From 583c40ba27449c7d5bac3c137160fcdc55eb4626 Mon Sep 17 00:00:00 2001
From: Limin Wang <liminwang@google.com>
Date: Mon, 26 Nov 2018 10:57:04 -0800
Subject: [PATCH] documentation for end-user authencation on ingress-gateway
 (#2243) (#2904)

* documentation for end-user authencation on ingress-gateway (#2243)

* documentation for end-user authencation on ingress-gateway

* address comments

* address comments

* address comment

* Move end user authentication on Ingress section to securtity.

* Minor text change.

* Revert edit in traffic management doc.

* Remove Ingress example. Replace it with a single sentence.

* Addressed comment.
---
 content/docs/tasks/security/authn-policy/index.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/content/docs/tasks/security/authn-policy/index.md b/content/docs/tasks/security/authn-policy/index.md
index 2fcc51fc06..f286094fe4 100644
--- a/content/docs/tasks/security/authn-policy/index.md
+++ b/content/docs/tasks/security/authn-policy/index.md
@@ -570,6 +570,9 @@ $ for i in `seq 1 10`; do curl --header "Authorization: Bearer $TOKEN" $INGRESS_
 401
 {{< /text >}}
 
+You can also add a JWT policy to an ingress gateway (e.g., service `istio-ingressgateway.istio-system.svc.cluster.local`).
+This is often used to define a JWT policy for all services bound to the gateway, instead of for individual services.
+
 ### End-user authentication with per-path requirements
 
 End-user authentication can be enabled or disabled based on request path. This is useful if you want to