Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/docs/tasks/security/authorization/authz-td-migration/index.md #1984

Open
SataQiu opened this issue Mar 25, 2020 · 2 comments
Open

/docs/tasks/security/authorization/authz-td-migration/index.md #1984

SataQiu opened this issue Mar 25, 2020 · 2 comments
Assignees
@SataQiu
Labels
lang/zh priority/P0 sync/update 官方文档发生变更 translating 翻译中 version/1.6

Comments

@SataQiu
Copy link
Member

SataQiu commented Mar 25, 2020

Source File: /docs/tasks/security/authorization/authz-td-migration/index.md
Diff:

 diff --git a/content/en/docs/tasks/security/authorization/authz-td-migration/index.md b/content/en/docs/tasks/security/authorization/authz-td-migration/index.md
index 20ad1b312..f20b75814 100644
--- a/content/en/docs/tasks/security/authorization/authz-td-migration/index.md
+++ b/content/en/docs/tasks/security/authorization/authz-td-migration/index.md
@@ -1,7 +1,7 @@
 ---
 title: Authorization Policy Trust Domain Migration
 description: Shows how to migrate from one trust domain to another without changing authorization policy.
-weight: 40
+weight: 60
 keywords: [security,access-control,rbac,authorization,trust domain, migration]
 ---
 
@@ -20,18 +20,7 @@ In Istio 1.4, we introduce an alpha feature to support {{< gloss >}}trust domain
 1. Install Istio with a custom trust domain and mutual TLS enabled.
 
     {{< text bash >}}
-    $ cat <<EOF > ./td-installation.yaml
-    apiVersion: install.istio.io/v1alpha2
-    kind: IstioControlPlane
-    spec:
-      values:
-        global:
-          controlPlaneSecurityEnabled: false
-          mtls:
-            enabled: true
-          trustDomain: old-td
-    EOF
-    $ istioctl manifest apply --set profile=demo -f td-installation.yaml
+    $ istioctl manifest apply --set profile=demo --set values.global.trustDomain=old-td
     {{< /text >}}
 
 1. Deploy the [httpbin]({{< github_tree >}}/samples/httpbin) sample in the `default` namespace
@@ -95,33 +84,11 @@ Notice that it may take tens of seconds for the authorization policy to be propa
 1. Install Istio with a new trust domain.
 
     {{< text bash >}}
-    $ cat <<EOF > ./td-installation.yaml
-    apiVersion: install.istio.io/v1alpha2
-    kind: IstioControlPlane
-    spec:
-      values:
-        global:
-          controlPlaneSecurityEnabled: false
-          mtls:
-            enabled: true
-          trustDomain: new-td
-    EOF
-    $ istioctl manifest apply --set profile=demo -f td-installation.yaml
+    $ istioctl manifest apply --set profile=demo --set values.global.trustDomain=new-td
     {{< /text >}}
 
     Istio mesh is now running with a new trust domain, `new-td`.
 
-1. Delete secrets of `sleep` and `httpbin` in `default` namespace and in `sleep-allow` namespace. Notice if you install Istio with SDS,
-you don't need to follow this step. Learn more about [Provisioning Identity through SDS](/docs/tasks/security/citadel-config/auth-sds/)
-
-    {{< text bash >}}
-    $ kubectl delete secrets istio.sleep; kubectl delete secrets istio.httpbin;
-    {{< /text >}}
-
-    {{< text bash >}}
-    $ kubectl delete secrets istio.sleep -n sleep-allow
-    {{< /text >}}
-
 1. Redeploy the `httpbin` and `sleep` applications to pick up changes from the new Istio control plane.
 
     {{< text bash >}}
@@ -157,14 +124,11 @@ you don't need to follow this step. Learn more about [Provisioning Identity thro
 
     {{< text bash >}}
     $ cat <<EOF > ./td-installation.yaml
-    apiVersion: install.istio.io/v1alpha2
-    kind: IstioControlPlane
+    apiVersion: install.istio.io/v1alpha1
+    kind: IstioOperator
     spec:
       values:
         global:
-          controlPlaneSecurityEnabled: false
-          mtls:
-            enabled: true
           trustDomain: new-td
           trustDomainAliases:
             - old-td
@@ -201,8 +165,8 @@ as the old trust domain without you having to include the aliases.
 
 {{< text bash >}}
 $ kubectl delete authorizationpolicy service-httpbin.default.svc.cluster.local
-$ kubectl delete deploy httpbin; k delete service httpbin; k delete serviceaccount httpbin
-$ kubectl delete deploy sleep; k delete service sleep; k delete serviceaccount sleep
+$ kubectl delete deploy httpbin; kubectl delete service httpbin; kubectl delete serviceaccount httpbin
+$ kubectl delete deploy sleep; kubectl delete service sleep; kubectl delete serviceaccount sleep
 $ kubectl delete namespace sleep-allow
 $ istioctl manifest generate --set profile=demo -f td-installation.yaml | kubectl delete -f -
-{{< /text >}}
\ No newline at end of file
+{{< /text >}}
@mesher-bot mesher-bot added the welcome 新 Issue,尚未处理 label Mar 25, 2020
@SataQiu SataQiu added lang/zh sync/update 官方文档发生变更 priority/P0 pending 待认领(新任务/有更新) and removed welcome 新 Issue,尚未处理 labels Mar 25, 2020
@SataQiu
Copy link
Member Author

SataQiu commented Apr 10, 2020

/accept

@mesher-bot mesher-bot added translating 翻译中 and removed pending 待认领(新任务/有更新) labels Apr 10, 2020
@mesher-bot
Copy link

Thank you @SataQiu, this issue had been assigned to you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SataQiu SataQiu

Labels
lang/zh priority/P0 sync/update 官方文档发生变更 translating 翻译中 version/1.6
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SataQiu @mesher-bot