istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove the mixer policy concept page (#6470) 

* remove the mixer policy concept page

* also remove in concept page

* update task

* update
This commit is contained in:
Yangmin Zhu 2020-02-28 11:06:11 -08:00 committed by GitHub
parent 178bfe0d01
commit e525b3b182
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 41 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
content/en/docs/concepts/policies/index.md
View File

@ -1,16 +0,0 @@
---
title: Policies
description: Describes Istio's policy management functionality.
weight: 30
keywords: [policy,policies]
---
Istio lets you configure custom policies for your application to enforce rules at runtime such as:
- Rate limiting to dynamically limit the traffic to a service
- Denials, whitelists, and blacklists, to restrict access to services
- Header rewrites and redirects
Istio also lets you create your own [policy adapters](/docs/tasks/policy-enforcement/control-headers) to add, for example, your own custom authorization behavior.
You must [enable policy enforcement](/docs/tasks/policy-enforcement/enabling-policy) for your mesh to use this feature.

7
content/en/docs/concepts/security/index.md
View File

@ -9,6 +9,7 @@ aliases:
- /docs/concepts/security/mutual-tls/
- /docs/concepts/security/rbac/
- /docs/concepts/security/mutual-tls.html
- /docs/concepts/policies/
---
Breaking down a monolithic application into atomic services offers various benefits, including better agility, better scalability
@ -818,9 +819,3 @@ the authorization policy:
Mutual TLS is not required if you don't use any of the above fields in the
authorization policy.
### Using other authorization mechanisms
While we strongly recommend using the Istio authorization mechanisms,
Istio is flexible enough to allow you to plug in your own authentication and authorization mechanisms via the Mixer component.
To use and configure plugins in Mixer, visit our [policies and telemetry adapters docs](/docs/reference/config/policy-and-telemetry/adapters).

12
content/en/docs/concepts/what-is-istio/index.md
View File

@ -74,18 +74,6 @@ secure {{<gloss>}}pod{{</gloss>}}-to-pod or service-to-service communication at
Refer to the [Security concepts guide](/docs/concepts/security/) for more details.
### Policies
Istio lets you configure custom policies for your application to enforce rules at runtime such as:
* Rate limiting to dynamically limit the traffic to a service
* Denials, whitelists, and blacklists, to restrict access to services
* Header rewrites and redirects
Istio also lets you create your own [policy adapters](/docs/tasks/policy-enforcement/control-headers) to add, for example, your own custom authorization behavior.
Refer to the [Policies concepts guide](/docs/concepts/policies/) for more details.
### Observability
Istios robust tracing, monitoring, and logging features give you deep insights into your service mesh deployment. Gain a real understanding of how service performance

10
content/en/docs/tasks/policy-enforcement/control-headers/index.md
View File

@ -1,10 +1,18 @@
---
title: Control Headers and Routing
title: Control Headers and Routing (Deprecated)
description: Shows how to modify request headers and routing using policy adapters.
weight: 20
keywords: [policies,routing]
---
{{< warning >}}
The mixer policy is deprecated in Istio 1.5 and not recommended for production usage.
Consider using Envoy [`ext_authz` filter](https://www.envoyproxy.io/docs/envoy/v1.13.0/intro/arch_overview/security/ext_authz_filter),
[`lua` filter](https://www.envoyproxy.io/docs/envoy/v1.13.0/configuration/http/http_filters/lua_filter),
or write a filter using the [`Envoy-wasm` sandbox](https://github.com/envoyproxy/envoy-wasm/tree/master/test/extensions/filters/http/wasm/test_data).
{{< /warning >}}
This task demonstrates how to use a policy adapter to manipulate request headers and routing.
## Before you begin

9
content/en/docs/tasks/policy-enforcement/denial-and-list/index.md
View File

@ -1,5 +1,5 @@
---
title: Denials and White/Black Listing
title: Denials and White/Black Listing (Deprecated)
description: Shows how to control access to a service using simple denials or white/black listing.
weight: 20
keywords: [policies,denial,whitelist,blacklist]
@ -9,6 +9,13 @@ aliases:
- /docs/tasks/security/secure-access-control/index.html
---
{{< warning >}}
The mixer policy is deprecated in Istio 1.5 and not recommended for production usage.
Please use the [Authorization Policy](/docs/concepts/security/#authorization) for
enforcing access control to a workload.
{{< /warning >}}
This task shows how to control access to a service using simple denials, attribute-based white or black listing, or IP-based white or black listing.
## Before you begin

16
content/en/docs/tasks/policy-enforcement/enabling-policy/index.md
View File

@ -1,10 +1,24 @@
---
title: Enabling Policy Enforcement
title: Enabling Policy Enforcement (Deprecated)
description: This task shows you how to enable Istio policy enforcement.
weight: 1
keywords: [policies]
---
{{< warning >}}
The mixer policy is deprecated in Istio 1.5 and not recommended for production usage.
* Rate limiting: Consider using [Envoy native rate limiting](https://www.envoyproxy.io/docs/envoy/v1.13.0/intro/arch_overview/other_features/global_rate_limiting)
instead of mixer rate limiting. Istio will add support for native rate limiting API through the Istio extensions API.
* Control headers and routing: Consider using Envoy [`ext_authz` filter](https://www.envoyproxy.io/docs/envoy/v1.13.0/intro/arch_overview/security/ext_authz_filter),
[`lua` filter](https://www.envoyproxy.io/docs/envoy/v1.13.0/configuration/http/http_filters/lua_filter),
or write a filter using the [`Envoy-wasm` sandbox](https://github.com/envoyproxy/envoy-wasm/tree/master/test/extensions/filters/http/wasm/test_data).
* Denials and White/Black Listing: Please use the [Authorization Policy](/docs/concepts/security/#authorization) for
enforcing access control to a workload.
{{< /warning >}}
This task shows you how to enable Istio policy enforcement.
## At install time

9
content/en/docs/tasks/policy-enforcement/rate-limiting/index.md
View File

@ -1,5 +1,5 @@
---
title: Enabling Rate Limits
title: Enabling Rate Limits (Deprecated)
description: This task shows you how to use Istio to dynamically limit the traffic to a service.
weight: 10
keywords: [policies,quotas]
@ -7,6 +7,13 @@ aliases:
- /docs/tasks/rate-limiting.html
---
{{< warning >}}
The mixer policy is deprecated in Istio 1.5 and not recommended for production usage.
Consider using [Envoy native rate limiting](https://www.envoyproxy.io/docs/envoy/v1.13.0/intro/arch_overview/other_features/global_rate_limiting)
instead of mixer rate limiting. Istio will add support for native rate limiting API through the Istio extensions API.
{{< /warning >}}
This task shows you how to use Istio to dynamically limit the traffic to a
service.