search

servicemesher / istio-official-translation

Istio官网中文本地化
https://www.servicemesher.com/istio-trans/
228 stars 45 forks source link

/docs/tasks/security/mutual-tls/index.md #1075

Closed SataQiu closed 5 years ago

SataQiu commented 5 years ago

Source File: /docs/tasks/security/mutual-tls/index.md Diff:

 diff --git a/content/en/docs/tasks/security/mutual-tls/index.md b/content/en/docs/tasks/security/mutual-tls/index.md
index e97dd4dc..161d7263 100644
--- a/content/en/docs/tasks/security/mutual-tls/index.md
+++ b/content/en/docs/tasks/security/mutual-tls/index.md
@@ -9,9 +9,9 @@ Through this task, you can have closer look at mutual TLS and learn its settings

 * You have completed the [authentication policy](/docs/tasks/security/authn-policy/) task.
 * You are familiar with using authentication policy to enable mutual TLS.
-* Istio runs on Kubernetes with global mutual TLS enabled. You can follow our [instructions to install Istio](/docs/setup/).
+* Istio runs on Kubernetes with global mutual TLS enabled. You can follow our [instructions to install Istio](/docs/setup/kubernetes/).
 If you already have Istio installed, you can add or modify authentication policies and destination rules to enable mutual TLS as described in this [task](/docs/tasks/security/authn-policy/#globally-enabling-istio-mutual-tls).
-* You have deployed the [httpbin]({{< github_tree >}}/samples/httpbin) and [sleep]({{< github_tree >}}/samples/sleep) with Envoy sidecar in the `default` namespace. For example, below is the command to deploy those services with [manual sidecar injection](/docs/setup/additional-setup/sidecar-injection/#manual-sidecar-injection):
+* You have deployed the [httpbin]({{< github_tree >}}/samples/httpbin) and [sleep]({{< github_tree >}}/samples/sleep) with Envoy sidecar in the `default` namespace. For example, below is the command to deploy those services with [manual sidecar injection](/docs/setup/kubernetes/additional-setup/sidecar-injection/#manual-sidecar-injection):

     {{< text bash >}}
     $ kubectl apply -f <(istioctl kube-inject -f @samples/httpbin/httpbin.yaml@)
@@ -69,7 +69,7 @@ Please check [Istio identity](/docs/concepts/security/#istio-identity) for more

 ## Verify mutual TLS configuration

-Use [`istioctl authn tls-check`](/docs/reference/commands/istioctl/#istioctl-authn-tls-check) to check if the mutual TLS settings are in effect. The `istioctl` command needs the client's pod because the destination rule depends on the client's namespace.
+Use the `istioctl` tool to check if the mutual TLS settings are in effect. The `istioctl` command needs the client's pod because the destination rule depends on the client's namespace.
 You can also provide the destination service to filter the status to that service only.

 {{< tip >}}
@@ -92,7 +92,7 @@ In the following example output you can see that:

 {{< text plain >}}
 HOST:PORT                                  STATUS     SERVER     CLIENT     AUTHN POLICY        DESTINATION RULE
-httpbin.default.svc.cluster.local:8000     OK         mTLS       mTLS       /default            istio-system/default
+httpbin.default.svc.cluster.local:8000     OK         mTLS       mTLS       default/            default/istio-system
 {{< /text >}}

 The output shows:
@@ -103,9 +103,9 @@ The output shows:

 * `CLIENT`: the mode used on the client or clients.

-* `AUTHN POLICY`: the namespace and name of the authentication policy. If the policy is the mesh-wide policy, namespace is blank, as in this case: `/default`
+* `AUTHN POLICY`: the name and namespace of the authentication policy. If the policy is the mesh-wide policy, namespace is blank, as in this case: `default/`

-* `DESTINATION RULE`: the namespace and name of the destination rule used.
+* `DESTINATION RULE`: the name and namespace of the destination rule used.

 To illustrate the case when there are conflicts, add a service-specific destination rule for `httpbin` with incorrect TLS mode:

@@ -129,7 +129,7 @@ Run the same `istioctl` command as above, you now see the status is `CONFLICT`,
 {{< text bash >}}
 $ istioctl authn tls-check ${SLEEP_POD} httpbin.default.svc.cluster.local
 HOST:PORT                                  STATUS       SERVER     CLIENT     AUTHN POLICY        DESTINATION RULE
-httpbin.default.svc.cluster.local:8000     CONFLICT     mTLS       HTTP       /default            default/bad-rule
+httpbin.default.svc.cluster.local:8000     CONFLICT     mTLS       HTTP       default/            bad-rule/default
 {{< /text >}}

 You can also confirm that requests from `sleep` to `httpbin` are now failing:
JasonRD commented 5 years ago

/accept

mesher-bot commented 5 years ago

Thank you @JasonRD, this issue had been assigned to you.

JasonRD commented 5 years ago

/pushed

rootsongjc commented 5 years ago

/merged