diff --git a/authentication/v1alpha1/istio.authentication.v1alpha1.pb.html b/authentication/v1alpha1/istio.authentication.v1alpha1.pb.html index 7a469d34143..5bd84c0c47b 100644 --- a/authentication/v1alpha1/istio.authentication.v1alpha1.pb.html +++ b/authentication/v1alpha1/istio.authentication.v1alpha1.pb.html @@ -365,7 +365,7 @@

Policy

apiVersion: authentication.istio.io/v1alpha1
 kind: Policy
 metadata:
-  name: productpage_mTLS_disable
+  name: productpage-mTLS-disable
   namespace: frod
 spec:
   targets:
@@ -378,7 +378,7 @@ 
Policy

 
apiVersion: authentication.istio.io/v1alpha1
 kind: Policy
 metadata:
-  name: productpage_mTLS_with_JWT
+  name: productpage-mTLS-with-JWT
   namespace: frod
 spec:
   targets:
diff --git a/authentication/v1alpha1/policy.pb.go b/authentication/v1alpha1/policy.pb.go
index 9774aa4acec..d4f4f1cd8a3 100644
--- a/authentication/v1alpha1/policy.pb.go
+++ b/authentication/v1alpha1/policy.pb.go
@@ -851,7 +851,7 @@ func (m *OriginAuthenticationMethod) GetJwt() *Jwt {
 // apiVersion: authentication.istio.io/v1alpha1
 // kind: Policy
 // metadata:
-//   name: productpage_mTLS_disable
+//   name: productpage-mTLS-disable
 //   namespace: frod
 // spec:
 //   targets:
@@ -864,7 +864,7 @@ func (m *OriginAuthenticationMethod) GetJwt() *Jwt {
 // apiVersion: authentication.istio.io/v1alpha1
 // kind: Policy
 // metadata:
-//   name: productpage_mTLS_with_JWT
+//   name: productpage-mTLS-with-JWT
 //   namespace: frod
 // spec:
 //   targets:
diff --git a/authentication/v1alpha1/policy.proto b/authentication/v1alpha1/policy.proto
index 25c07c3e96e..30fcd32cb24 100644
--- a/authentication/v1alpha1/policy.proto
+++ b/authentication/v1alpha1/policy.proto
@@ -284,7 +284,7 @@ enum PrincipalBinding {
 // apiVersion: authentication.istio.io/v1alpha1
 // kind: Policy
 // metadata:
-//   name: productpage_mTLS_disable
+//   name: productpage-mTLS-disable
 //   namespace: frod
 // spec:
 //   targets:
@@ -297,7 +297,7 @@ enum PrincipalBinding {
 // apiVersion: authentication.istio.io/v1alpha1
 // kind: Policy
 // metadata:
-//   name: productpage_mTLS_with_JWT
+//   name: productpage-mTLS-with-JWT
 //   namespace: frod
 // spec:
 //   targets:
diff --git a/networking/v1alpha3/gateway.pb.go b/networking/v1alpha3/gateway.pb.go
index 53ff90247ba..09dac14fbd5 100644
--- a/networking/v1alpha3/gateway.pb.go
+++ b/networking/v1alpha3/gateway.pb.go
@@ -35,7 +35,7 @@
 //       httpsRedirect: true # sends 301 redirect for http requests
 //   - port:
 //       number: 443
-//       name: https
+//       name: https-443
 //       protocol: HTTPS
 //     hosts:
 //     - uk.bookinfo.com
@@ -46,7 +46,7 @@
 //       privateKey: /etc/certs/privatekey.pem
 //   - port:
 //       number: 9443
-//       name: https
+//       name: https-9443
 //       protocol: HTTPS
 //     hosts:
 //     - "bookinfo-namespace/*.bookinfo.com"
@@ -100,19 +100,19 @@
 //   - match:
 //     - headers:
 //         cookie:
-//           user: dev-123
+//           exact: "user=dev-123"
 //     route:
 //     - destination:
 //         port:
 //           number: 7777
 //         host: reviews.qa.svc.cluster.local
 //   - match:
-//       uri:
+//     - uri:
 //         prefix: /reviews/
 //     route:
 //     - destination:
 //         port:
-//           number: 9080 # can be omitted if its the only port for reviews
+//           number: 9080 # can be omitted if it's the only port for reviews
 //         host: reviews.prod.svc.cluster.local
 //       weight: 80
 //     - destination:
diff --git a/networking/v1alpha3/gateway.pb.html b/networking/v1alpha3/gateway.pb.html
index 2e8bd131e75..b33c8596418 100644
--- a/networking/v1alpha3/gateway.pb.html
+++ b/networking/v1alpha3/gateway.pb.html
@@ -39,7 +39,7 @@
       httpsRedirect: true # sends 301 redirect for http requests
   - port:
       number: 443
-      name: https
+      name: https-443
       protocol: HTTPS
     hosts:
     - uk.bookinfo.com
@@ -50,7 +50,7 @@
       privateKey: /etc/certs/privatekey.pem
   - port:
       number: 9443
-      name: https
+      name: https-9443
       protocol: HTTPS
     hosts:
     - "bookinfo-namespace/*.bookinfo.com"
@@ -103,19 +103,19 @@
   - match:
     - headers:
         cookie:
-          user: dev-123
+          exact: "user=dev-123"
     route:
     - destination:
         port:
           number: 7777
         host: reviews.qa.svc.cluster.local
   - match:
-      uri:
+    - uri:
         prefix: /reviews/
     route:
     - destination:
         port:
-          number: 9080 # can be omitted if its the only port for reviews
+          number: 9080 # can be omitted if it's the only port for reviews
         host: reviews.prod.svc.cluster.local
       weight: 80
     - destination:
diff --git a/networking/v1alpha3/gateway.proto b/networking/v1alpha3/gateway.proto
index ea314aa192c..f2eda7789ff 100644
--- a/networking/v1alpha3/gateway.proto
+++ b/networking/v1alpha3/gateway.proto
@@ -52,7 +52,7 @@ syntax = "proto3";
 //       httpsRedirect: true # sends 301 redirect for http requests
 //   - port:
 //       number: 443
-//       name: https
+//       name: https-443
 //       protocol: HTTPS
 //     hosts:
 //     - uk.bookinfo.com
@@ -63,7 +63,7 @@ syntax = "proto3";
 //       privateKey: /etc/certs/privatekey.pem
 //   - port:
 //       number: 9443
-//       name: https
+//       name: https-9443
 //       protocol: HTTPS
 //     hosts:
 //     - "bookinfo-namespace/*.bookinfo.com"
@@ -117,19 +117,19 @@ syntax = "proto3";
 //   - match:
 //     - headers:
 //         cookie:
-//           user: dev-123
+//           exact: "user=dev-123"
 //     route:
 //     - destination:
 //         port:
 //           number: 7777
 //         host: reviews.qa.svc.cluster.local
 //   - match:
-//       uri:
+//     - uri:
 //         prefix: /reviews/
 //     route:
 //     - destination:
 //         port:
-//           number: 9080 # can be omitted if its the only port for reviews
+//           number: 9080 # can be omitted if it's the only port for reviews
 //         host: reviews.prod.svc.cluster.local
 //       weight: 80
 //     - destination:
diff --git a/networking/v1alpha3/virtual_service.pb.go b/networking/v1alpha3/virtual_service.pb.go
index dc79fdf24e0..70b9761954b 100644
--- a/networking/v1alpha3/virtual_service.pb.go
+++ b/networking/v1alpha3/virtual_service.pb.go
@@ -2092,7 +2092,7 @@ func (m *HTTPRetry) GetRetryOn() string {
 //       allowCredentials: false
 //       allowHeaders:
 //       - X-Foo-Bar
-//       maxAge: "1d"
+//       maxAge: "24h"
 // ```
 //
 type CorsPolicy struct {
diff --git a/networking/v1alpha3/virtual_service.pb.html b/networking/v1alpha3/virtual_service.pb.html
index c55e804f1fd..c11babb33d4 100644
--- a/networking/v1alpha3/virtual_service.pb.html
+++ b/networking/v1alpha3/virtual_service.pb.html
@@ -124,7 +124,7 @@ 
CorsPolicy

       allowCredentials: false
       allowHeaders:
       - X-Foo-Bar
-      maxAge: "1d"
+      maxAge: "24h"
 

 
 
diff --git a/networking/v1alpha3/virtual_service.proto b/networking/v1alpha3/virtual_service.proto
index dadf6fe195f..c22e1086bc4 100644
--- a/networking/v1alpha3/virtual_service.proto
+++ b/networking/v1alpha3/virtual_service.proto
@@ -953,7 +953,7 @@ message HTTPRetry {
 //       allowCredentials: false
 //       allowHeaders:
 //       - X-Foo-Bar
-//       maxAge: "1d"
+//       maxAge: "24h"
 // ```
 //
 message CorsPolicy {
diff --git a/rbac/v1alpha1/istio.rbac.v1alpha1.pb.html b/rbac/v1alpha1/istio.rbac.v1alpha1.pb.html
index edc324f0e83..a7ef8cbbbef 100644
--- a/rbac/v1alpha1/istio.rbac.v1alpha1.pb.html
+++ b/rbac/v1alpha1/istio.rbac.v1alpha1.pb.html
@@ -4,7 +4,7 @@
 location: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html
 layout: protoc-gen-docs
 generator: protoc-gen-docs
-number_of_entries: 9
+number_of_entries: 8
 ---
 
Istio RBAC (Role Based Access Control) defines ServiceRole and ServiceRoleBinding
 objects.

@@ -37,7 +37,7 @@
     methods: ["GET", "HEAD"]
     constraints:
     - key: "destination.labels[version]"
-      value: ["v1", "v2"]
+      values: ["v1", "v2"]
 
A ServiceRoleBinding specification includes two parts:

@@ -164,66 +164,6 @@ 
AccessRule.Constraint

 For example, the value “v1alpha2” matches “v1alpha2” (exact match),
 or “v1” (prefix match), or “alpha2” (suffix match).

 
-
-
-
-

 
 

-
-
RbacConfig

-

-
RbacConfig defines the global config to control Istio RBAC behavior.
-This Custom Resource is a singleton where only one Custom Resource should be created globally in
-the mesh and the namespace should be the same to other Istio components, which usually is istio-system.
-Note: This is enforced in both istioctl and server side, new Custom Resource will be rejected if found any
-existing one, the user should either delete the existing one or change the existing one directly.

-
-
Below is an example of RbacConfig object “istio-rbac-config” which enables Istio RBAC for all
-services in the default namespace.

-
-
apiVersion: "rbac.istio.io/v1alpha1"
-kind: RbacConfig
-metadata:
-  name: default
-  namespace: istio-system
-spec:
-  mode: ON_WITH_INCLUSION
-  inclusion:
-    namespaces: [ "default" ]
-

-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/rbac/v1alpha1/rbac.pb.go b/rbac/v1alpha1/rbac.pb.go
index 297f24ca196..7f7c1b6e0bd 100644
--- a/rbac/v1alpha1/rbac.pb.go
+++ b/rbac/v1alpha1/rbac.pb.go
@@ -31,7 +31,7 @@
 //     methods: ["GET", "HEAD"]
 //     constraints:
 //     - key: "destination.labels[version]"
-//       value: ["v1", "v2"]
+//       values: ["v1", "v2"]
 // ```
 //
 // A ServiceRoleBinding specification includes two parts:
@@ -834,7 +834,8 @@ func (m *RoleRef) GetName() string {
 	return ""
 }
 
-// RbacConfig defines the global config to control Istio RBAC behavior.
+// $hide_from_docs
+// RbacConfig is deprecated.  RbacConfig defined the global config to control Istio RBAC behavior.
 // This Custom Resource is a singleton where only one Custom Resource should be created globally in
 // the mesh and the namespace should be the same to other Istio components, which usually is istio-system.
 // Note: This is enforced in both istioctl and server side, new Custom Resource will be rejected if found any
diff --git a/rbac/v1alpha1/rbac.proto b/rbac/v1alpha1/rbac.proto
index 85ea2a666f2..00ef04811b7 100644
--- a/rbac/v1alpha1/rbac.proto
+++ b/rbac/v1alpha1/rbac.proto
@@ -48,7 +48,7 @@ syntax = "proto3";
 //     methods: ["GET", "HEAD"]
 //     constraints:
 //     - key: "destination.labels[version]"
-//       value: ["v1", "v2"]
+//       values: ["v1", "v2"]
 // ```
 //
 // A ServiceRoleBinding specification includes two parts:
@@ -294,7 +294,8 @@ message RoleRef {
   string name = 2;
 }
 
-// RbacConfig defines the global config to control Istio RBAC behavior.
+// $hide_from_docs
+// RbacConfig is deprecated.  RbacConfig defined the global config to control Istio RBAC behavior.
 // This Custom Resource is a singleton where only one Custom Resource should be created globally in
 // the mesh and the namespace should be the same to other Istio components, which usually is istio-system.
 // Note: This is enforced in both istioctl and server side, new Custom Resource will be rejected if found any

FieldTypeDescription
modeRbacConfig.Mode
-
Istio RBAC mode.

-
-
inclusionRbacConfig.Target
-
A list of services or namespaces that should be enforced by Istio RBAC policies. Note: This field have
-effect only when mode is ONWITHINCLUSION and will be ignored for any other modes.

-
-
exclusionRbacConfig.Target
-
A list of services or namespaces that should not be enforced by Istio RBAC policies. Note: This field have
-effect only when mode is ONWITHEXCLUSION and will be ignored for any other modes.

-