From a93e7a38f1cfab0a936debb441ab5fc95632316c Mon Sep 17 00:00:00 2001 From: Istio Automation Date: Fri, 8 Dec 2023 18:16:02 -0800 Subject: [PATCH] Automator: update istio.io@ reference docs (#14296) --- .../security/authorization-policy/index.html | 21 +++++++++++++++++++ .../request_authentication/index.html | 19 +++++++++++++++++ .../security/authorization-policy/index.html | 21 +++++++++++++++++++ .../request_authentication/index.html | 19 +++++++++++++++++ 4 files changed, 80 insertions(+) diff --git a/content/en/docs/reference/config/security/authorization-policy/index.html b/content/en/docs/reference/config/security/authorization-policy/index.html index 8f31fdac54..2062cd351c 100644 --- a/content/en/docs/reference/config/security/authorization-policy/index.html +++ b/content/en/docs/reference/config/security/authorization-policy/index.html @@ -396,6 +396,27 @@ will additionally match with workloads in all namespaces.

If the selector and the targetRef are not set, the selector will match all workloads. At most one of the selector and targetRef can be set.

+ + +No + + + +targetRef +PolicyTargetReference + +

Optional. The targetRef specifies the gateway the policy should be +applied to. The targeted resource specified will determine which +workloads the authorization policy applies to. The targeted resource +must be a Gateway in the group gateway.networking.k8s.io. The +gateway must be in the same namespace as the authorization policy.

+

If not set, the policy is applied as defined by the selector. +At most one of the selector and targetRef can be set.

+

NOTE: If you are using the targetRef field in a multi-revision environment with Istio versions prior to 1.20, +it is highly recommended that you pin the authorization policy to a revision running 1.20+ via the istio.io/rev label. +This is to prevent proxies connected to older istiod control planes (that don’t know about the targetRef field) +from misinterpreting the policy as namespace-wide during the upgrade process.

+ No diff --git a/content/en/docs/reference/config/security/request_authentication/index.html b/content/en/docs/reference/config/security/request_authentication/index.html index 24050c3941..16f79507d7 100644 --- a/content/en/docs/reference/config/security/request_authentication/index.html +++ b/content/en/docs/reference/config/security/request_authentication/index.html @@ -407,6 +407,25 @@ in the same namespace as the request authentication policy. If the request authe the selector will additionally match with workloads in all namespaces.

If not set, the selector will match all workloads. At most one of the selector and targetRef can be set.

+ + +No + + + +targetRef +PolicyTargetReference + +

Optional. The targetRef specifies the gateway the policy should be +applied to. The targeted resource specified will determine which +workloads the request authentication policy to. The targeted resource +must be a Gateway in the group gateway.networking.k8s.io. The +gateway must be in the same namespace as the request authentication +policy.

+

If not set, the policy is applied as defined by the selector. +At most one of the selector and targetRef can be set. +Waypoint proxies will not respect selectors even if they match.

+ No diff --git a/content/zh/docs/reference/config/security/authorization-policy/index.html b/content/zh/docs/reference/config/security/authorization-policy/index.html index eb8e1180c5..0412d9d3e1 100644 --- a/content/zh/docs/reference/config/security/authorization-policy/index.html +++ b/content/zh/docs/reference/config/security/authorization-policy/index.html @@ -396,6 +396,27 @@ will additionally match with workloads in all namespaces.

If the selector and the targetRef are not set, the selector will match all workloads. At most one of the selector and targetRef can be set.

+ + +No + + + +targetRef +PolicyTargetReference + +

Optional. The targetRef specifies the gateway the policy should be +applied to. The targeted resource specified will determine which +workloads the authorization policy applies to. The targeted resource +must be a Gateway in the group gateway.networking.k8s.io. The +gateway must be in the same namespace as the authorization policy.

+

If not set, the policy is applied as defined by the selector. +At most one of the selector and targetRef can be set.

+

NOTE: If you are using the targetRef field in a multi-revision environment with Istio versions prior to 1.20, +it is highly recommended that you pin the authorization policy to a revision running 1.20+ via the istio.io/rev label. +This is to prevent proxies connected to older istiod control planes (that don’t know about the targetRef field) +from misinterpreting the policy as namespace-wide during the upgrade process.

+ No diff --git a/content/zh/docs/reference/config/security/request_authentication/index.html b/content/zh/docs/reference/config/security/request_authentication/index.html index 326852f420..d2ecd1d813 100644 --- a/content/zh/docs/reference/config/security/request_authentication/index.html +++ b/content/zh/docs/reference/config/security/request_authentication/index.html @@ -407,6 +407,25 @@ in the same namespace as the request authentication policy. If the request authe the selector will additionally match with workloads in all namespaces.

If not set, the selector will match all workloads. At most one of the selector and targetRef can be set.

+ + +No + + + +targetRef +PolicyTargetReference + +

Optional. The targetRef specifies the gateway the policy should be +applied to. The targeted resource specified will determine which +workloads the request authentication policy to. The targeted resource +must be a Gateway in the group gateway.networking.k8s.io. The +gateway must be in the same namespace as the request authentication +policy.

+

If not set, the policy is applied as defined by the selector. +At most one of the selector and targetRef can be set. +Waypoint proxies will not respect selectors even if they match.

+ No