udocs upddate for policies graduation (#12320)

2022-12-07 03:19:06 +05:30 · 2022-12-07 03:19:06 +05:30 · 60eb0e4474
parent c64c048174
commit 60eb0e4474
22 changed files with 72 additions and 72 deletions
--- a/content/en/docs/concepts/security/index.md
+++ b/content/en/docs/concepts/security/index.md
@ -575,7 +575,7 @@ access the workloads with the `app: httpbin` and `version: v1` labels in the
 `foo` namespace when requests sent have a valid JWT token.
 {{< text yaml >}}
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
 name: httpbin
@ -604,7 +604,7 @@ The following example shows an authorization policy that denies requests if the
 source is not the `foo` namespace:
 {{< text yaml >}}
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
 name: httpbin-deny
@ -645,7 +645,7 @@ For example, the `allow-read` policy allows `"GET"` and `"HEAD"` access to the
 workload with the `app: products` label in the `default` namespace.
 {{< text yaml >}}
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: allow-read
@ -687,7 +687,7 @@ The following example policy allows access at paths with the `/test/*` prefix
 or the `*/info` suffix.
 {{< text yaml >}}
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: tester
@ -713,7 +713,7 @@ JWT authentication, if the request path is not `/healthz`. Thus, the policy
 excludes requests to the `/healthz` path from the JWT authentication:
 {{< text yaml >}}
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: disable-jwt-for-healthz
@ -736,7 +736,7 @@ The following example denies the request to the `/admin` path for requests
 without request principals:
 {{< text yaml >}}
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: enable-jwt-for-admin
@ -768,7 +768,7 @@ access to the workload.
 {{< /tip >}}
 {{< text yaml >}}
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: allow-nothing
@ -782,7 +782,7 @@ there is another `ALLOW` policy allowing the request because the `DENY` policy t
 This is useful if you want to temporarily disable all access to the workload.
 {{< text yaml >}}
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: deny-all
@ -798,7 +798,7 @@ useless as it will always allow the request. It might be useful if you want to t
 workload. Note the request could still be denied due to `CUSTOM` and `DENY` policies.
 {{< text yaml >}}
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: allow-all
@ -818,7 +818,7 @@ key is `request.headers[version]`, which is an entry in the Istio attribute
 `request.headers`, which is a map.
 {{< text yaml >}}
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
 name: httpbin
@ -850,7 +850,7 @@ If you want to make a workload publicly accessible, you need to leave the
 unauthenticated) users and workloads, for example:
 {{< text yaml >}}
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
 name: httpbin
@ -871,7 +871,7 @@ To allow only authenticated users, set `principals` to `"*"` instead, for
 example:
 {{< text yaml >}}
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
 name: httpbin
@ -911,7 +911,7 @@ configures an authorization policy to only allows the `bookinfo-ratings-v2`
 service in the Istio mesh to access the MongoDB workload.
 {{< text yaml >}}
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: mongodb-policy
--- a/content/en/docs/ops/best-practices/security/index.md
+++ b/content/en/docs/ops/best-practices/security/index.md
@ -59,7 +59,7 @@ and do not use any of the **positive** matching fields (e.g. `paths`, `values`).
 For example, the authorization policy below uses the `ALLOW-with-positive-matching` pattern to allow requests to path `/public`:
 {{< text yaml >}}
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: foo
@ -78,7 +78,7 @@ of unknown normalization behavior causing policy bypass.
 The following is an example using the `DENY-with-negative-matching` pattern to achieve the same result:
 {{< text yaml >}}
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: foo
@ -313,7 +313,7 @@ prefix matches instead of exact matches.  For example, for an `AuthorizationPoli
 for a hostname of `example.com`, you would use `hosts: ["example.com", "example.com:*"]` as shown in the below `AuthorizationPolicy`.
 {{< text yaml >}}
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: ingress-host
--- a/content/en/docs/tasks/security/authentication/authn-policy/index.md
+++ b/content/en/docs/tasks/security/authentication/authn-policy/index.md
@ -381,7 +381,7 @@ Now, add a request authentication policy that requires end-user JWT for the ingr
 {{< text bash >}}
 $ kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: RequestAuthentication
 metadata:
  name: "jwt-example"
@ -464,7 +464,7 @@ To reject requests without valid tokens, add an authorization policy with a rule
 {{< text bash >}}
 $ kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: "frontend-ingress"
@ -494,7 +494,7 @@ To refine authorization with a token requirement per host, path, or method, chan
 {{< text bash >}}
 $ kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: "frontend-ingress"
--- a/content/en/docs/tasks/security/authentication/authn-policy/snips.sh
+++ b/content/en/docs/tasks/security/authentication/authn-policy/snips.sh
@ -313,7 +313,7 @@ ENDSNIP
 snip_enduser_authentication_4() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: RequestAuthentication
 metadata:
  name: "jwt-example"
@ -381,7 +381,7 @@ ENDSNIP
 snip_require_a_valid_token_1() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: "frontend-ingress"
@ -408,7 +408,7 @@ ENDSNIP
 snip_require_valid_tokens_perpath_1() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: "frontend-ingress"
--- a/content/en/docs/tasks/security/authentication/jwt-route/index.md
+++ b/content/en/docs/tasks/security/authentication/jwt-route/index.md
@ -52,7 +52,7 @@ identity and more secure compared using the unauthenticated HTTP attributes (e.g
    {{< text bash >}}
    $ kubectl apply -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: RequestAuthentication
    metadata:
      name: ingress-jwt
--- a/content/en/docs/tasks/security/authentication/jwt-route/snips.sh
+++ b/content/en/docs/tasks/security/authentication/jwt-route/snips.sh
@ -36,7 +36,7 @@ ENDSNIP
 snip_configuring_ingress_routing_based_on_jwt_claims_1() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: RequestAuthentication
 metadata:
  name: ingress-jwt
--- a/content/en/docs/tasks/security/authorization/authz-custom/index.md
+++ b/content/en/docs/tasks/security/authorization/authz-custom/index.md
@ -157,7 +157,7 @@ The external authorizer is now ready to be used by the authorization policy.
    {{< text bash >}}
    $ kubectl apply -n foo -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: AuthorizationPolicy
    metadata:
      name: ext-authz
--- a/content/en/docs/tasks/security/authorization/authz-custom/snips.sh
+++ b/content/en/docs/tasks/security/authorization/authz-custom/snips.sh
@ -105,7 +105,7 @@ ENDSNIP
 snip_enable_with_external_authorization_1() {
 kubectl apply -n foo -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: ext-authz
--- a/content/en/docs/tasks/security/authorization/authz-deny/index.md
+++ b/content/en/docs/tasks/security/authorization/authz-deny/index.md
@ -52,7 +52,7 @@ In this case, the policy denies requests if their method is `GET`.
    {{< text bash >}}
    $ kubectl apply -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: AuthorizationPolicy
    metadata:
      name: deny-method-get
@ -90,7 +90,7 @@ a header value that is not `admin`:
    {{< text bash >}}
    $ kubectl apply -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: AuthorizationPolicy
    metadata:
      name: deny-method-get
@ -130,7 +130,7 @@ to `ALLOW`. This type of policy is better known as an allow policy.
    {{< text bash >}}
    $ kubectl apply -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: AuthorizationPolicy
    metadata:
      name: allow-path-ip
--- a/content/en/docs/tasks/security/authorization/authz-deny/snips.sh
+++ b/content/en/docs/tasks/security/authorization/authz-deny/snips.sh
@ -36,7 +36,7 @@ ENDSNIP
 snip_explicitly_deny_a_request_1() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: deny-method-get
@ -71,7 +71,7 @@ ENDSNIP
 snip_explicitly_deny_a_request_4() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: deny-method-get
@ -109,7 +109,7 @@ ENDSNIP
 snip_explicitly_deny_a_request_7() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: allow-path-ip
--- a/content/en/docs/tasks/security/authorization/authz-dry-run/index.md
+++ b/content/en/docs/tasks/security/authorization/authz-dry-run/index.md
@ -67,7 +67,7 @@ Caching and propagation overhead can cause some delay.
    {{< text bash >}}
    $ kubectl apply -n foo -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: AuthorizationPolicy
    metadata:
      name: deny-path-headers
--- a/content/en/docs/tasks/security/authorization/authz-dry-run/snips.sh
+++ b/content/en/docs/tasks/security/authorization/authz-dry-run/snips.sh
@ -45,7 +45,7 @@ ENDSNIP
 snip_create_dryrun_policy_1() {
 kubectl apply -n foo -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: deny-path-headers
--- a/content/en/docs/tasks/security/authorization/authz-http/index.md
+++ b/content/en/docs/tasks/security/authorization/authz-http/index.md
@ -56,7 +56,7 @@ and then grant more access to the workload gradually and incrementally.
    {{< text bash >}}
    $ kubectl apply -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: AuthorizationPolicy
    metadata:
      name: allow-nothing
@ -78,7 +78,7 @@ and then grant more access to the workload gradually and incrementally.
    {{< text bash >}}
    $ kubectl apply -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: AuthorizationPolicy
    metadata:
      name: "productpage-viewer"
@ -112,7 +112,7 @@ and then grant more access to the workload gradually and incrementally.
    {{< text bash >}}
    $ kubectl apply -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: AuthorizationPolicy
    metadata:
      name: "details-viewer"
@ -138,7 +138,7 @@ and then grant more access to the workload gradually and incrementally.
    {{< text bash >}}
    $ kubectl apply -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: AuthorizationPolicy
    metadata:
      name: "reviews-viewer"
@ -172,7 +172,7 @@ and then grant more access to the workload gradually and incrementally.
    {{< text bash >}}
    $ kubectl apply -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: AuthorizationPolicy
    metadata:
      name: "ratings-viewer"
--- a/content/en/docs/tasks/security/authorization/authz-http/snips.sh
+++ b/content/en/docs/tasks/security/authorization/authz-http/snips.sh
@ -22,7 +22,7 @@
 snip_configure_access_control_for_workloads_using_http_traffic_1() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: allow-nothing
@ -34,7 +34,7 @@ EOF
 snip_configure_access_control_for_workloads_using_http_traffic_2() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: "productpage-viewer"
@ -53,7 +53,7 @@ EOF
 snip_configure_access_control_for_workloads_using_http_traffic_3() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: "details-viewer"
@ -75,7 +75,7 @@ EOF
 snip_configure_access_control_for_workloads_using_http_traffic_4() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: "reviews-viewer"
@ -97,7 +97,7 @@ EOF
 snip_configure_access_control_for_workloads_using_http_traffic_5() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: "ratings-viewer"
--- a/content/en/docs/tasks/security/authorization/authz-ingress/index.md
+++ b/content/en/docs/tasks/security/authorization/authz-ingress/index.md
@ -211,7 +211,7 @@ Create the AuthorizationPolicy:
 {{< text bash >}}
 $ kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: ingress-policy
@ -234,7 +234,7 @@ EOF
 {{< text bash >}}
 $ kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: ingress-policy
@ -277,7 +277,7 @@ $ CLIENT_IP=$(kubectl get pods -n istio-system -o name -l istio=ingressgateway |
 {{< text bash >}}
 $ kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: ingress-policy
@ -309,7 +309,7 @@ Create the AuthorizationPolicy:
 {{< text bash >}}
 $ kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: ingress-policy
@ -347,7 +347,7 @@ not allowed to access the ingress gateway:
 {{< text bash >}}
 $ kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: ingress-policy
@ -370,7 +370,7 @@ EOF
 {{< text bash >}}
 $ kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: ingress-policy
--- a/content/en/docs/tasks/security/authorization/authz-ingress/snips.sh
+++ b/content/en/docs/tasks/security/authorization/authz-ingress/snips.sh
@ -126,7 +126,7 @@ ENDSNIP
 snip_ipbased_allow_list_and_deny_list_1() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: ingress-policy
@ -145,7 +145,7 @@ EOF
 snip_ipbased_allow_list_and_deny_list_2() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: ingress-policy
@ -180,7 +180,7 @@ ENDSNIP
 snip_ipbased_allow_list_and_deny_list_5() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: ingress-policy
@ -207,7 +207,7 @@ ENDSNIP
 snip_ipbased_allow_list_and_deny_list_7() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: ingress-policy
@ -234,7 +234,7 @@ ENDSNIP
 snip_ipbased_allow_list_and_deny_list_9() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: ingress-policy
@ -253,7 +253,7 @@ EOF
 snip_ipbased_allow_list_and_deny_list_10() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: ingress-policy
--- a/content/en/docs/tasks/security/authorization/authz-jwt/index.md
+++ b/content/en/docs/tasks/security/authorization/authz-jwt/index.md
@ -54,7 +54,7 @@ accepts a JWT issued by `testing@secure.istio.io`:
    {{< text bash >}}
    $ kubectl apply -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: RequestAuthentication
    metadata:
      name: "jwt-example"
@ -91,7 +91,7 @@ with a `/` separator as shown:
    {{< text syntax="bash" expandlinks="false" >}}
    $ kubectl apply -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: AuthorizationPolicy
    metadata:
      name: require-jwt
@ -135,7 +135,7 @@ the JWT to have a claim named `groups` containing the value `group1`:
    {{< text syntax="bash" expandlinks="false" >}}
    $ kubectl apply -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: AuthorizationPolicy
    metadata:
      name: require-jwt
--- a/content/en/docs/tasks/security/authorization/authz-jwt/snips.sh
+++ b/content/en/docs/tasks/security/authorization/authz-jwt/snips.sh
@ -36,7 +36,7 @@ ENDSNIP
 snip_allow_requests_with_valid_jwt_and_listtyped_claims_1() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: RequestAuthentication
 metadata:
  name: "jwt-example"
@ -69,7 +69,7 @@ ENDSNIP
 snip_allow_requests_with_valid_jwt_and_listtyped_claims_4() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: require-jwt
@ -112,7 +112,7 @@ ENDSNIP
 snip_allow_requests_with_valid_jwt_and_listtyped_claims_8() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: require-jwt
--- a/content/en/docs/tasks/security/authorization/authz-tcp/index.md
+++ b/content/en/docs/tasks/security/authorization/authz-tcp/index.md
@ -71,7 +71,7 @@ Run the following command to apply the policy to allow requests to port 9000 and
    {{< text bash >}}
    $ kubectl apply -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: AuthorizationPolicy
    metadata:
      name: tcp-policy
@ -117,7 +117,7 @@ explicitly in the `tcp-echo` Kubernetes service object. Run the following comman
    {{< text bash >}}
    $ kubectl apply -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: AuthorizationPolicy
    metadata:
      name: tcp-policy
@ -159,7 +159,7 @@ ALLOW rules. Run the following command and verify the output:
    {{< text bash >}}
    $ kubectl apply -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: AuthorizationPolicy
    metadata:
      name: tcp-policy
@ -195,7 +195,7 @@ HTTP-only fields while creating a DENY rule for tcp port and due to it's restric
    {{< text bash >}}
    $ kubectl apply -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: AuthorizationPolicy
    metadata:
      name: tcp-policy
--- a/content/en/docs/tasks/security/authorization/authz-tcp/snips.sh
+++ b/content/en/docs/tasks/security/authorization/authz-tcp/snips.sh
@ -56,7 +56,7 @@ ENDSNIP
 snip_configure_allow_authorization_policy_for_a_tcp_workload_1() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: tcp-policy
@ -101,7 +101,7 @@ ENDSNIP
 snip_configure_allow_authorization_policy_for_a_tcp_workload_5() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: tcp-policy
@ -137,7 +137,7 @@ ENDSNIP
 snip_configure_deny_authorization_policy_for_a_tcp_workload_1() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: tcp-policy
@ -172,7 +172,7 @@ ENDSNIP
 snip_configure_deny_authorization_policy_for_a_tcp_workload_4() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: tcp-policy
--- a/content/en/docs/tasks/security/authorization/authz-td-migration/index.md
+++ b/content/en/docs/tasks/security/authorization/authz-td-migration/index.md
@ -43,7 +43,7 @@ Before you begin this task, do the following:
    {{< text bash >}}
    $ kubectl apply -f - <<EOF
-    apiVersion: security.istio.io/v1beta1
+    apiVersion: security.istio.io/v1
    kind: AuthorizationPolicy
    metadata:
      name: service-httpbin.default.svc.cluster.local
--- a/content/en/docs/tasks/security/authorization/authz-td-migration/snips.sh
+++ b/content/en/docs/tasks/security/authorization/authz-td-migration/snips.sh
@ -35,7 +35,7 @@ kubectl apply -f samples/sleep/sleep.yaml -n sleep-allow
 snip_before_you_begin_3() {
 kubectl apply -f - <<EOF
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: service-httpbin.default.svc.cluster.local