diff --git a/content/en/docs/ops/ambient/getting-started/index.md b/content/en/docs/ops/ambient/getting-started/index.md index 1589dfd77a..14dbffe883 100644 --- a/content/en/docs/ops/ambient/getting-started/index.md +++ b/content/en/docs/ops/ambient/getting-started/index.md @@ -377,19 +377,20 @@ metadata: name: productpage-viewer namespace: default spec: - selector: - matchLabels: - istio.io/gateway-name: bookinfo-productpage - action: ALLOW - rules: - - from: - - source: - principals: - - cluster.local/ns/default/sa/sleep - - cluster.local/$GATEWAY_SERVICE_ACCOUNT - to: - - operation: - methods: ["GET"] + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: bookinfo-productpage + action: ALLOW + rules: + - from: + - source: + principals: + - cluster.local/ns/default/sa/sleep + - cluster.local/$GATEWAY_SERVICE_ACCOUNT + to: + - operation: + methods: ["GET"] EOF {{< /text >}} diff --git a/content/en/docs/ops/ambient/getting-started/snips.sh b/content/en/docs/ops/ambient/getting-started/snips.sh index 0b22deaa6e..99862c3543 100644 --- a/content/en/docs/ops/ambient/getting-started/snips.sh +++ b/content/en/docs/ops/ambient/getting-started/snips.sh @@ -241,19 +241,20 @@ metadata: name: productpage-viewer namespace: default spec: - selector: - matchLabels: - istio.io/gateway-name: bookinfo-productpage - action: ALLOW - rules: - - from: - - source: - principals: - - cluster.local/ns/default/sa/sleep - - cluster.local/$GATEWAY_SERVICE_ACCOUNT - to: - - operation: - methods: ["GET"] + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: bookinfo-productpage + action: ALLOW + rules: + - from: + - source: + principals: + - cluster.local/ns/default/sa/sleep + - cluster.local/$GATEWAY_SERVICE_ACCOUNT + to: + - operation: + methods: ["GET"] EOF } diff --git a/content/en/docs/tasks/security/authentication/authn-policy/index.md b/content/en/docs/tasks/security/authentication/authn-policy/index.md index e5c21ae84e..c23b43911e 100644 --- a/content/en/docs/tasks/security/authentication/authn-policy/index.md +++ b/content/en/docs/tasks/security/authentication/authn-policy/index.md @@ -405,9 +405,10 @@ metadata: name: "jwt-example" namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway jwtRules: - issuer: "testing@secure.istio.io" jwksUri: "{{< github_file >}}/security/tools/jwt/samples/jwks.json" @@ -519,9 +520,10 @@ metadata: name: "frontend-ingress" namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway action: DENY rules: - from: @@ -583,9 +585,10 @@ metadata: name: "frontend-ingress" namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway action: DENY rules: - from: diff --git a/content/en/docs/tasks/security/authentication/authn-policy/snips.sh b/content/en/docs/tasks/security/authentication/authn-policy/snips.sh index d14d126917..65e0151b44 100644 --- a/content/en/docs/tasks/security/authentication/authn-policy/snips.sh +++ b/content/en/docs/tasks/security/authentication/authn-policy/snips.sh @@ -310,9 +310,10 @@ metadata: name: "jwt-example" namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway jwtRules: - issuer: "testing@secure.istio.io" jwksUri: "https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/jwks.json" @@ -397,9 +398,10 @@ metadata: name: "frontend-ingress" namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway action: DENY rules: - from: @@ -446,9 +448,10 @@ metadata: name: "frontend-ingress" namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway action: DENY rules: - from: diff --git a/content/en/docs/tasks/security/authorization/authz-ingress/index.md b/content/en/docs/tasks/security/authorization/authz-ingress/index.md index 14370fceb4..04833690ea 100644 --- a/content/en/docs/tasks/security/authorization/authz-ingress/index.md +++ b/content/en/docs/tasks/security/authorization/authz-ingress/index.md @@ -365,9 +365,10 @@ metadata: name: ingress-policy namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway action: ALLOW rules: - from: @@ -386,9 +387,10 @@ metadata: name: ingress-policy namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway action: ALLOW rules: - from: @@ -513,9 +515,10 @@ metadata: name: ingress-policy namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway action: ALLOW rules: - from: @@ -534,9 +537,10 @@ metadata: name: ingress-policy namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway action: ALLOW rules: - from: @@ -620,9 +624,10 @@ metadata: name: ingress-policy namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway action: DENY rules: - from: @@ -641,9 +646,10 @@ metadata: name: ingress-policy namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway action: DENY rules: - from: diff --git a/content/en/docs/tasks/security/authorization/authz-ingress/snips.sh b/content/en/docs/tasks/security/authorization/authz-ingress/snips.sh index 53b622b543..6fe870ce50 100644 --- a/content/en/docs/tasks/security/authorization/authz-ingress/snips.sh +++ b/content/en/docs/tasks/security/authorization/authz-ingress/snips.sh @@ -201,9 +201,10 @@ metadata: name: ingress-policy namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway action: ALLOW rules: - from: @@ -220,9 +221,10 @@ metadata: name: ingress-policy namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway action: ALLOW rules: - from: @@ -317,9 +319,10 @@ metadata: name: ingress-policy namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway action: ALLOW rules: - from: @@ -336,9 +339,10 @@ metadata: name: ingress-policy namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway action: ALLOW rules: - from: @@ -401,9 +405,10 @@ metadata: name: ingress-policy namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway action: DENY rules: - from: @@ -420,9 +425,10 @@ metadata: name: ingress-policy namespace: foo spec: - selector: - matchLabels: - istio.io/gateway-name: httpbin-gateway + targetRef: + kind: Gateway + group: gateway.networking.k8s.io + name: httpbin-gateway action: DENY rules: - from: