Automator: update istio.io@ reference docs (#12282)

content/en/docs/reference/config/istio.mesh.v1alpha1/index.html

@@ -7,7 +7,7 @@ location: https://istio.io/docs/reference/config/istio.mesh.v1alpha1.html
 layout: protoc-gen-docs
 generator: protoc-gen-docs
 weight: 20
-number_of_entries: 54
+number_of_entries: 55
 ---
 <p>Configuration affecting the service mesh as a whole.</p>
 
@@ -2488,6 +2488,19 @@ mesh wide or individual per-workload basis.</p>
 <td><code>cryptomb</code></td>
 <td><code><a href="#PrivateKeyProvider-CryptoMb">CryptoMb (oneof)</a></code></td>
 <td>
+<p>Use CryptoMb private key provider</p>
+
+</td>
+<td>
+No
+</td>
+</tr>
+<tr id="PrivateKeyProvider-qat" class="oneof">
+<td><code>qat</code></td>
+<td><code><a href="#PrivateKeyProvider-QAT">QAT (oneof)</a></code></td>
+<td>
+<p>Use QAT private key provider</p>
+
 </td>
 <td>
 No
@@ -3146,7 +3159,38 @@ gets full (eight sign or decrypt requests are received) it is processed immediat
 However, if the queue is not filled before the delay has expired, the requests already in the queue
 are processed, even if the queue is not full.
 In effect, this value controls the balance between latency and throughput.
-The duration needs to be set to a non-zero value.</p>
+The duration needs to be set to a value greater than or equal to 1 millisecond.</p>
+
+</td>
+<td>
+No
+</td>
+</tr>
+</tbody>
+</table>
+</section>
+<h2 id="PrivateKeyProvider-QAT">PrivateKeyProvider.QAT</h2>
+<section>
+<p>QAT (QuickAssist Technology) PrivateKeyProvider configuration</p>
+
+<table class="message-fields">
+<thead>
+<tr>
+<th>Field</th>
+<th>Type</th>
+<th>Description</th>
+<th>Required</th>
+</tr>
+</thead>
+<tbody>
+<tr id="PrivateKeyProvider-QAT-poll_delay">
+<td><code>pollDelay</code></td>
+<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
+<td>
+<p>How long to wait before polling the hardware accelerator after a request has been submitted there.
+Having a small value leads to quicker answers from the hardware but causes more polling loop spins,
+leading to potentially larger CPU usage.
+The duration needs to be set to a value greater than or equal to 1 millisecond.</p>
 
 </td>
 <td>

content/en/docs/reference/config/security/authorization-policy/index.html

@@ -6,7 +6,7 @@ description: Configuration for access control on workloads.
 location: https://istio.io/docs/reference/config/security/authorization-policy.html
 layout: protoc-gen-docs
 generator: protoc-gen-docs
-schema: istio.security.v1beta1.AuthorizationPolicy
+schema: istio.security.v1.AuthorizationPolicy
 weight: 20
 aliases: [/docs/reference/config/authorization/authorization-policy]
 number_of_entries: 9
@@ -44,7 +44,7 @@ but it is useful to be explicit in the policy.</p>
 </ul>
 <p>when the request has a valid JWT token issued by &ldquo;<a href="https://accounts.google.com">https://accounts.google.com</a>&rdquo;.</p>
 <p>Any other requests will be denied.</p>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   name: httpbin
@@ -71,7 +71,7 @@ spec:
 <p>The following is another example that sets <code>action</code> to &ldquo;DENY&rdquo; to create a deny policy.
 It denies requests from the &ldquo;dev&rdquo; namespace to the &ldquo;POST&rdquo; method on all workloads
 in the &ldquo;foo&rdquo; namespace.</p>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   name: httpbin
@@ -86,32 +86,9 @@ spec:
     - operation:
         methods: [&quot;POST&quot;]
 </code></pre>
-<p>The following is another example that sets <code>action</code> to <code>DENY</code> to create a deny policy.
-It denies all the requests with &ldquo;POST&rdquo; method on port &ldquo;8080&rdquo; on all workloads
-in the <code>foo</code> namespace.</p>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
-kind: AuthorizaionPolicy
-metadata:
-  name: httpbin
-  namespace: foo
-spec:
-  action: DENY
-  rules:
-  - to:
-    - operation:
-        methods: [&quot;POST&quot;]
-        ports: [&quot;8080&quot;]
-
-When this rule is applied to TCP traffic, the `method` field (as will all HTTP based attributes) cannot be processed. 
-For a `DENY` rule, missing attributes are treated as matches. This means all TCP traffic on port 8080 would be denied in the example above.
-If we were to remove the `ports` match, all TCP traffic would be denied. As a result, it is recommended to always scope `DENY` policies to a specific port, 
-especially when using HTTP attributes [Authorization Policy for TCP Ports] (https://istio.io/latest/docs/tasks/security/authorization/authz-tcp/).
-
-The following authorization policy sets the `action` to &quot;AUDIT&quot;. It will audit any GET requests to the path with the
-prefix &quot;/user/profile&quot;.
-
-```yaml
-apiVersion: security.istio.io/v1beta1
+<p>The following authorization policy sets the <code>action</code> to &ldquo;AUDIT&rdquo;. It will audit any GET requests to the path with the
+prefix &ldquo;/user/profile&rdquo;.</p>
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   namespace: ns1
@@ -137,7 +114,7 @@ namespace, the policy applies to all namespaces in a mesh.</li>
 <p>For example,</p>
 <p>The following authorization policy applies to all workloads in namespace foo. It allows nothing and effectively denies
 all requests to workloads in namespace foo.</p>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: allow-nothing
@@ -146,7 +123,7 @@ spec:
   {}
 </code></pre>
 <p>The following authorization policy allows all requests to workloads in namespace foo.</p>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: allow-all
@@ -157,7 +134,7 @@ spec:
 </code></pre>
 <p>The following authorization policy applies to workloads containing label &ldquo;app: httpbin&rdquo; in namespace bar. It allows
 nothing and effectively denies all requests to the selected workloads.</p>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   name: allow-nothing
@@ -169,7 +146,7 @@ spec:
 </code></pre>
 <p>The following authorization policy applies to workloads containing label &ldquo;version: v1&rdquo; in all namespaces in the mesh.
 (Assuming the root namespace is configured to &ldquo;istio-system&rdquo;).</p>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: allow-nothing

content/en/docs/reference/config/security/jwt/index.html

@@ -6,8 +6,8 @@ description: Configuration to validate JWT.
 location: https://istio.io/docs/reference/config/security/jwt.html
 layout: protoc-gen-docs
 generator: protoc-gen-docs
-schema: istio.security.v1beta1.JWTRule
-aliases: [/docs/reference/config/security/v1beta1/jwt]
+schema: istio.security.v1.JWTRule
+aliases: [/docs/reference/config/security/v1/jwt]
 number_of_entries: 3
 ---
 <h2 id="JWTRule">JWTRule</h2>
@@ -185,6 +185,8 @@ The header specified in each operation in the list must be unique. Nested claims
   - header: x-jwt-claim-group
     claim: nested.key.group
 </code></pre>
+<p>[Experimental] This feature is a experimental feature.
+TODO: Update the status whenever this feature is promoted</p>
 
 </td>
 <td>

content/en/docs/reference/config/security/request_authentication/index.html

@@ -6,8 +6,8 @@ description: Request authentication configuration for workloads.
 location: https://istio.io/docs/reference/config/security/request_authentication.html
 layout: protoc-gen-docs
 generator: protoc-gen-docs
-schema: istio.security.v1beta1.RequestAuthentication
-aliases: [/docs/reference/config/security/v1beta1/request_authentication]
+schema: istio.security.v1.RequestAuthentication
+aliases: [/docs/reference/config/security/v1/request_authentication]
 number_of_entries: 1
 ---
 <h2 id="RequestAuthentication">RequestAuthentication</h2>
@@ -21,7 +21,7 @@ Examples:</p>
 <ul>
 <li>Require JWT for all request for workloads that have label <code>app:httpbin</code></li>
 </ul>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: RequestAuthentication
 metadata:
   name: httpbin
@@ -34,7 +34,7 @@ spec:
   - issuer: &quot;issuer-foo&quot;
     jwksUri: https://example.com/.well-known/jwks.json
 ---
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   name: httpbin
@@ -53,7 +53,7 @@ spec:
 in a mesh. The following policy makes all workloads only accept requests that contain a
 valid JWT token.</li>
 </ul>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: RequestAuthentication
 metadata:
   name: req-authn-for-all
@@ -63,7 +63,7 @@ spec:
   - issuer: &quot;issuer-foo&quot;
     jwksUri: https://example.com/.well-known/jwks.json
 ---
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   name: require-jwt-for-all
@@ -79,7 +79,7 @@ spec:
 declares it can accept JWTs issued by either <code>issuer-foo</code> or <code>issuer-bar</code> (the public key set is implicitly
 set from the OpenID Connect spec).</li>
 </ul>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: RequestAuthentication
 metadata:
   name: httpbin
@@ -92,7 +92,7 @@ spec:
   - issuer: &quot;issuer-foo&quot;
   - issuer: &quot;issuer-bar&quot;
 ---
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   name: httpbin
@@ -120,7 +120,7 @@ spec:
 to require JWT on all paths, except /healthz, the same <code>RequestAuthentication</code> can be used, but the
 authorization policy could be:</li>
 </ul>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   name: httpbin
@@ -150,7 +150,7 @@ currently does not support the <code>.</code> character. Examples: <code>request
 <li>AuthorizationPolicy to check for valid principals in the request. This makes the JWT required for the request.</li>
 <li>VirtualService to route the request based on the &ldquo;sub&rdquo; claim.</li>
 </ul>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: RequestAuthentication
 metadata:
   name: jwt-on-ingress
@@ -163,7 +163,7 @@ spec:
   - issuer: &quot;example.com&quot;
     jwksUri: https://example.com/.well-known/jwks.json
 ---
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   name: require-jwt

content/zh/docs/reference/config/istio.mesh.v1alpha1/index.html

@@ -7,7 +7,7 @@ location: https://istio.io/docs/reference/config/istio.mesh.v1alpha1.html
 layout: protoc-gen-docs
 generator: protoc-gen-docs
 weight: 20
-number_of_entries: 54
+number_of_entries: 55
 ---
 <p>Configuration affecting the service mesh as a whole.</p>
 
@@ -2488,6 +2488,19 @@ mesh wide or individual per-workload basis.</p>
 <td><code>cryptomb</code></td>
 <td><code><a href="#PrivateKeyProvider-CryptoMb">CryptoMb (oneof)</a></code></td>
 <td>
+<p>Use CryptoMb private key provider</p>
+
+</td>
+<td>
+No
+</td>
+</tr>
+<tr id="PrivateKeyProvider-qat" class="oneof">
+<td><code>qat</code></td>
+<td><code><a href="#PrivateKeyProvider-QAT">QAT (oneof)</a></code></td>
+<td>
+<p>Use QAT private key provider</p>
+
 </td>
 <td>
 No
@@ -3146,7 +3159,38 @@ gets full (eight sign or decrypt requests are received) it is processed immediat
 However, if the queue is not filled before the delay has expired, the requests already in the queue
 are processed, even if the queue is not full.
 In effect, this value controls the balance between latency and throughput.
-The duration needs to be set to a non-zero value.</p>
+The duration needs to be set to a value greater than or equal to 1 millisecond.</p>
+
+</td>
+<td>
+No
+</td>
+</tr>
+</tbody>
+</table>
+</section>
+<h2 id="PrivateKeyProvider-QAT">PrivateKeyProvider.QAT</h2>
+<section>
+<p>QAT (QuickAssist Technology) PrivateKeyProvider configuration</p>
+
+<table class="message-fields">
+<thead>
+<tr>
+<th>Field</th>
+<th>Type</th>
+<th>Description</th>
+<th>Required</th>
+</tr>
+</thead>
+<tbody>
+<tr id="PrivateKeyProvider-QAT-poll_delay">
+<td><code>pollDelay</code></td>
+<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
+<td>
+<p>How long to wait before polling the hardware accelerator after a request has been submitted there.
+Having a small value leads to quicker answers from the hardware but causes more polling loop spins,
+leading to potentially larger CPU usage.
+The duration needs to be set to a value greater than or equal to 1 millisecond.</p>
 
 </td>
 <td>

content/zh/docs/reference/config/security/authorization-policy/index.html

@@ -6,7 +6,7 @@ description: Configuration for access control on workloads.
 location: https://istio.io/docs/reference/config/security/authorization-policy.html
 layout: protoc-gen-docs
 generator: protoc-gen-docs
-schema: istio.security.v1beta1.AuthorizationPolicy
+schema: istio.security.v1.AuthorizationPolicy
 weight: 20
 aliases: [/zh/docs/reference/config/authorization/authorization-policy]
 number_of_entries: 9
@@ -44,7 +44,7 @@ but it is useful to be explicit in the policy.</p>
 </ul>
 <p>when the request has a valid JWT token issued by &ldquo;<a href="https://accounts.google.com">https://accounts.google.com</a>&rdquo;.</p>
 <p>Any other requests will be denied.</p>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   name: httpbin
@@ -71,7 +71,7 @@ spec:
 <p>The following is another example that sets <code>action</code> to &ldquo;DENY&rdquo; to create a deny policy.
 It denies requests from the &ldquo;dev&rdquo; namespace to the &ldquo;POST&rdquo; method on all workloads
 in the &ldquo;foo&rdquo; namespace.</p>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   name: httpbin
@@ -86,32 +86,9 @@ spec:
     - operation:
         methods: [&quot;POST&quot;]
 </code></pre>
-<p>The following is another example that sets <code>action</code> to <code>DENY</code> to create a deny policy.
-It denies all the requests with &ldquo;POST&rdquo; method on port &ldquo;8080&rdquo; on all workloads
-in the <code>foo</code> namespace.</p>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
-kind: AuthorizaionPolicy
-metadata:
-  name: httpbin
-  namespace: foo
-spec:
-  action: DENY
-  rules:
-  - to:
-    - operation:
-        methods: [&quot;POST&quot;]
-        ports: [&quot;8080&quot;]
-
-When this rule is applied to TCP traffic, the `method` field (as will all HTTP based attributes) cannot be processed. 
-For a `DENY` rule, missing attributes are treated as matches. This means all TCP traffic on port 8080 would be denied in the example above.
-If we were to remove the `ports` match, all TCP traffic would be denied. As a result, it is recommended to always scope `DENY` policies to a specific port, 
-especially when using HTTP attributes [Authorization Policy for TCP Ports] (https://istio.io/latest/docs/tasks/security/authorization/authz-tcp/).
-
-The following authorization policy sets the `action` to &quot;AUDIT&quot;. It will audit any GET requests to the path with the
-prefix &quot;/user/profile&quot;.
-
-```yaml
-apiVersion: security.istio.io/v1beta1
+<p>The following authorization policy sets the <code>action</code> to &ldquo;AUDIT&rdquo;. It will audit any GET requests to the path with the
+prefix &ldquo;/user/profile&rdquo;.</p>
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   namespace: ns1
@@ -137,7 +114,7 @@ namespace, the policy applies to all namespaces in a mesh.</li>
 <p>For example,</p>
 <p>The following authorization policy applies to all workloads in namespace foo. It allows nothing and effectively denies
 all requests to workloads in namespace foo.</p>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: allow-nothing
@@ -146,7 +123,7 @@ spec:
   {}
 </code></pre>
 <p>The following authorization policy allows all requests to workloads in namespace foo.</p>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: allow-all
@@ -157,7 +134,7 @@ spec:
 </code></pre>
 <p>The following authorization policy applies to workloads containing label &ldquo;app: httpbin&rdquo; in namespace bar. It allows
 nothing and effectively denies all requests to the selected workloads.</p>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   name: allow-nothing
@@ -169,7 +146,7 @@ spec:
 </code></pre>
 <p>The following authorization policy applies to workloads containing label &ldquo;version: v1&rdquo; in all namespaces in the mesh.
 (Assuming the root namespace is configured to &ldquo;istio-system&rdquo;).</p>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
  name: allow-nothing

content/zh/docs/reference/config/security/jwt/index.html

@@ -6,8 +6,8 @@ description: Configuration to validate JWT.
 location: https://istio.io/docs/reference/config/security/jwt.html
 layout: protoc-gen-docs
 generator: protoc-gen-docs
-schema: istio.security.v1beta1.JWTRule
-aliases: [/zh/docs/reference/config/security/v1beta1/jwt]
+schema: istio.security.v1.JWTRule
+aliases: [/zh/docs/reference/config/security/v1/jwt]
 number_of_entries: 3
 ---
 <h2 id="JWTRule">JWTRule</h2>
@@ -185,6 +185,8 @@ The header specified in each operation in the list must be unique. Nested claims
   - header: x-jwt-claim-group
     claim: nested.key.group
 </code></pre>
+<p>[Experimental] This feature is a experimental feature.
+TODO: Update the status whenever this feature is promoted</p>
 
 </td>
 <td>

content/zh/docs/reference/config/security/request_authentication/index.html

@@ -6,8 +6,8 @@ description: Request authentication configuration for workloads.
 location: https://istio.io/docs/reference/config/security/request_authentication.html
 layout: protoc-gen-docs
 generator: protoc-gen-docs
-schema: istio.security.v1beta1.RequestAuthentication
-aliases: [/zh/docs/reference/config/security/v1beta1/request_authentication]
+schema: istio.security.v1.RequestAuthentication
+aliases: [/zh/docs/reference/config/security/v1/request_authentication]
 number_of_entries: 1
 ---
 <h2 id="RequestAuthentication">RequestAuthentication</h2>
@@ -21,7 +21,7 @@ Examples:</p>
 <ul>
 <li>Require JWT for all request for workloads that have label <code>app:httpbin</code></li>
 </ul>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: RequestAuthentication
 metadata:
   name: httpbin
@@ -34,7 +34,7 @@ spec:
   - issuer: &quot;issuer-foo&quot;
     jwksUri: https://example.com/.well-known/jwks.json
 ---
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   name: httpbin
@@ -53,7 +53,7 @@ spec:
 in a mesh. The following policy makes all workloads only accept requests that contain a
 valid JWT token.</li>
 </ul>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: RequestAuthentication
 metadata:
   name: req-authn-for-all
@@ -63,7 +63,7 @@ spec:
   - issuer: &quot;issuer-foo&quot;
     jwksUri: https://example.com/.well-known/jwks.json
 ---
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   name: require-jwt-for-all
@@ -79,7 +79,7 @@ spec:
 declares it can accept JWTs issued by either <code>issuer-foo</code> or <code>issuer-bar</code> (the public key set is implicitly
 set from the OpenID Connect spec).</li>
 </ul>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: RequestAuthentication
 metadata:
   name: httpbin
@@ -92,7 +92,7 @@ spec:
   - issuer: &quot;issuer-foo&quot;
   - issuer: &quot;issuer-bar&quot;
 ---
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   name: httpbin
@@ -120,7 +120,7 @@ spec:
 to require JWT on all paths, except /healthz, the same <code>RequestAuthentication</code> can be used, but the
 authorization policy could be:</li>
 </ul>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   name: httpbin
@@ -150,7 +150,7 @@ currently does not support the <code>.</code> character. Examples: <code>request
 <li>AuthorizationPolicy to check for valid principals in the request. This makes the JWT required for the request.</li>
 <li>VirtualService to route the request based on the &ldquo;sub&rdquo; claim.</li>
 </ul>
-<pre><code class="language-yaml">apiVersion: security.istio.io/v1beta1
+<pre><code class="language-yaml">apiVersion: security.istio.io/v1
 kind: RequestAuthentication
 metadata:
   name: jwt-on-ingress
@@ -163,7 +163,7 @@ spec:
   - issuer: &quot;example.com&quot;
     jwksUri: https://example.com/.well-known/jwks.json
 ---
-apiVersion: security.istio.io/v1beta1
+apiVersion: security.istio.io/v1
 kind: AuthorizationPolicy
 metadata:
   name: require-jwt