istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Automator: update istio.io@ reference docs (#12640)

This commit is contained in:
Istio Automation 2023-02-12 18:17:05 -08:00 committed by GitHub
parent ae3fffa4a7
commit 878125215d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 44 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
content/en/docs/reference/config/security/authorization-policy/index.html
View File

@ -6,7 +6,7 @@ description: Configuration for access control on workloads.
location: https://istio.io/docs/reference/config/security/authorization-policy.html
layout: protoc-gen-docs
generator: protoc-gen-docs
schema: istio.security.v1.AuthorizationPolicy
schema: istio.security.v1beta1.AuthorizationPolicy
weight: 20
aliases: [/docs/reference/config/authorization/authorization-policy]
number_of_entries: 9
@ -44,7 +44,7 @@ but it is useful to be explicit in the policy.</p>
</ul>
<p>when the request has a valid JWT token issued by &ldquo;<a href="https://accounts.google.com">https://accounts.google.com</a>&rdquo;.</p>
<p>Any other requests will be denied.</p>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: httpbin
@ -71,7 +71,7 @@ spec:
<p>The following is another example that sets <code>action</code> to &ldquo;DENY&rdquo; to create a deny policy.
It denies requests from the &ldquo;dev&rdquo; namespace to the &ldquo;POST&rdquo; method on all workloads
in the &ldquo;foo&rdquo; namespace.</p>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: httpbin
@ -89,7 +89,7 @@ spec:
<p>The following is another example that sets <code>action</code> to <code>DENY</code> to create a deny policy.
It denies all the requests with &ldquo;POST&rdquo; method on port &ldquo;8080&rdquo; on all workloads
in the <code>foo</code> namespace.</p>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: AuthorizaionPolicy
metadata:
name: httpbin
@ -111,7 +111,7 @@ The following authorization policy sets the `action` to &quot;AUDIT&quot;. It wi
prefix &quot;/user/profile&quot;.
```yaml
apiVersion: security.istio.io/v1
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
namespace: ns1
@ -137,7 +137,7 @@ namespace, the policy applies to all namespaces in a mesh.</li>
<p>For example,</p>
<p>The following authorization policy applies to all workloads in namespace foo. It allows nothing and effectively denies
all requests to workloads in namespace foo.</p>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: allow-nothing
@ -146,7 +146,7 @@ spec:
{}
</code></pre>
<p>The following authorization policy allows all requests to workloads in namespace foo.</p>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: allow-all
@ -157,7 +157,7 @@ spec:
</code></pre>
<p>The following authorization policy applies to workloads containing label &ldquo;app: httpbin&rdquo; in namespace bar. It allows
nothing and effectively denies all requests to the selected workloads.</p>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: allow-nothing
@ -169,7 +169,7 @@ spec:
</code></pre>
<p>The following authorization policy applies to workloads containing label &ldquo;version: v1&rdquo; in all namespaces in the mesh.
(Assuming the root namespace is configured to &ldquo;istio-system&rdquo;).</p>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: allow-nothing

4
content/en/docs/reference/config/security/jwt/index.html
View File

@ -6,8 +6,8 @@ description: Configuration to validate JWT.
location: https://istio.io/docs/reference/config/security/jwt.html
layout: protoc-gen-docs
generator: protoc-gen-docs
schema: istio.security.v1.JWTRule
aliases: [/docs/reference/config/security/v1/jwt]
schema: istio.security.v1beta1.JWTRule
aliases: [/docs/reference/config/security/v1beta1/jwt]
number_of_entries: 3
---
<h2 id="JWTRule">JWTRule</h2>

22
content/en/docs/reference/config/security/request_authentication/index.html
View File

@ -6,8 +6,8 @@ description: Request authentication configuration for workloads.
location: https://istio.io/docs/reference/config/security/request_authentication.html
layout: protoc-gen-docs
generator: protoc-gen-docs
schema: istio.security.v1.RequestAuthentication
aliases: [/docs/reference/config/security/v1/request_authentication]
schema: istio.security.v1beta1.RequestAuthentication
aliases: [/docs/reference/config/security/v1beta1/request_authentication]
number_of_entries: 1
---
<h2 id="RequestAuthentication">RequestAuthentication</h2>
@ -21,7 +21,7 @@ Examples:</p>
<ul>
<li>Require JWT for all request for workloads that have label <code>app:httpbin</code></li>
</ul>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: httpbin
@ -34,7 +34,7 @@ spec:
- issuer: &quot;issuer-foo&quot;
jwksUri: https://example.com/.well-known/jwks.json
---
apiVersion: security.istio.io/v1
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: httpbin
@ -53,7 +53,7 @@ spec:
in a mesh. The following policy makes all workloads only accept requests that contain a
valid JWT token.</li>
</ul>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: req-authn-for-all
@ -63,7 +63,7 @@ spec:
- issuer: &quot;issuer-foo&quot;
jwksUri: https://example.com/.well-known/jwks.json
---
apiVersion: security.istio.io/v1
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: require-jwt-for-all
@ -79,7 +79,7 @@ spec:
declares it can accept JWTs issued by either <code>issuer-foo</code> or <code>issuer-bar</code> (the public key set is implicitly
set from the OpenID Connect spec).</li>
</ul>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: httpbin
@ -92,7 +92,7 @@ spec:
- issuer: &quot;issuer-foo&quot;
- issuer: &quot;issuer-bar&quot;
---
apiVersion: security.istio.io/v1
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: httpbin
@ -120,7 +120,7 @@ spec:
to require JWT on all paths, except /healthz, the same <code>RequestAuthentication</code> can be used, but the
authorization policy could be:</li>
</ul>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: httpbin
@ -150,7 +150,7 @@ currently does not support the <code>.</code> character. Examples: <code>request
<li>AuthorizationPolicy to check for valid principals in the request. This makes the JWT required for the request.</li>
<li>VirtualService to route the request based on the &ldquo;sub&rdquo; claim.</li>
</ul>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: jwt-on-ingress
@ -163,7 +163,7 @@ spec:
- issuer: &quot;example.com&quot;
jwksUri: https://example.com/.well-known/jwks.json
---
apiVersion: security.istio.io/v1
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: require-jwt

18
content/zh/docs/reference/config/security/authorization-policy/index.html
View File

@ -6,7 +6,7 @@ description: Configuration for access control on workloads.
location: https://istio.io/docs/reference/config/security/authorization-policy.html
layout: protoc-gen-docs
generator: protoc-gen-docs
schema: istio.security.v1.AuthorizationPolicy
schema: istio.security.v1beta1.AuthorizationPolicy
weight: 20
aliases: [/zh/docs/reference/config/authorization/authorization-policy]
number_of_entries: 9
@ -44,7 +44,7 @@ but it is useful to be explicit in the policy.</p>
</ul>
<p>when the request has a valid JWT token issued by &ldquo;<a href="https://accounts.google.com">https://accounts.google.com</a>&rdquo;.</p>
<p>Any other requests will be denied.</p>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: httpbin
@ -71,7 +71,7 @@ spec:
<p>The following is another example that sets <code>action</code> to &ldquo;DENY&rdquo; to create a deny policy.
It denies requests from the &ldquo;dev&rdquo; namespace to the &ldquo;POST&rdquo; method on all workloads
in the &ldquo;foo&rdquo; namespace.</p>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: httpbin
@ -89,7 +89,7 @@ spec:
<p>The following is another example that sets <code>action</code> to <code>DENY</code> to create a deny policy.
It denies all the requests with &ldquo;POST&rdquo; method on port &ldquo;8080&rdquo; on all workloads
in the <code>foo</code> namespace.</p>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: AuthorizaionPolicy
metadata:
name: httpbin
@ -111,7 +111,7 @@ The following authorization policy sets the `action` to &quot;AUDIT&quot;. It wi
prefix &quot;/user/profile&quot;.
```yaml
apiVersion: security.istio.io/v1
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
namespace: ns1
@ -137,7 +137,7 @@ namespace, the policy applies to all namespaces in a mesh.</li>
<p>For example,</p>
<p>The following authorization policy applies to all workloads in namespace foo. It allows nothing and effectively denies
all requests to workloads in namespace foo.</p>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: allow-nothing
@ -146,7 +146,7 @@ spec:
{}
</code></pre>
<p>The following authorization policy allows all requests to workloads in namespace foo.</p>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: allow-all
@ -157,7 +157,7 @@ spec:
</code></pre>
<p>The following authorization policy applies to workloads containing label &ldquo;app: httpbin&rdquo; in namespace bar. It allows
nothing and effectively denies all requests to the selected workloads.</p>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: allow-nothing
@ -169,7 +169,7 @@ spec:
</code></pre>
<p>The following authorization policy applies to workloads containing label &ldquo;version: v1&rdquo; in all namespaces in the mesh.
(Assuming the root namespace is configured to &ldquo;istio-system&rdquo;).</p>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: allow-nothing

4
content/zh/docs/reference/config/security/jwt/index.html
View File

@ -6,8 +6,8 @@ description: Configuration to validate JWT.
location: https://istio.io/docs/reference/config/security/jwt.html
layout: protoc-gen-docs
generator: protoc-gen-docs
schema: istio.security.v1.JWTRule
aliases: [/zh/docs/reference/config/security/v1/jwt]
schema: istio.security.v1beta1.JWTRule
aliases: [/zh/docs/reference/config/security/v1beta1/jwt]
number_of_entries: 3
---
<h2 id="JWTRule">JWTRule</h2>

22
content/zh/docs/reference/config/security/request_authentication/index.html
View File

@ -6,8 +6,8 @@ description: Request authentication configuration for workloads.
location: https://istio.io/docs/reference/config/security/request_authentication.html
layout: protoc-gen-docs
generator: protoc-gen-docs
schema: istio.security.v1.RequestAuthentication
aliases: [/zh/docs/reference/config/security/v1/request_authentication]
schema: istio.security.v1beta1.RequestAuthentication
aliases: [/zh/docs/reference/config/security/v1beta1/request_authentication]
number_of_entries: 1
---
<h2 id="RequestAuthentication">RequestAuthentication</h2>
@ -21,7 +21,7 @@ Examples:</p>
<ul>
<li>Require JWT for all request for workloads that have label <code>app:httpbin</code></li>
</ul>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: httpbin
@ -34,7 +34,7 @@ spec:
- issuer: &quot;issuer-foo&quot;
jwksUri: https://example.com/.well-known/jwks.json
---
apiVersion: security.istio.io/v1
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: httpbin
@ -53,7 +53,7 @@ spec:
in a mesh. The following policy makes all workloads only accept requests that contain a
valid JWT token.</li>
</ul>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: req-authn-for-all
@ -63,7 +63,7 @@ spec:
- issuer: &quot;issuer-foo&quot;
jwksUri: https://example.com/.well-known/jwks.json
---
apiVersion: security.istio.io/v1
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: require-jwt-for-all
@ -79,7 +79,7 @@ spec:
declares it can accept JWTs issued by either <code>issuer-foo</code> or <code>issuer-bar</code> (the public key set is implicitly
set from the OpenID Connect spec).</li>
</ul>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: httpbin
@ -92,7 +92,7 @@ spec:
- issuer: &quot;issuer-foo&quot;
- issuer: &quot;issuer-bar&quot;
---
apiVersion: security.istio.io/v1
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: httpbin
@ -120,7 +120,7 @@ spec:
to require JWT on all paths, except /healthz, the same <code>RequestAuthentication</code> can be used, but the
authorization policy could be:</li>
</ul>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: httpbin
@ -150,7 +150,7 @@ currently does not support the <code>.</code> character. Examples: <code>request
<li>AuthorizationPolicy to check for valid principals in the request. This makes the JWT required for the request.</li>
<li>VirtualService to route the request based on the &ldquo;sub&rdquo; claim.</li>
</ul>
<pre><code class="language-yaml">apiVersion: security.istio.io/v1
<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: jwt-on-ingress
@ -163,7 +163,7 @@ spec:
- issuer: &quot;example.com&quot;
jwksUri: https://example.com/.well-known/jwks.json
---
apiVersion: security.istio.io/v1
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: require-jwt