istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix kubectl patch instructions for meshConfig.outboundTrafficPolicy (#7798) 

take into account the case when meshConfig.outboundTrafficPolicy is not defined
This commit is contained in:
Vadim Eisenberg 2020-07-28 19:33:45 +03:00 committed by GitHub
parent 122ca82502
commit f00434d282
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/en/docs/tasks/traffic-management/egress/egress-control/index.md
View File

@ -81,7 +81,7 @@ You can then decide to [configure access to external services](#controlled-acces
If you have explicitly configured `REGISTRY_ONLY` mode, you can run the following command to change it:
{{< text bash >}}
$ kubectl patch istiooperator installed-state -n istio-system --type='json' -p='[{"op": "replace", "path": "/spec/meshConfig/outboundTrafficPolicy/mode", "value": "ALLOW_ANY"}]'
$ kubectl patch istiooperator installed-state -n istio-system --type='json' -p='[{"op": "replace", "path": "/spec/meshConfig/outboundTrafficPolicy", "value": { mode: "ALLOW_ANY"}}]'
{{< /text >}}
{{< /tip >}}
@ -123,7 +123,7 @@ any other unintentional accesses.
1. Run the following command to change the `meshConfig.outboundTrafficPolicy.mode` option to `REGISTRY_ONLY`:
{{< text bash >}}
$ kubectl patch istiooperator installed-state -n istio-system --type='json' -p='[{"op": "replace", "path": "/spec/meshConfig/outboundTrafficPolicy/mode", "value": "REGISTRY_ONLY"}]'
$ kubectl patch istiooperator installed-state -n istio-system --type='json' -p='[{"op": "replace", "path": "/spec/meshConfig/outboundTrafficPolicy", "value": { mode: "REGISTRY_ONLY"}}]'
{{< /text >}}
1. Make a couple of requests to external HTTPS services from `SOURCE_POD` to verify that they are now blocked: