< text yaml >}}
-apiVersion: "config.istio.io/v1alpha2"
+apiVersion: "rbac.istio.io/v1alpha1"
 kind: ServiceRoleBinding
 metadata:
  name: binding-products-allusers
--- a/content/docs/tasks/security/role-based-access-control/index.md
+++ b/content/docs/tasks/security/role-based-access-control/index.md
@ -105,7 +105,7 @@ set to one of the values in ["productpage", "details", "reviews", "ratings"]. No
 the services must have one of the listed "app" labels.

    {{< text yaml >}}
-    apiVersion: "config.istio.io/v1alpha2"
+    apiVersion: "rbac.istio.io/v1alpha1"
    kind: ServiceRole
    metadata:
      name: service-viewer
@ -122,7 +122,7 @@ the services must have one of the listed "app" labels.
 *   Creates a `ServiceRoleBinding` that assign the "service-viewer" role to all services in "istio-system" and "default" namespaces.

    {{< text yaml >}}
-    apiVersion: "config.istio.io/v1alpha2"
+    apiVersion: "rbac.istio.io/v1alpha1"
    kind: ServiceRoleBinding
    metadata:
      name: bind-service-viewer
@ -183,7 +183,7 @@ The policy does the following:
 *   Creates a `ServiceRole` "productpage-viewer" which allows read access to "productpage" service.

    {{< text yaml >}}
-    apiVersion: "config.istio.io/v1alpha2"
+    apiVersion: "rbac.istio.io/v1alpha1"
    kind: ServiceRole
    metadata:
      name: productpage-viewer
@ -197,7 +197,7 @@ The policy does the following:
 *   Creates a `ServiceRoleBinding` "bind-productpager-viewer" which assigns "productpage-viewer" role to all users/services.

    {{< text yaml >}}
-    apiVersion: "config.istio.io/v1alpha2"
+    apiVersion: "rbac.istio.io/v1alpha1"
    kind: ServiceRoleBinding
    metadata:
      name: bind-productpager-viewer
@ -234,7 +234,7 @@ The policy does the following:
 *   Creates a `ServiceRole` "details-reviews-viewer" which allows read access to "details" and "reviews" services.

    {{< text yaml >}}
-    apiVersion: "config.istio.io/v1alpha2"
+    apiVersion: "rbac.istio.io/v1alpha1"
    kind: ServiceRole
    metadata:
      name: details-reviews-viewer
@ -249,7 +249,7 @@ The policy does the following:
 account "cluster.local/ns/default/sa/bookinfo-productpage" (representing the "productpage" service).

    {{< text yaml >}}
-    apiVersion: "config.istio.io/v1alpha2"
+    apiVersion: "rbac.istio.io/v1alpha1"
    kind: ServiceRoleBinding
    metadata:
      name: bind-details-reviews
@ -287,7 +287,7 @@ The policy does the following:
 *   Creates a `ServiceRole` "ratings-viewer" which allows read access to "ratings" service.

    {{< text yaml >}}
-    apiVersion: "config.istio.io/v1alpha2"
+    apiVersion: "rbac.istio.io/v1alpha1"
    kind: ServiceRole
    metadata:
      name: ratings-viewer
@ -302,7 +302,7 @@ The policy does the following:
 account "cluster.local/ns/default/sa/bookinfo-reviews", which represents the "reviews" services.

    {{< text yaml >}}
-    apiVersion: "config.istio.io/v1alpha2"
+    apiVersion: "rbac.istio.io/v1alpha1"
    kind: ServiceRoleBinding
    metadata:
      name: bind-ratings