Automator: update istio.io@ reference docs

content/en/docs/reference/commands/istioctl/index.html

@@ -2452,15 +2452,15 @@ <h2 id="istioctl-experimental-revision-describe">istioctl experimental revision
 </tbody>
 </table>
 <h3 id="istioctl-experimental-revision-describe Examples">Examples</h3>
-<pre class="language-bash"><code>  # View the details of a revision named &#39;canary&#39;    
+<pre class="language-bash"><code>  # View the details of a revision named &#39;canary&#39;
   istioctl experimental revision describe canary
 
   # View the details of a revision named &#39;canary&#39; and also the pods
   # under that particular revision
   istioctl experimental revision describe canary -v
 
   # Get details about a revision in json format (default format is human-friendly table format)
-  istioctl experimental revision describe canary -v -o json 
+  istioctl experimental revision describe canary -v -o json
 
 </code></pre>
 <h2 id="istioctl-experimental-revision-list">istioctl experimental revision list</h2>
@@ -2518,7 +2518,7 @@ <h2 id="istioctl-experimental-revision-list">istioctl experimental revision list
 </table>
 <h3 id="istioctl-experimental-revision-list Examples">Examples</h3>
 <pre class="language-bash"><code>  # View summary of revisions installed in the current cluster
-  # which can be overridden with --context parameter. 
+  # which can be overridden with --context parameter.
   istioctl experimental revision list
 
   # View list of revisions including customizations, istiod and gateway pods
@@ -5631,6 +5631,12 @@ <h2 id="envvars">Environment variables</h2>
 <td>If enabled, checks to see if the configured JwksUri in RequestAuthentication is a mesh cluster URL and configures Remote Jwks to let Envoy fetch the Jwks instead of Istiod.</td>
 </tr>
 <tr>
+<td><code>PILOT_JWT_PUB_KEY_REFRESH_INTERVAL</code></td>
+<td>Time Duration</td>
+<td><code>20m0s</code></td>
+<td>The interval for istiod to fetch the jwks_uri for the jwks public key.</td>
+</tr>
+<tr>
 <td><code>PILOT_PUSH_THROTTLE</code></td>
 <td>Integer</td>
 <td><code>100</code></td>

content/en/docs/reference/commands/operator/index.html

@@ -452,6 +452,12 @@ <h2 id="envvars">Environment variables</h2>
 <td>If enabled, checks to see if the configured JwksUri in RequestAuthentication is a mesh cluster URL and configures Remote Jwks to let Envoy fetch the Jwks instead of Istiod.</td>
 </tr>
 <tr>
+<td><code>PILOT_JWT_PUB_KEY_REFRESH_INTERVAL</code></td>
+<td>Time Duration</td>
+<td><code>20m0s</code></td>
+<td>The interval for istiod to fetch the jwks_uri for the jwks public key.</td>
+</tr>
+<tr>
 <td><code>PILOT_PUSH_THROTTLE</code></td>
 <td>Integer</td>
 <td><code>100</code></td>

content/en/docs/reference/commands/pilot-agent/index.html

@@ -1026,6 +1026,12 @@ <h2 id="envvars">Environment variables</h2>
 <td>If enabled, checks to see if the configured JwksUri in RequestAuthentication is a mesh cluster URL and configures Remote Jwks to let Envoy fetch the Jwks instead of Istiod.</td>
 </tr>
 <tr>
+<td><code>PILOT_JWT_PUB_KEY_REFRESH_INTERVAL</code></td>
+<td>Time Duration</td>
+<td><code>20m0s</code></td>
+<td>The interval for istiod to fetch the jwks_uri for the jwks public key.</td>
+</tr>
+<tr>
 <td><code>PILOT_PUSH_THROTTLE</code></td>
 <td>Integer</td>
 <td><code>100</code></td>

content/en/docs/reference/commands/pilot-discovery/index.html

@@ -861,6 +861,12 @@ <h2 id="envvars">Environment variables</h2>
 <td>If enabled, checks to see if the configured JwksUri in RequestAuthentication is a mesh cluster URL and configures Remote Jwks to let Envoy fetch the Jwks instead of Istiod.</td>
 </tr>
 <tr>
+<td><code>PILOT_JWT_PUB_KEY_REFRESH_INTERVAL</code></td>
+<td>Time Duration</td>
+<td><code>20m0s</code></td>
+<td>The interval for istiod to fetch the jwks_uri for the jwks public key.</td>
+</tr>
+<tr>
 <td><code>PILOT_PUSH_THROTTLE</code></td>
 <td>Integer</td>
 <td><code>100</code></td>

content/en/docs/reference/config/istio.operator.v1alpha1/index.html

@@ -118,6 +118,18 @@ <h2 id="IstioOperatorSpec">IstioOperatorSpec</h2>
 <p>Identify the revision this installation is associated with.
 This option is currently experimental.</p>
 
+</td>
+<td>
+No
+</td>
+</tr>
+<tr id="IstioOperatorSpec-default_revision">
+<td><code>defaultRevision</code></td>
+<td><code>bool</code></td>
+<td>
+<p>Identify whether this revision is the default revision for the cluster
+This option is currently experimental.</p>
+
 </td>
 <td>
 No

content/en/docs/reference/config/networking/destination-rule/index.html

@@ -239,9 +239,6 @@ <h2 id="DestinationRule">DestinationRule</h2>
 the destination rule is declared in. Similarly, the value &ldquo;*&rdquo; is reserved and
 defines an export to all namespaces.</p>
 
-<p>NOTE: in the current release, the <code>exportTo</code> value is restricted to
-&ldquo;.&rdquo; or &ldquo;*&rdquo; (i.e., the current namespace or all namespaces).</p>
-
 </td>
 <td>
 No
@@ -694,7 +691,7 @@ <h2 id="OutlierDetection">OutlierDetection</h2>
         http2MaxRequests: 1000
         maxRequestsPerConnection: 10
     outlierDetection:
-      consecutiveErrors: 7
+      consecutive5xxErrors: 7
       interval: 5m
       baseEjectionTime: 15m
 </code></pre>
@@ -717,7 +714,7 @@ <h2 id="OutlierDetection">OutlierDetection</h2>
         http2MaxRequests: 1000
         maxRequestsPerConnection: 10
     outlierDetection:
-      consecutiveErrors: 7
+      consecutive5xxErrors: 7
       interval: 5m
       baseEjectionTime: 15m
 </code></pre>

content/en/docs/reference/config/networking/envoy-filter/index.html

@@ -67,9 +67,9 @@
     patch:
       operation: INSERT_BEFORE
       value:
-        # This is the full filter config including the name and config or typed_config section.
+        # This is the full filter config including the name and typed_config section.
         name: "envoy.config.filter.network.custom_protocol"
-        config:
+        typed_config:
          ...
   - applyTo: NETWORK_FILTER # http connection manager is a filter in Envoy
     match:
@@ -111,26 +111,30 @@
       context: SIDECAR_INBOUND
       listener:
         portNumber: 8080
+        filterChain:
+          filter:
+            name: "envoy.filters.network.http_connection_manager"
+            subFilter:
+              name: "envoy.filters.http.router"
     patch:
-      operation: ADD
-      filterClass: AUTHZ # This filter will run *after* the Istio authz filter.
+      operation: INSERT_BEFORE
       value: # lua filter specification
-        name: envoy.filters.http.lua
-        typed_config:
+       name: envoy.lua
+       typed_config:
           "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
           inlineCode: |
-           function envoy_on_request(request_handle)
-             -- Make an HTTP call to an upstream host with the following headers, body, and timeout.
-             local headers, body = request_handle:httpCall(
-              "lua_cluster",
-              {
-               [":method"] = "POST",
-               [":path"] = "/acl",
-               [":authority"] = "internal.org.net"
-              },
-             "authorize call",
-             5000)
-           end
+            function envoy_on_request(request_handle)
+              -- Make an HTTP call to an upstream host with the following headers, body, and timeout.
+              local headers, body = request_handle:httpCall(
+               "lua_cluster",
+               {
+                [":method"] = "POST",
+                [":path"] = "/acl",
+                [":authority"] = "internal.org.net"
+               },
+              "authorize call",
+              5000)
+            end
   # The second patch adds the cluster that is referenced by the lua code
   # cds match is omitted as a new cluster is being added
   - applyTo: CLUSTER
@@ -143,12 +147,16 @@
         type: STRICT_DNS
         connect_timeout: 0.5s
         lb_policy: ROUND_ROBIN
-        hosts:
-        - socket_address:
-            protocol: TCP
-            address: "internal.org.net"
-            port_value: 8888
-
+        load_assignment:
+          cluster_name: lua_cluster
+          endpoints:
+          - lb_endpoints:
+            - endpoint:
+                address:
+                  socket_address:
+                    protocol: TCP
+                    address: "internal.org.net"
+                    port_value: 8888
 </code></pre>
 
 <p>The following example overwrites certain fields (HTTP idle timeout
@@ -177,9 +185,11 @@
     patch:
       operation: MERGE
       value:
-        common_http_protocol_options:
-          idle_timeout: 30s
-        xff_num_trusted_hops: 5
+        typed_config:
+          &quot;@type&quot;: &quot;type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager&quot;
+          xff_num_trusted_hops: 5
+          common_http_protocol_options:
+            idle_timeout: 30s
 </code></pre>
 
 <p>The following example inserts an attributegen filter
@@ -249,9 +259,9 @@
           grpc_service:
             envoy_grpc:
               cluster_name: acme-ext-authz
-              initial_metadata:
-              - key: foo
-                value: myauth.acme # required by local ext auth server.
+            initial_metadata:
+            - key: foo
+              value: myauth.acme # required by local ext auth server.
 </code></pre>
 
 <p>A workload in the <code>myns</code> namespace needs to access a different ext_auth server
@@ -315,8 +325,10 @@
                 remote:
                   http_uri:
                     uri: http://my-wasm-binary-uri
-            configuration: |
-              {}
+            configuration:
+              &quot;@type&quot;: &quot;type.googleapis.com/google.protobuf.StringValue&quot;
+              value: |
+                {}
   # The second patch instructs to apply the above Wasm filter to the listener/http connection manager.
   - applyTo: HTTP_FILTER
     match:

content/en/docs/reference/config/networking/gateway/index.html

@@ -253,8 +253,7 @@
   hosts:
   - mongosvr.prod.svc.cluster.local # name of internal Mongo service
   gateways:
-  - some-config-namespace/my-gateway # can omit the namespace if gateway is in same
-                                       namespace as virtual service.
+  - some-config-namespace/my-gateway # can omit the namespace if gateway is in same namespace as virtual service.
   tcp:
   - match:
     - port: 27017
@@ -278,8 +277,7 @@
   hosts:
   - mongosvr.prod.svc.cluster.local # name of internal Mongo service
   gateways:
-  - some-config-namespace/my-gateway # can omit the namespace if gateway is in same
-                                       namespace as virtual service.
+  - some-config-namespace/my-gateway # can omit the namespace if gateway is in same namespace as virtual service.
   tcp:
   - match:
     - port: 27017

content/en/docs/reference/config/networking/service-entry/index.html

@@ -593,13 +593,13 @@
   endpoints:
   - address: us.foo.bar.com
     ports:
-      https: 8080
+      http: 8080
   - address: uk.foo.bar.com
     ports:
-      https: 9080
+      http: 9080
   - address: in.foo.bar.com
     ports:
-      https: 7080
+      http: 7080
 </code></pre>
 
 <p>{{</tab>}}
@@ -949,9 +949,6 @@ <h2 id="ServiceEntry">ServiceEntry</h2>
 the annotation &ldquo;networking.istio.io/exportTo&rdquo; to a comma-separated list
 of namespace names.</p>
 
-<p>NOTE: in the current release, the <code>exportTo</code> value is restricted to
-&ldquo;.&rdquo; or &ldquo;*&rdquo; (i.e., the current namespace or all namespaces).</p>
-
 </td>
 <td>
 No

content/en/docs/reference/config/networking/sidecar/index.html

@@ -667,7 +667,7 @@ <h2 id="IstioEgressListener">IstioEgressListener</h2>
 <h2 id="WorkloadSelector">WorkloadSelector</h2>
 <section>
 <p><code>WorkloadSelector</code> specifies the criteria used to determine if the
-<code>Gateway</code>, <code>Sidecar</code>, or <code>EnvoyFilter</code> or <code>ServiceEntry</code>
+<code>Gateway</code>, <code>Sidecar</code>, <code>EnvoyFilter</code>, or <code>ServiceEntry</code>
 configuration can be applied to a proxy. The matching criteria
 includes the metadata associated with a proxy, workload instance
 info such as labels attached to the pod/VM, or any other info that

content/en/docs/reference/config/networking/virtual-service/index.html

@@ -512,7 +512,7 @@ <h2 id="Destination">Destination</h2>
     name: example-http
     protocol: HTTP
   resolution: DNS
-
+---
 apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
@@ -544,7 +544,7 @@ <h2 id="Destination">Destination</h2>
     name: example-http
     protocol: HTTP
   resolution: DNS
-
+---
 apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
@@ -950,7 +950,7 @@ <h2 id="Headers">Headers</h2>
   - headers:
       request:
         set:
-          test: true
+          test: &quot;true&quot;
     route:
     - destination:
         host: reviews.prod.svc.cluster.local
@@ -981,7 +981,7 @@ <h2 id="Headers">Headers</h2>
   - headers:
       request:
         set:
-          test: true
+          test: &quot;true&quot;
     route:
     - destination:
         host: reviews.prod.svc.cluster.local
@@ -2274,7 +2274,7 @@ <h2 id="HTTPRetry">HTTPRetry</h2>
 <td><code>perTryTimeout</code></td>
 <td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
 <td>
-<p>Timeout per retry attempt for a given request. format: 1h/1m/1s/1ms. MUST BE &gt;=1ms.
+<p>Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE &gt;=1ms.
 Default is same value as request
 <code>timeout</code> of the <a href="/docs/reference/config/networking/virtual-service/#HTTPRoute">HTTP route</a>,
 which means no timeout.</p>

content/en/docs/reference/config/networking/workload-group/index.html

@@ -52,7 +52,7 @@
      path: /foo/bar
      host: 127.0.0.1
      port: 3100
-     scheme: https
+     scheme: HTTPS
      httpHeaders:
      - name: Lit-Header
        value: Im-The-Best