refactors: docs to v1beta3

Signed-off-by: KevFan <[email protected]>

api/v1beta3/groupversion_info.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-// Package v1beta2 contains API Schema definitions for the config v1beta2 API group
+// Package v1beta3 contains API Schema definitions for the config v1beta3 API group
 // +kubebuilder:object:generate=true
 // +groupName=authorino.kuadrant.io
 package v1beta3

controllers/auth_config_controller_test.go

@@ -110,7 +110,7 @@ func newTestAuthConfig(authConfigLabels map[string]string) api.AuthConfig {
 	return api.AuthConfig{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "AuthConfig",
-			APIVersion: "authorino.kuadrant.io/v1beta2",
+			APIVersion: "authorino.kuadrant.io/v1beta3",
 		},
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "auth-config-1",

controllers/auth_config_status_updater_test.go

@@ -176,7 +176,7 @@ func mockStatusUpdateAuthConfigWithLabelsAndHosts(labels map[string]string, host
 	return api.AuthConfig{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "AuthConfig",
-			APIVersion: "authorino.kuadrant.io/v1beta2",
+			APIVersion: "authorino.kuadrant.io/v1beta3",
 		},
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "auth-config-1",

docs/architecture.md

@@ -71,7 +71,7 @@ The desired protection for a service is declaratively stated by applying an `Aut
 An `AuthConfig` resource typically looks like the following:
 
 ```yaml
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: my-api-protection

docs/features.md

@@ -89,7 +89,7 @@ Whenever an `AuthConfig` is indexed, Authorino will also index all matching API
 **Example.** For the following `AuthConfig`:
 
 ```yaml
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: my-api-protection
@@ -135,7 +135,7 @@ The list of `audiences` of the token must include the requested host and port of
 For the following `AuthConfig` CR, the Kubernetes token must include the audience `my-api.io`:
 
 ```yaml
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: my-api-protection
@@ -150,7 +150,7 @@ spec:
 Whereas for the following `AuthConfig` CR, the Kubernetes token audiences must include **foo** and **bar**:
 
 ```yaml
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: my-api-protection
@@ -606,7 +606,7 @@ User-defined dynamic JSON objects generated by Authorino in the response phase,
 The following Authorino `AuthConfig` custom resource is an example that defines 3 dynamic JSON response items, where two items are returned to the client, stringified, in added HTTP headers, and the third as Envoy Dynamic Metadata. Envoy proxy can be configured to propagate the dynamic metadata emitted by Authorino into another filter – e.g. the rate limit filter.
 
 ```yaml
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   namespace: my-namespace
@@ -656,7 +656,7 @@ Festival Wristbands are signed OpenID Connect JSON Web Tokens (JWTs) issued by A
 The Authorino `AuthConfig` custom resource below sets an API protection that issues a wristband after a successful authentication via API key. Apart from standard JWT claims, the wristband contains 2 custom claims: a static value `aud=internal` and a dynamic value `born` that fetches from the authorization JSON the date/time of creation of the secret that represents the API key used to authenticate.
 
 ```yaml
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   namespace: my-namespace
@@ -750,7 +750,7 @@ Priorities can be set using the `priority` property available in all evaluator c
 Consider the following example to understand how priorities work:
 
 ```yaml
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection
@@ -1116,7 +1116,7 @@ By default, Authorino will only export metrics down to the level of the AuthConf
 E.g.:
 
 ```yaml
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: my-authconfig

docs/getting-started.md

@@ -333,7 +333,7 @@ For authentication based on OpenID Connect (OIDC) JSON Web Tokens (JWT), plus on
 
 ```sh
 kubectl -n myapp apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: my-api-protection

docs/user-guides/anonymous-access.md

@@ -122,7 +122,7 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/api-key-authentication.md

@@ -126,7 +126,7 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/authenticated-rate-limiting-envoy-dynamic-metadata.md

@@ -140,7 +140,7 @@ An annotation `auth-data/username` will be read from the Kubernetes API Key secr
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/authzed.md

@@ -263,7 +263,7 @@ Create the AuthConfig:
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/caching.md

@@ -148,7 +148,7 @@ The cached values will be visible in the response returned by the Talker API in
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/deny-with-redirect-to-login.md

@@ -128,7 +128,7 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: matrix-quotes-protection
@@ -240,7 +240,7 @@ kubectl set env deployment/matrix-quotes KEYCLOAK_REALM=http://keycloak:8080/rea
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: matrix-quotes-protection

docs/user-guides/edge-authentication-architecture-festival-wristbands.md

@@ -173,7 +173,7 @@ Create the config:
 
 ```sh
 kubectl -n edge apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: edge-auth
@@ -255,7 +255,7 @@ kubectl -n internal port-forward deployment/envoy 8000:8000 2>&1 >/dev/null &
 
 ```sh
 kubectl -n internal apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/envoy-jwt-authn-and-authorino.md

@@ -341,7 +341,7 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/external-metadata.md

@@ -134,7 +134,7 @@ The implementation relies on the [`X-Forwarded-For`](https://datatracker.ietf.or
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/host-override.md

@@ -63,7 +63,7 @@ virtual_hosts:
 Create the AuthConfig for the **Pets API**:
 
 ```yaml
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: dogs-api-protection
@@ -77,7 +77,7 @@ spec:
 Create the AuthConfig for the **Cats API**:
 
 ```yaml
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: cats-api-protection
@@ -121,7 +121,7 @@ The `host` context extension used above is any key that matches one of the hosts
 Create the AuthConfig for the **Pets API**:
 
 ```yaml
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: pets-api-protection

docs/user-guides/http-basic-authentication.md

@@ -131,7 +131,7 @@ The config uses API Key secrets to store base64-encoded `username:password` HTTP
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/injecting-data.md

@@ -132,7 +132,7 @@ The following defines a JSON object to be injected as an added HTTP header into
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/json-pattern-matching-authorization.md

@@ -142,7 +142,7 @@ The implementation relies on the [`X-Forwarded-For`](https://datatracker.ietf.or
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/keycloak-authorization-services.md

@@ -150,7 +150,7 @@ Whenever an RPT with proper permissions is obtained by Authorino, the RPT is sup
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/kubernetes-subjectaccessreview.md

@@ -130,7 +130,7 @@ The `AuthConfig` below sets all Kubernetes service accounts as trusted users of
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/kubernetes-tokenreview.md

@@ -129,7 +129,7 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/mtls-authentication.md

@@ -350,7 +350,7 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/oauth2-token-introspection.md

@@ -169,7 +169,7 @@ Create the Authorino `AuthConfig` custom resource declaring the auth rules to be
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/observability.md

@@ -1241,26 +1241,24 @@ The examples below are all with `--log-level=debug` and `--log-mode=production`.
   <summary>Booting up the service</summary>
 
   ```jsonc
-  {"level":"info","ts":1669220526.929678,"logger":"authorino","msg":"setting instance base logger","min level":"debug","mode":"production"}
-  {"level":"info","ts":1669220526.929718,"logger":"authorino","msg":"booting up authorino","version":"7688cfa32317a49f0461414e741c980e9c05dba3"}
-  {"level":"debug","ts":1669220526.9297278,"logger":"authorino","msg":"setting up with options","auth-config-label-selector":"","deep-metrics-enabled":"false","enable-leader-election":"false","evaluator-cache-size":"1","ext-auth-grpc-port":"50051","ext-auth-http-port":"5001","health-probe-addr":":8081","log-level":"debug","log-mode":"production","max-http-request-body-size":"8192","metrics-addr":":8080","oidc-http-port":"8083","oidc-tls-cert":"/etc/ssl/certs/oidc.crt","oidc-tls-cert-key":"/etc/ssl/private/oidc.key","secret-label-selector":"authorino.kuadrant.io/managed-by=authorino","timeout":"0","tls-cert":"/etc/ssl/certs/tls.crt","tls-cert-key":"/etc/ssl/private/tls.key","watch-namespace":"default"}
-  {"level":"info","ts":1669220527.9816976,"logger":"authorino.controller-runtime.metrics","msg":"Metrics server is starting to listen","addr":":8080"}
-  {"level":"info","ts":1669220527.9823213,"logger":"authorino","msg":"starting grpc auth service","port":50051,"tls":true}
-  {"level":"info","ts":1669220527.9823658,"logger":"authorino","msg":"starting http auth service","port":5001,"tls":true}
-  {"level":"info","ts":1669220527.9824295,"logger":"authorino","msg":"starting http oidc service","port":8083,"tls":true}
-  {"level":"info","ts":1669220527.9825335,"logger":"authorino","msg":"starting manager"}
-  {"level":"info","ts":1669220527.982721,"logger":"authorino","msg":"Starting server","path":"/metrics","kind":"metrics","addr":"[::]:8080"}
-  {"level":"info","ts":1669220527.982766,"logger":"authorino","msg":"Starting server","kind":"health probe","addr":"[::]:8081"}
-  {"level":"info","ts":1669220527.9829438,"logger":"authorino.controller.secret","msg":"Starting EventSource","reconciler group":"","reconciler kind":"Secret","source":"kind source: *v1.Secret"}
-  {"level":"info","ts":1669220527.9829693,"logger":"authorino.controller.secret","msg":"Starting Controller","reconciler group":"","reconciler kind":"Secret"}
-  {"level":"info","ts":1669220527.9829714,"logger":"authorino.controller.authconfig","msg":"Starting EventSource","reconciler group":"authorino.kuadrant.io","reconciler kind":"AuthConfig","source":"kind source: *v1beta1.AuthConfig"}
-  {"level":"info","ts":1669220527.9830208,"logger":"authorino.controller.authconfig","msg":"Starting Controller","reconciler group":"authorino.kuadrant.io","reconciler kind":"AuthConfig"}
-  {"level":"info","ts":1669220528.0834699,"logger":"authorino.controller.authconfig","msg":"Starting workers","reconciler group":"authorino.kuadrant.io","reconciler kind":"AuthConfig","worker count":1}
-  {"level":"info","ts":1669220528.0836608,"logger":"authorino.controller.secret","msg":"Starting workers","reconciler group":"","reconciler kind":"Secret","worker count":1}
-  {"level":"info","ts":1669220529.041266,"logger":"authorino","msg":"starting status update manager"}
-  {"level":"info","ts":1669220529.0418258,"logger":"authorino.controller.authconfig","msg":"Starting EventSource","reconciler group":"authorino.kuadrant.io","reconciler kind":"AuthConfig","source":"kind source: *v1beta1.AuthConfig"}
-  {"level":"info","ts":1669220529.0418813,"logger":"authorino.controller.authconfig","msg":"Starting Controller","reconciler group":"authorino.kuadrant.io","reconciler kind":"AuthConfig"}
-  {"level":"info","ts":1669220529.1432905,"logger":"authorino.controller.authconfig","msg":"Starting workers","reconciler group":"authorino.kuadrant.io","reconciler kind":"AuthConfig","worker count":1}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"setting instance base logger","min level":"info","mode":"production"}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"build information","version":"v1beta3","commit":"ae2dc8150af2e6cdb35957ba7305c4c2a76d6149","dirty":"false","cmd":"server"}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"starting http auth service","port":5001,"tls":false}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"starting grpc auth service","port":50051,"tls":false}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"starting http oidc service","port":8083,"tls":false}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"starting reconciliation manager"}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"starting server","kind":"health probe","addr":"[::]:8081"}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino.controller-runtime.metrics","msg":"Starting metrics server"}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino.controller-runtime.metrics","msg":"Serving metrics server","bindAddress":":8080","secure":false}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"Starting EventSource","controller":"authconfig","controllerGroup":"authorino.kuadrant.io","controllerKind":"AuthConfig","source":"kind source: *v1beta3.AuthConfig"}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"Starting EventSource","controller":"secret","controllerGroup":"","controllerKind":"Secret","source":"kind source: *v1.Secret"}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"Starting Controller","controller":"secret","controllerGroup":"","controllerKind":"Secret"}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"Starting Controller","controller":"authconfig","controllerGroup":"authorino.kuadrant.io","controllerKind":"AuthConfig"}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"starting status update manager"}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"Starting EventSource","controller":"authconfig","controllerGroup":"authorino.kuadrant.io","controllerKind":"AuthConfig","source":"kind source: *v1beta3.AuthConfig"}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"Starting Controller","controller":"authconfig","controllerGroup":"authorino.kuadrant.io","controllerKind":"AuthConfig"}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"Starting workers","controller":"secret","controllerGroup":"","controllerKind":"Secret","worker count":1}
+  {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"Starting workers","controller":"authconfig","controllerGroup":"authorino.kuadrant.io","controllerKind":"AuthConfig","worker count":1}
   ```
 </details>
 

docs/user-guides/oidc-jwt-authentication.md

@@ -135,7 +135,7 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/oidc-rbac.md

@@ -146,7 +146,7 @@ Apply the AuthConfig:
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/oidc-user-info.md

@@ -137,7 +137,7 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/opa-authorization.md

@@ -135,7 +135,7 @@ The implementation relies on the [`X-Forwarded-For`](https://datatracker.ietf.or
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection

docs/user-guides/passing-credentials.md

@@ -135,7 +135,7 @@ In this example, `member` users can authenticate supplying the API key in any of
 
 ```sh
 kubectl apply -f -<<EOF
-apiVersion: authorino.kuadrant.io/v1beta2
+apiVersion: authorino.kuadrant.io/v1beta3
 kind: AuthConfig
 metadata:
   name: talker-api-protection