istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Switch the site infrastructure from Jekyll to Hugo

This commit is contained in:
Martin Taillefer 2018-05-25 20:22:47 -07:00 committed by GitHub
parent a5493c717e 951a8ed9f4
commit 00cfab7307
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
485 changed files with 2170 additions and 3546 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
.circleci/config.yml
View File

@ -1,64 +0,0 @@
# Ruby CircleCI 2.0 configuration file
#
# Check https://circleci.com/docs/2.0/language-ruby/ for more details
#
version: 2
jobs:
build:
docker:
# specify the version you desire here
- image: circleci/ruby:2.4.1-node-browsers
working_directory: ~/repo
steps:
- checkout
# Download and cache dependencies
- restore_cache:
keys:
- v4-dependencies-{{ checksum "Gemfile.lock" }}
# fallback to using the latest cache if no exact match is found
- v4-dependencies-
- run:
name: Installing proofer dependencies
command: |
gem install bundler
bundle install --jobs=4 --retry=3 --path .vendor/bundle
- save_cache:
paths:
- ./.vendor/bundle
key: v4-dependencies-{{ checksum "Gemfile.lock" }}
- restore_cache:
keys:
- htmlproofer-cache-v3
- run:
name: Proofing HTML
command:
bundle exec rake test
# save the external URLs cache
- save_cache:
key: htmlproofer-cache-v3
paths:
- tmp/.htmlproofer
- run:
name: Installing speller dependencies
command: |
mkdir -p .vendor/node
npm install --prefix .vendor/node markdown-spellcheck
- run:
name: Checking markdown spelling
command:
.vendor/node/node_modules/markdown-spellcheck/bin/mdspell --en-us --ignore-acronyms --ignore-numbers --no-suggestions --report *.md */*.md */*/*.md */*/*/*.md */*/*/*/*.md
- run:
name: Checking markdown style
command:
mdl --ignore-front-matter --style mdl_style.rb .

10
.gitignore vendored
View File

@ -1,15 +1,11 @@
_site
_rakesite
_static_site
.bundle
config_override.yml
.jekyll-metadata
# Eclipse artifacts
.project
.pydevproject
*.iml
.idea/
.bundle/
tmp/
*.bak
.DS_Store
.tools
.htmlproofer
public

1
.spelling
View File

@ -429,6 +429,7 @@ ratelimit-handler
raw.githubusercontent.com
raw.githubusercontent.com)
reachability
rearchitect
readinessProbe
redis
redis-master-2353460263-1ecey

21
404.md
View File

@ -1,21 +0,0 @@
---
title: Page Not Found
description: Page redirection
weight: 1
layout: notfound
---
{% include home.html %}
<div class="icon">
<img alt="Warning" title="Uh-oh" src="{{home}}/img/exclamation-mark.svg" />
</div>
<div class="error">
We're sorry, the page you requested cannot be found
</div>
<div class="explanation">
The URL may be misspelled or the page you're looking for is no longer available
</div>

1
CNAME
View File

@ -1 +0,0 @@
preliminary.istio.io

8
Gemfile
View File

@ -1,8 +0,0 @@
source "https://rubygems.org"
gem "github-pages", group: :jekyll_plugins
gem "jekyll-include-cache", "~> 0.1"
gem "nokogiri", ">= 1.8.1"
gem "html-proofer", ">= 3.8.0"
gem "rake"
gem "mdl"

278
Gemfile.lock
View File

@ -1,278 +0,0 @@
GEM
remote: https://rubygems.org/
specs:
activesupport (4.2.9)
i18n (~> 0.7)
minitest (~> 5.1)
thread_safe (~> 0.3, >= 0.3.4)
tzinfo (~> 1.1)
addressable (2.5.2)
public_suffix (>= 2.0.2, < 4.0)
coffee-script (2.4.1)
coffee-script-source
execjs
coffee-script-source (1.11.1)
colorator (1.1.0)
colorize (0.8.1)
commonmarker (0.17.9)
ruby-enum (~> 0.5)
concurrent-ruby (1.0.5)
em-websocket (0.5.1)
eventmachine (>= 0.12.9)
http_parser.rb (~> 0.6.0)
ethon (0.11.0)
ffi (>= 1.3.0)
eventmachine (1.2.5)
execjs (2.7.0)
faraday (0.14.0)
multipart-post (>= 1.2, < 3)
ffi (1.9.23)
forwardable-extended (2.6.0)
gemoji (3.0.0)
github-pages (180)
activesupport (= 4.2.9)
github-pages-health-check (= 1.4.0)
jekyll (= 3.7.3)
jekyll-avatar (= 0.5.0)
jekyll-coffeescript (= 1.1.1)
jekyll-commonmark-ghpages (= 0.1.5)
jekyll-default-layout (= 0.1.4)
jekyll-feed (= 0.9.3)
jekyll-gist (= 1.5.0)
jekyll-github-metadata (= 2.9.4)
jekyll-mentions (= 1.3.0)
jekyll-optional-front-matter (= 0.3.0)
jekyll-paginate (= 1.1.0)
jekyll-readme-index (= 0.2.0)
jekyll-redirect-from (= 0.13.0)
jekyll-relative-links (= 0.5.3)
jekyll-remote-theme (= 0.2.3)
jekyll-sass-converter (= 1.5.2)
jekyll-seo-tag (= 2.4.0)
jekyll-sitemap (= 1.2.0)
jekyll-swiss (= 0.4.0)
jekyll-theme-architect (= 0.1.0)
jekyll-theme-cayman (= 0.1.0)
jekyll-theme-dinky (= 0.1.0)
jekyll-theme-hacker (= 0.1.0)
jekyll-theme-leap-day (= 0.1.0)
jekyll-theme-merlot (= 0.1.0)
jekyll-theme-midnight (= 0.1.0)
jekyll-theme-minimal (= 0.1.0)
jekyll-theme-modernist (= 0.1.0)
jekyll-theme-primer (= 0.5.2)
jekyll-theme-slate (= 0.1.0)
jekyll-theme-tactile (= 0.1.0)
jekyll-theme-time-machine (= 0.1.0)
jekyll-titles-from-headings (= 0.5.1)
jemoji (= 0.9.0)
kramdown (= 1.16.2)
liquid (= 4.0.0)
listen (= 3.1.5)
mercenary (~> 0.3)
minima (= 2.4.0)
nokogiri (>= 1.8.1, < 2.0)
rouge (= 2.2.1)
terminal-table (~> 1.4)
github-pages-health-check (1.4.0)
addressable (~> 2.3)
net-dns (~> 0.8)
octokit (~> 4.0)
public_suffix (~> 2.0)
typhoeus (~> 1.3)
html-pipeline (2.7.1)
activesupport (>= 2)
nokogiri (>= 1.4)
html-proofer (3.8.0)
activesupport (>= 4.2, < 6.0)
addressable (~> 2.3)
colorize (~> 0.8)
mercenary (~> 0.3.2)
nokogiri (~> 1.8.1)
parallel (~> 1.3)
typhoeus (~> 1.3)
yell (~> 2.0)
http_parser.rb (0.6.0)
i18n (0.9.5)
concurrent-ruby (~> 1.0)
jekyll (3.7.3)
addressable (~> 2.4)
colorator (~> 1.0)
em-websocket (~> 0.5)
i18n (~> 0.7)
jekyll-sass-converter (~> 1.0)
jekyll-watch (~> 2.0)
kramdown (~> 1.14)
liquid (~> 4.0)
mercenary (~> 0.3.3)
pathutil (~> 0.9)
rouge (>= 1.7, < 4)
safe_yaml (~> 1.0)
jekyll-avatar (0.5.0)
jekyll (~> 3.0)
jekyll-coffeescript (1.1.1)
coffee-script (~> 2.2)
coffee-script-source (~> 1.11.1)
jekyll-commonmark (1.2.0)
commonmarker (~> 0.14)
jekyll (>= 3.0, < 4.0)
jekyll-commonmark-ghpages (0.1.5)
commonmarker (~> 0.17.6)
jekyll-commonmark (~> 1)
rouge (~> 2)
jekyll-default-layout (0.1.4)
jekyll (~> 3.0)
jekyll-feed (0.9.3)
jekyll (~> 3.3)
jekyll-gist (1.5.0)
octokit (~> 4.2)
jekyll-github-metadata (2.9.4)
jekyll (~> 3.1)
octokit (~> 4.0, != 4.4.0)
jekyll-include-cache (0.1.0)
jekyll (~> 3.3)
jekyll-mentions (1.3.0)
activesupport (~> 4.0)
html-pipeline (~> 2.3)
jekyll (~> 3.0)
jekyll-optional-front-matter (0.3.0)
jekyll (~> 3.0)
jekyll-paginate (1.1.0)
jekyll-readme-index (0.2.0)
jekyll (~> 3.0)
jekyll-redirect-from (0.13.0)
jekyll (~> 3.3)
jekyll-relative-links (0.5.3)
jekyll (~> 3.3)
jekyll-remote-theme (0.2.3)
jekyll (~> 3.5)
rubyzip (>= 1.2.1, < 3.0)
typhoeus (>= 0.7, < 2.0)
jekyll-sass-converter (1.5.2)
sass (~> 3.4)
jekyll-seo-tag (2.4.0)
jekyll (~> 3.3)
jekyll-sitemap (1.2.0)
jekyll (~> 3.3)
jekyll-swiss (0.4.0)
jekyll-theme-architect (0.1.0)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-cayman (0.1.0)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-dinky (0.1.0)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-hacker (0.1.0)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-leap-day (0.1.0)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-merlot (0.1.0)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-midnight (0.1.0)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-minimal (0.1.0)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-modernist (0.1.0)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-primer (0.5.2)
jekyll (~> 3.5)
jekyll-github-metadata (~> 2.9)
jekyll-seo-tag (~> 2.2)
jekyll-theme-slate (0.1.0)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-tactile (0.1.0)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-time-machine (0.1.0)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-titles-from-headings (0.5.1)
jekyll (~> 3.3)
jekyll-watch (2.0.0)
listen (~> 3.0)
jemoji (0.9.0)
activesupport (~> 4.0, >= 4.2.9)
gemoji (~> 3.0)
html-pipeline (~> 2.2)
jekyll (~> 3.0)
kramdown (1.16.2)
liquid (4.0.0)
listen (3.1.5)
rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7)
ruby_dep (~> 1.2)
mdl (0.4.0)
kramdown (~> 1.12, >= 1.12.0)
mixlib-cli (~> 1.7, >= 1.7.0)
mixlib-config (~> 2.2, >= 2.2.1)
mercenary (0.3.6)
mini_portile2 (2.3.0)
minima (2.4.0)
jekyll (~> 3.5)
jekyll-feed (~> 0.9)
jekyll-seo-tag (~> 2.1)
minitest (5.11.3)
mixlib-cli (1.7.0)
mixlib-config (2.2.6)
tomlrb
multipart-post (2.0.0)
net-dns (0.8.0)
nokogiri (1.8.2)
mini_portile2 (~> 2.3.0)
octokit (4.8.0)
sawyer (~> 0.8.0, >= 0.5.3)
parallel (1.12.1)
pathutil (0.16.1)
forwardable-extended (~> 2.6)
public_suffix (2.0.5)
rake (12.3.1)
rb-fsevent (0.10.3)
rb-inotify (0.9.10)
ffi (>= 0.5.0, < 2)
rouge (2.2.1)
ruby-enum (0.7.2)
i18n
ruby_dep (1.5.0)
rubyzip (1.2.1)
safe_yaml (1.0.4)
sass (3.5.6)
sass-listen (~> 4.0.0)
sass-listen (4.0.0)
rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7)
sawyer (0.8.1)
addressable (>= 2.3.5, < 2.6)
faraday (~> 0.8, < 1.0)
terminal-table (1.8.0)
unicode-display_width (~> 1.1, >= 1.1.1)
thread_safe (0.3.6)
tomlrb (1.2.6)
typhoeus (1.3.0)
ethon (>= 0.9.0)
tzinfo (1.2.5)
thread_safe (~> 0.1)
unicode-display_width (1.3.0)
yell (2.0.7)
PLATFORMS
ruby
DEPENDENCIES
github-pages
html-proofer (>= 3.8.0)
jekyll-include-cache (~> 0.1)
mdl
nokogiri (>= 1.8.1)
rake
BUNDLED WITH
1.16.1

51
Makefile Normal file
View File

@ -0,0 +1,51 @@
all: prep build generate lint
prep: prep_build prep_lint prep_generate
##########
prep_generate:
npm install --prefix .tools/node html-minifier
generate:
hugo --baseURL $(DEPLOY_URL)
.tools/node/node_modules/html-minifier/cli.js --input-dir public --output-dir public --file-ext html --collapse-whitespace --minify-js --minify-css --sort-attributes --sort-class-name --remove-attribute-quotes --remove-comments
##########
prep_build:
npm install --prefix .tools/node sass
npm install --prefix .tools/node uglify-js
build:
.tools/node/node_modules/sass/sass.js src/sass/light_theme_archive.scss static/css/light_theme_archive.css -s compressed
.tools/node/node_modules/sass/sass.js src/sass/light_theme_normal.scss static/css/light_theme_normal.css -s compressed
.tools/node/node_modules/sass/sass.js src/sass/light_theme_preliminary.scss static/css/light_theme_preliminary.css -s compressed
.tools/node/node_modules/sass/sass.js src/sass/dark_theme_archive.scss static/css/dark_theme_archive.css -s compressed
.tools/node/node_modules/sass/sass.js src/sass/dark_theme_normal.scss static/css/dark_theme_normal.css -s compressed
.tools/node/node_modules/sass/sass.js src/sass/dark_theme_preliminary.scss static/css/dark_theme_preliminary.css -s compressed
.tools/node/node_modules/uglify-js/bin/uglifyjs src/js/misc.js src/js/prism.js --mangle --compress -o static/js/all.min.js
.tools/node/node_modules/uglify-js/bin/uglifyjs src/js/styleSwitcher.js --mangle --compress -o static/js/styleSwitcher.min.js
##########
prep_lint:
npm install --prefix .tools/node markdown-spellcheck
gem install mdl
gem install html-proofer
lint:
.tools/node/node_modules/markdown-spellcheck/bin/mdspell --en-us --ignore-acronyms --ignore-numbers --no-suggestions --report */*.md */*/*.md */*/*/*.md */*/*/*/*.md */*/*/*/*/*.md */*/*/*/*/*/*.md */*/*/*/*/*/*/*.md
mdl --ignore-front-matter --style mdl_style.rb .
htmlproofer ./public --check-html --assume-extension --timeframe 2d --storage-dir .htmlproofer --url-ignore "/localhost/,/github.com/istio/istio.github.io/edit/master/"
prep_lint_local:
npm install --prefix .tools/node markdown-spellcheck
gem install mdl --install-dir .tools
gem install html-proofer --install-dir .tools
lint_local:
.tools/node/node_modules/markdown-spellcheck/bin/mdspell --en-us --ignore-acronyms --ignore-numbers --no-suggestions --report */*.md */*/*.md */*/*/*.md */*/*/*/*.md */*/*/*/*/*.md */*/*/*/*/*/*.md */*/*/*/*/*/*/*.md
.tools/bin/mdl --ignore-front-matter --style mdl_style.rb .
.tools/bin/htmlproofer ./public --check-html --assume-extension --timeframe 2d --storage-dir .htmlproofer --url-ignore "/localhost/,/github.com/istio/istio.github.io/edit/master/"

98
README.md
View File

@ -8,75 +8,91 @@ file to learn about the overall Istio project and how to get in touch with us. T
contribute to any of the Istio components, please
see the Istio [contribution guidelines](https://github.com/istio/community/blob/master/CONTRIBUTING.md).
* [Working with the site](#working-with-the-site)
* [Editing and testing content](#editing-and-testing-content)
* [Linting](#linting)
* [Site infrastructure](#site-infrastructure)
* [Versions and releases](#versions-and-releases)
* [How versioning works](#how-versioning-works)
* [Publishing content immediately](#publishing-content-immediately)
* [Creating a version](#creating-a-version)
## Working with the site
## Editing and testing content
We use [Jekyll](https://jekyllrb.com/) to generate our sites.
To run the site locally with Docker, use the following command from the top level directory for this git repo
(e.g. pwd must be `~/github/istio.github.io` if you were in `~/github` when you issued
`git clone https://github.com/istio/istio.github.io.git`)
We use [Hugo](https://gohugo.io/) to generate our sites. To build and test the site locally,
install Hugo, go to the root of the repo and do:
```bash
# First time: (slow)
docker run --name istio-jekyll --volume=$(pwd):/srv/jekyll -w /srv/jekyll -it -p 4000:4000 jekyll/jekyll:3.7.3 sh -c "bundle install && rake test && bundle exec jekyll serve --incremental --host 0.0.0.0"
# Then open browser with url 127.0.0.1:4000 to see the change.
# Subsequent, each time you want to see a new change and you stopped the previous run by ctrl+c: (much faster)
docker start istio-jekyll -a -i
# Clean up, only needed if you won't be previewing website changes for a long time or you want to start over:
docker rm istio-jekyll
$ hugo serve
```
The `rake test` part is to make sure you are not introducing HTML errors or bad links, you should see
This will build the site and start a web server hosting the site. You can then connect to the web server
at `http://localhost:1313`.
All normal content for the site is located in the `content` directory. To
create a new content file, go to the root of the repo and do:
```bash
HTML-Proofer finished successfully.
$ hugo new <path to new file>
```
in the output.
Alternatively, if you just want to develop locally w/o Docker/Kubernetes/Minikube, you can try installing Jekyll locally.
You may need to install other prerequisites manually (which is where using the docker image shines). Here's an example of doing
so for Mac OS X:
This will create a fresh content file, ready for editing. The path you specify is relative to the `content` directory. For
example:
```bash
xcode-select --install
sudo xcodebuild -license
brew install ruby
gem update --system
gem install mdspell
gem install bundler
gem install jekyll
cd istio.github.io
bundle install
bundle exec rake test
bundle exec jekyll serve
$ hugo new docs/tasks/traffic-management/foo.md
```
Will create the file `content/docs/tasks/traffic-management/foo.md` which you can then add your markdown to.
## Linting
You should run `scripts/linters.sh` prior to checking in your changes.
This will run 3 tests:
We use linters to ensure some base quality to the site's content. We currently
run 3 linters as a precommit requirement:
* HTML proofing, which ensures all your links are valid along with other checks.
* Spell checking.
* Style checking, which makes sure your markdown file complies with some common style rules.
* Style checking, which makes sure your markdown files comply with our common style rules.
If you get a spelling error, you have three choices to address it:
You can run these linters locally using:
```bash
$ make prep_lint
$ make lint
```
The `prep_lint` step installs a bunch of Ruby and Node.js tools in a local directory. You only need to do
this once. Afterwards, just use the `lint` target to run the linters.
If you get spelling errors, you have three choices to address it:
* It's a real typo, so fix your markdown.
* It's a command/field/symbol name, so stick some `backticks` around it.
* It's really valid, so go add the word to the .spelling file at the root of the repo.
* It's really valid, so go add the word to the `.spelling` file at the root of the repo.
## Site infrastructure
Here's how things work:
* Primary site content is in the `content` directory. This is mostly
markdown files which Hugo processes into HTML.
* Additional site content is in the `static` directory. These are files that
Hugo directly copies to the site without any processing.
* The `src` directory contains the source material for certain files from the
`static` directory. You use
```bash
$ make prep_build
$ make build
```
to build the material from the `src` directory and refresh what's in the `static`
directory.
## Versions and releases
@ -126,24 +142,24 @@ version of Istio is 0.6 and you wish to introduce 0.7 which has been under devel
1. Create a new release branch off of master, named as release-*major*.*minor*, which in this case would be
release-0.7. There is one such branch for every release.
1. In the **master** branch, edit the file `_data/istio.yml` and update the `version` field to have the version
1. In the **master** branch, edit the file `data/args.yml` and update the `version` field to have the version
of the next release of Istio. In this case, you would set the field to 0.8.
1. In the **master** branch, edit the file `_data/releases.yml` and add a new entry at the top of the file
1. In the **master** branch, edit the file `data/releases.yml` and add a new entry at the top of the file
for version 0.8. You'll need to make sure the URLs are updated for the first few entries. The top
entry (0.8) should point to preliminary.istio.io. The second entry (0.7) should point to istio.io. The third
and subsequent entries should point to archive.istio.io.
1. Commit the previous two edits to GitHub.
1. In the **release** branch you created, edit the file `_data/istio.yml`. Set the `preliminary` field to `false`.
1. In the **release** branch you created, edit the file `data/args.yml`. Set the `preliminary` field to `false`.
1. Commit the previous edit to GitHub.
1. Go to the Google Search Console and create a new search engine that searches the archive.istio.io/V&lt;major&gt;.&lt;minor&gt;
directory. This search engine will be used to perform version-specific searches on archive.istio.io.
1. In the **previous release's** branch (in this case release-0.6), edit the file `_data/istio.yml`. Set the
1. In the **previous release's** branch (in this case release-0.6), edit the file `data/args.yml`. Set the
`archive` field to true, the `archive_date` field to the current date, and the `search_engine_id` field
to the ID of the search engine you created in the prior step.

23
Rakefile
View File

@ -1,23 +0,0 @@
require 'html-proofer'
task :test do
sh "rm -fr _rakesite"
sh "mkdir _rakesite"
sh "bundle exec jekyll build --config _config.yml,_rake_config_override.yml"
typhoeus_configuration = {
:timeout => 30,
# :verbose => true
}
options = { :check_html => true,
# :validation => { :report_missing_names => true, :report_invalid_tags => true },
:cache => { :timeframe => '2d'},
:enforce_https => false, # we should turn this on eventually
:directory_index_file => "index.html",
:check_external_hash => false,
:assume_extension => true,
# :log_level => :debug,
:url_ignore => [/localhost|github\.com\/istio\/istio\.github\.io\/edit\/master\//],
:typhoeus => typhoeus_configuration,
}
HTMLProofer.check_directory("./_rakesite", options).run
end

43
_about/contribute/staging-your-changes.md
View File

@ -1,43 +0,0 @@
---
title: Staging Your Changes
description: Explains how to test your changes locally before submitting them.
weight: 40
redirect_from:
- /docs/welcome/contribute/staging-your-changes.html
---
This page shows how to stage content that you want to contribute
to the Istio documentation.
## Before you begin
Create a fork of the Istio documentation repository as described in
[Creating a Doc Pull Request](./creating-a-pull-request.html).
## Staging locally
See [Detailed instructions and options on GitHub](https://github.com/istio/istio.github.io/blob/master/README.md)
Once Jekyll is running, you can open a web browser and go to `http://localhost:4000` to see your
changes. You can make further changes to the content in your repo and just refresh your browser page to see
the results, no need to restart Jekyll all the time.
## Staging from your GitHub account
> Hey, you know, you're much better off staging locally using the above procedure. Just sayin'...
GitHub provides staging of content in your master branch. Note that you
might not want to merge your changes into your master branch. If that is
the case, choose another option for staging your content.
1. In your GitHub account, in your fork, merge your changes into
the master branch.
1. Change the name of your repository to `<your-username>.github.io`, where
`<your-username>` is the username of your GitHub account.
1. Delete the `CNAME` file.
1. View your staged content at this URL: `https://<your-username>.github.io`

103
_about/feature-stages.md
View File

@ -1,103 +0,0 @@
---
title: Feature Status
description: List of features and their release stages.
weight: 10
redirect_from:
- /docs/reference/release-roadmap.html
- /docs/reference/feature-stages.html
- /docs/welcome/feature-stages.html
---
{% include home.html %}
This page lists the relative maturity and support
level of every Istio feature. Please note that the phases (Alpha, Beta, and Stable) are applied to individual features
within the project, not to the project as a whole. Here is a high level description of what these labels means:
## Feature phase definitions
| | Alpha | Beta | Stable
|-------------------|-------------------|-------------------|-------------------
| **Purpose** | Demo-able, works end-to-end but has limitations | Usable in production, not a toy anymore | Dependable, production hardened
| **API** | No guarantees on backward compatibility | APIs are versioned | Dependable, production-worthy. APIs are versioned, with automated version conversion for backward compatibility
| **Performance** | Not quantified or guaranteed | Not quantified or guaranteed | Performance (latency/scale) is quantified, documented, with guarantees against regression
| **Deprecation Policy** | None | Weak - 3 months | Dependable, Firm. 1 year notice will be provided before changes
## Istio features
Below is our list of existing features and their current phases. This information will be updated after every monthly release.
### Traffic management
| Feature | Phase
|-------------------|-------------------
| [Protocols: HTTP 1.1](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http_connection_management.html#http-protocols) | Beta
| [Protocols: HTTP 2.0](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http_connection_management.html#http-protocols) | Alpha
| [Protocols: gRPC](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/grpc) | Alpha
| [Protocols: TCP](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/tcp_proxy) | Alpha
| [Protocols: WebSocket](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/websocket) | Alpha
| [Protocols: MongoDB](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/mongo) | Alpha
| [Routing Rules: Retry]({{home}}/docs/tasks/traffic-management/request-routing.html) | Alpha
| [Routing Rules: Timeout]({{home}}/docs/tasks/traffic-management/request-routing.html) | Alpha
| [Routing Rules: Circuit Break]({{home}}/docs/tasks/traffic-management/request-routing.html) | Alpha
| [Routing Rules: Header Rewrite]({{home}}/docs/tasks/traffic-management/request-routing.html) | Alpha
| [Routing Rules: Traffic Splitting]({{home}}/docs/tasks/traffic-management/request-routing.html) | Alpha
| [Improved Routing Rules: Composite Service]({{home}}/docs/reference/config/istio.networking.v1alpha3.html) | Alpha
| [Quota / Redis Rate Limiting (Adapter and Server)]({{home}}/docs/tasks/policy-enforcement/rate-limiting.html) | Alpha
| [Memquota Implementation and Integration]({{home}}/docs/tasks/telemetry/metrics-logs.html) | Stable
| [Ingress TLS]({{home}}/docs/tasks/traffic-management/ingress.html) | Alpha
| Egress Policy and Telemetry | Alpha
### Observability
| Feature | Phase
|-------------------|-------------------
| [Prometheus Integration]({{home}}/docs/guides/telemetry.html) | Beta
| [Local Logging (STDIO)]({{home}}/docs/guides/telemetry.html) | Stable
| [Statsd Integration]({{home}}/docs/reference/config/policy-and-telemetry/adapters/statsd.html) | Stable
| [Service Dashboard in Grafana]({{home}}/docs/tasks/telemetry/using-istio-dashboard.html) | Beta
| [Stackdriver Integration]({{home}}/docs/reference/config/policy-and-telemetry/adapters/stackdriver.html) | Alpha
| [Service Graph]({{home}}/docs/tasks/telemetry/servicegraph.html) | Alpha
| [Distributed Tracing to Zipkin / Jaeger]({{home}}/docs/tasks/telemetry/distributed-tracing.html) | Alpha
| [Istio Component Dashboard in Grafana]({{home}}/docs/tasks/telemetry/using-istio-dashboard.html) | Beta
| [Service Tracing]({{home}}/docs/tasks/telemetry/distributed-tracing.html) | Alpha
### Security
| Feature | Phase
|-------------------|-------------------
| [Deny Checker]({{home}}/docs/reference/config/policy-and-telemetry/adapters/denier.html) | Stable
| [List Checker]({{home}}/docs/reference/config/policy-and-telemetry/adapters/list.html) | Stable
| [Kubernetes: Service Credential Distribution]({{home}}/docs/concepts/security/mutual-tls.html) | Stable
| [Pluggable Key/Cert Support for Istio CA]({{home}}/docs/tasks/security/plugin-ca-cert.html) | Stable
| [Service-to-service mutual TLS]({{home}}/docs/concepts/security/mutual-tls.html) | Stable
| [Incremental Enablement of service-to-service mutual TLS]({{home}}/docs/tasks/security/per-service-mtls.html) | Alpha
| [VM: Service Credential Distribution]({{home}}/docs/concepts/security/mutual-tls.html) | Alpha
| [OPA Checker](https://github.com/istio/istio/blob/41a8aa4f75f31bf0c1911d844a18da4cff8ac584/mixer/adapter/opa/README.md) | Alpha
| RBAC Mixer Adapter | Alpha
| [API Keys]({{home}}/docs/reference/config/policy-and-telemetry/templates/apikey.html) | Alpha
### Core
| Feature | Phase
|-------------------|-------------------
| [Kubernetes: Envoy Installation and Traffic Interception]({{home}}/docs/setup/kubernetes/) | Beta
| [Kubernetes: Istio Control Plane Installation]({{home}}/docs/setup/kubernetes/) | Beta
| [Pilot Integration into Kubernetes Service Discovery]({{home}}/docs/setup/kubernetes/) | Stable
| [Attribute Expression Language]({{home}}/docs/reference/config/policy-and-telemetry/expression-language.html) | Stable
| [Mixer Adapter Authoring Model]({{home}}/blog/2017/adapter-model.html) | Stable
| [VM: Envoy Installation, Traffic Interception and Service Registration]({{home}}/docs/guides/integrating-vms.html) | Alpha
| [VM: Istio Control Plane Installation and Upgrade (Galley, Mixer, Pilot, CA)](https://github.com/istio/istio/issues/2083) | Alpha
| VM: Ansible Envoy Installation, Interception and Registration | Alpha
| [Kubernetes: Istio Control Plane Upgrade]({{home}}/docs/setup/kubernetes/) | Beta
| [Pilot Integration into Consul]({{home}}/docs/setup/consul/quick-start.html) | Alpha
| [Pilot Integration into Eureka]({{home}}/docs/setup/consul/quick-start.html) | Alpha
| [Pilot Integration into Cloud Foundry Service Discovery]({{home}}/docs/setup/consul/quick-start.html) | Alpha
| [Basic Config Resource Validation](https://github.com/istio/istio/issues/1894) | Alpha
| Mixer Telemetry Collection (Tracing, Logging, Monitoring) | Alpha
| [Custom Mixer Build Model](https://github.com/istio/istio/wiki/Mixer-Adapter-Dev-Guide) | Alpha
| Enable API attributes using an IDL | Alpha
| [Helm]({{home}}/docs/setup/kubernetes/helm-install.html) | Alpha
| [Multicluster Mesh]({{home}}/docs/setup/kubernetes/multicluster-install.html) | Alpha
> <img src="{{home}}/img/bulb.svg" alt="Bulb" title="Help" style="width: 32px; display:inline" />
Please get in touch by joining our [community]({{home}}/community.html) if there are features you'd like to see in our future releases!

20
_about/index.md
View File

@ -1,20 +0,0 @@
---
title: About Istio
description: All about Istio.
weight: 15
toc: false
---
{% include home.html %}
Get a bit more in-depth info about the Istio project.
- [What is Istio?]({{home}}/about/intro.html). Get some context about what problems Istio is designed to solve.
- [Release Notes]({{home}}/about/notes/). Learn about the latest features, improvements, and bug fixes.
- [Feature Status]({{home}}/about/feature-stages.html). Get a detailed list of Istio's individual features and their relative
maturity and support level.
- [Contributing to the Docs]({{home}}/about/contribute/). Learn how you can help contribute to improve Istio's documentation.

118
_blog/2018/aws-nlb.md
View File

@ -1,118 +0,0 @@
---
title: Configuring Istio Ingress with AWS NLB
description: Describes how to configure Istio ingress with a network load balancer on AWS
publishdate: 2018-04-20
subtitle: Ingress AWS Network Load Balancer
attribution: Julien SENON
weight: 89
---
{% include home.html %}
This blog entry will provide instructions to use and configure ingress Istio with [AWS Network Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html).
Network load balancer (NLB) could be used instead of classical load balancer. You can find [comparison](https://aws.amazon.com/elasticloadbalancing/details/#compare) between different AWS `loadbalancer` for more explanation.
## Prerequisites
The following instructions require a Kubernetes **1.9.0 or newer** cluster.
<img src="{{home}}/img/exclamation-mark.svg" alt="Warning" title="Warning" style="width: 32px; display:inline" /> Usage of AWS `nlb` on kubernetes is an alpha feature and not recommended for production clusters.
## IAM Policy
You need to apply policy on the master role in order to be able to provision network load balancer.
1. In AWS `iam` console click on policies and click on create a new one:
{% include image.html width="80%" ratio="60%"
link="./img/createpolicystart.png"
caption="Create a new policy"
%}
1. Select `json`:
{% include image.html width="80%" ratio="60%"
link="./img/createpolicyjson.png"
caption="Select json"
%}
1. Copy/paste text bellow:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "kopsK8sNLBMasterPermsRestrictive",
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcs",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:SetLoadBalancerPoliciesOfListener"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeRegions"
],
"Resource": "*"
}
]
}
```
1. Click review policy, fill all fields and click create policy:
{% include image.html width="80%" ratio="60%"
link="./img/create_policy.png"
caption="Validate policy"
%}
1. Click on roles, select you master role nodes, and click attach policy:
{% include image.html width="100%" ratio="35%"
link="./img/roles_summary.png"
caption="Attach policy"
%}
1. Your policy is now attach to your master node.
## Rewrite Istio Ingress Service
You need to rewrite ingress service with the following:
```yaml
apiVersion: v1
kind: Service
metadata:
name: istio-ingress
namespace: istio-system
labels:
istio: ingress
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
spec:
externalTrafficPolicy: Local
ports:
- port: 80
protocol: TCP
targetPort: 80
name: http
- port: 443
protocol: TCP
targetPort: 443
name: https
selector:
istio: ingress
type: LoadBalancer
```
## What's next
Kubernetes [service networking](https://kubernetes.io/docs/concepts/services-networking/service/) should be consulted if further information is needed.

17
_blog/index.html
View File

@ -1,17 +0,0 @@
---
title: Istio Blog
description: The Istio blog
layout: compress
---
{% include latest_blog_post.html %}
<!DOCTYPE html>
<html lang="en-US">
<meta charset="utf-8">
<title>Redirecting…</title>
<link rel="canonical" href="{{latest_blog_post}}">
<meta http-equiv="refresh" content="0; url={{latest_blog_post}}">
<h1>Redirecting…</h1>
<a href="{{latest_blog_post}}">Click here if you are not redirected.</a>
<script>location="{{latest_blog_post}}"</script>
</html>

101
_config.yml
View File

@ -1,101 +0,0 @@
markdown:
kramdown
kramdown:
auto_ids: true
input: GFM
hard_wrap: false
syntax_highlighter_opts:
disable : true
baseurl:
highlighter: rouge
liquid:
error_mode: strict
sass:
style: compressed
compress_html:
clippings: all
comments: all
blanklines: false
profile: false
collections:
faq:
output: false
glossary:
output: false
blog:
output: true
docs:
output: true
help:
output: true
about:
output: true
plugins:
- jekyll-redirect-from
- jekyll-sitemap
defaults:
-
scope:
path: ""
type: "about"
values:
layout: "about"
-
scope:
path: ""
type: "docs"
values:
layout: "docs"
-
scope:
path: ""
type: "help"
values:
layout: "help"
-
scope:
path: ""
type: "blog"
values:
layout: "blog"
exclude:
- README.md
- LICENSE
- Gemfile
- Gemfile.lock
- CNAME
- CONTRIBUTING.md
- .gitignore
- .gitmodules
- Vagrantfile
- .vagrant
- _blog/posts/post.md.template
- _docs/concepts/concept.md.template
- _docs/tasks/task.md.template
- _docs/guides/sample.md.template
- _docs/reference/reference.md.template
- _docs/setup/setup.md.template
- scripts/
- Rakefile
- Jenkinsfile
- repos/*.html
- repos/*.md
- vendor/
- js/misc.js
- js/styleSwitcher.js
- firebase.json
- _rakesite
- mdl_style.rb
repository:
istio/istio.github.io

31
_docs/guides/policy-enforcement.md
View File

@ -1,31 +0,0 @@
---
title: Policy Enforcement
description: This sample uses the Bookinfo application to demonstrate policy enforcement using Istio Mixer.
weight: 40
draft: true
---
{% include home.html %}
This sample uses the Bookinfo application to demonstrate policy enforcement using Istio Mixer.
## Overview
Provide a high level overview of what users can expect to learn, why these
features are important, and so on. This is not a task, but a feature of
Istio.
## Before you begin
* Describe installation options.
* Install Istio control plane in a Kubernetes cluster by following the quick start instructions in the
[Installation guide]({{home}}/docs/setup/kubernetes/quick-start.html).
## Application Setup
1. Steps
## Tasks
1. some tasks that will complete the goal of this sample.

29
_docs/guides/security.md
View File

@ -1,29 +0,0 @@
---
title: Security
description: This sample demonstrates how to obtain uniform metrics, logs, traces across different services using Istio Mixer and Istio sidecar.
weight: 30
draft: true
---
{% include home.html %}
This sample demonstrates how to obtain uniform metrics, logs, traces across different services using Istio Mixer and Istio sidecar.
## Overview
Placeholder.
## Before you begin
* Describe installation options.
* Install Istio control plane in a Kubernetes cluster by following the quick start instructions in the
[Installation guide]({{home}}/docs/setup/kubernetes/quick-start.html).
## Application Setup
1. Steps
## Tasks
1. some tasks that will complete the goal of this sample.

22
_docs/guides/using-external-services.md
View File

@ -1,22 +0,0 @@
---
title: Integrating with External Services
description: This sample integrates third party services with Bookinfo and demonstrates how to use Istio service mesh to provide metrics, and routing functions for these services.
weight: 50
draft: true
---
{% include home.html %}
This sample integrates third party services with Bookinfo and demonstrates how to use Istio service mesh to provide metrics, and routing functions for these services.
## Overview
Placeholder.
## Application Setup
1. Steps
## Tasks
1. some tasks that will complete the goal of this sample.

8
_faq/general/istio-doesnt-work.md
View File

@ -1,8 +0,0 @@
---
title: Istio doesn't work - what do I do?
weight: 90
---
{% include home.html %}
Check out the [troubleshooting guide]({{home}}/troubleshooting) for finding solutions and our
[bug reporting]({{home}}/bugs) page for filing bugs.

8
_faq/general/roadmap.md
View File

@ -1,8 +0,0 @@
---
title: What is Istio's roadmap?
weight: 140
---
{% include home.html %}
See our [feature stages page]({{home}}/about/feature-stages.html)
and [release notes]({{home}}/about/notes) for more details.

13
_faq/general/where-is-the-documentation.md
View File

@ -1,13 +0,0 @@
---
title: Where is the documentation?
weight: 80
---
{% include home.html %}
Check out the [documentation]({{home}}/docs/) right here on istio.io. The docs include
[concept overviews]({{home}}/docs/concepts/),
[task guides]({{home}}/docs/tasks/),
[guides]({{home}}/docs/guides/),
and the [complete reference documentation]({{home}}/docs/reference/).
Detailed developer-level documentation is maintained on our [Wiki](https://github.com/istio/istio/wiki)

8
_faq/security/secure-ingress.md
View File

@ -1,8 +0,0 @@
---
title: How to configure Istio Ingress to only accept TLS traffic?
weight: 130
---
{% include home.html %}
By following the instructions on [Adding a secure port to a gateway]({{home}}/docs/tasks/traffic-management/ingress.html#add-a-secure-port-https-to-our-gateway) and on [Disabling an HTTP port in a gateway]({{home}}/docs/tasks/traffic-management/ingress.html#disable-the-http-port)
Istio Ingress can be secured to only accept TLS traffic.

9
_help/faq/general.html
View File

@ -1,9 +0,0 @@
---
title: General
description: General Q&amp;A\
weight: 10
layout: help
redirect_from:
- /help/faq/general/index.html
---
{% include faq.html category='general' %}

48
_help/faq/index.md
View File

@ -1,48 +0,0 @@
---
title: FAQ
description: Frequently Asked Questions about Istio.
weight: 20
toc: false
redirect_from:
- /faq.html
- /faq/index.html
- /docs/welcome/faq.html
- /docs/welcome/faq/index.html
- /help/faq.html
---
{% include home.html %}
You've got questions? We've got answers!
<div class="faq">
<div class="row">
{% assign category_dirs = 'general,setup,security,mixer,traffic-management' %}
{% assign category_names = 'General,Setup,Security,Mixer,Traffic Management' %}
{% assign category_dirs = category_dirs | split: ',' %}
{% assign category_names = category_names | split: ',' %}
{% assign faqs = site.faq | sort: "order" %}
{% for cat in category_dirs %}
<div class="col-sm-6">
<div class="card">
<div class="card-header">
{{category_names[forloop.index0]}}
</div>
<div class="card-body">
{% for q in faqs %}
{% assign comp = q.path | split: '/' %}
{% assign qcat = comp[1] %}
{% if cat == qcat %}
{% assign name = q.path | downcase | split: '/' | last | remove: ".md" %}
<a href="{{qcat}}.html#{{name}}">{{q.title}}</a><br/>
{% endif %}
{% endfor %}
</div>
</div>
</div>
{% endfor %}
</div>
</div>

9
_help/faq/mixer.html
View File

@ -1,9 +0,0 @@
---
title: Mixer
description: Mixer Q&amp;A
weight: 40
layout: help
redirect_from:
- /help/faq/mixer/index.html
---
{% include faq.html category='mixer' %}

9
_help/faq/security.html
View File

@ -1,9 +0,0 @@
---
title: Security
description: Security Q&amp;A
weight: 30
layout: help
redirect_from:
- /help/faq/security/index.html
---
{% include faq.html category='security' %}

9
_help/faq/setup.html
View File

@ -1,9 +0,0 @@
---
title: Setup
description: Setup Q&amp;A
weight: 20
layout: help
redirect_from:
- /help/faq/setup/index.html
---
{% include faq.html category='setup' %}

9
_help/faq/traffic-management.html
View File

@ -1,9 +0,0 @@
---
title: Traffic Management
description: Traffic Management Q&amp;A
weight: 50
layout: help
redirect_from:
- /help/faq/traffic-management/index.html
---
{% include faq.html category='traffic-management' %}

22
_help/index.md
View File

@ -1,22 +0,0 @@
---
title: Help!
description: A bunch of resources to help you deploy, configure and use Istio.
weight: 10
toc: false
---
{% include home.html %}
Here are some resources to help you deploy, configure and use Istio.
- [Frequently Asked Questions]({{home}}/help/faq/). You ask 'em, we'll answer 'em.
- [Glossary]({{home}}/help/glossary.html). A glossary of common Istio terms.
- [Reporting Bugs]({{home}}/help/bugs.html). What to do when you find a bug.
- [Troubleshooting Guide]({{home}}/help/troubleshooting.html). Practical advice on practical problems with Istio.
And don't forget our vibrant [community]({{home}}/community.html) that's always ready to lend a hand
with thorny problems.

59
_includes/collection_nav.html
View File

@ -1,59 +0,0 @@
{% comment %}
Assigns the next_page_url, next_page_title, next_page_description, prev_page_url, prev_page_title, and prev_page_description variables the
URLs, titles and descriptions of the next and previous pages within the current collection, relative to the current page.
{% endcomment %}
{% comment %}
Find the current page in the sorted set of blog posts we generated for the sidebar
{% endcomment %}
{% assign index = 0 %}
{% for u in urls %}
{% if u == page.url %}
{% assign index = forloop.index0 %}
{% break %}
{% endif %}
{% endfor %}
{% assign next_index = index %}
{% for i in (0..10) %}
{% assign next_index = next_index | minus: 1 %}
{% if next_index < 0 %}
{% break %}
{% endif
{% assign YY = "THIS IS NEEDED, OTHERWISE THE URL ASSIGNMENT BELOW DOESN'T HAVE ANY EFFECT!" %}
{% assign url = urls[next_index] %}
{% assign components = url | split: "/" %}
{% assign name = components | last %}
{% if name != "index.html" %}
{% assign next_page_url = urls[next_index] %}
{% assign next_page_title = titles[next_index] %}
{% assign next_page_description = descriptions[next_index] %}
{% break %}
{% endif %}
{% endfor %}
{% assign max = urls | size %}
{% assign prev_index = index %}
{% for i in (0..10) %}
{% assign prev_index = prev_index | plus: 1 %}
{% if prev_index >= max %}
{% break %}
{% endif
{% assign YY = "THIS IS NEEDED, OTHERWISE THE URL ASSIGNMENT BELOW DOESN'T HAVE ANY EFFECT!" %}
{% assign url = urls[prev_index] %}
{% assign components = url | split: "/" %}
{% assign name = components | last %}
{% if name != "index.html" %}
{% assign prev_page_url = urls[prev_index] %}
{% assign prev_page_title = titles[prev_index] %}
{% assign prev_page_description = descriptions[prev_index] %}
{% break %}
{% endif %}
{% endfor %}

12
_includes/faq.html
View File

@ -1,12 +0,0 @@
{% assign faqs = site.faq | sort: "weight" %}
{% for q in faqs %}
{% assign comp = q.path | split: '/' %}
{% assign qcat = comp[1] %}
{% if qcat == include.category %}
{% assign name = q.path | downcase | split: '/' | last | remove: ".md" %}
<h4 id="{{name}}">Q: {{q.title}}</h4>
{{q.content}}
{% endif %}
{% endfor %}

11
_includes/file-content.html
View File

@ -1,11 +0,0 @@
{% comment %}
Purpose:
Inserts preformatted block whose content is sources from an external URL.
Usage:
{% include file-content.html url='<url of file>' %}
{% endcomment %}
<div class="highlight">
<pre data-src="{{include.url}}"><code></code></pre>
</div>

35
_includes/glossary.html
View File

@ -1,35 +0,0 @@
<div class="glossary">
{% assign words = include.glossary | sort: "title" %}
<div class="trampolines d-print-none">
{% assign previous = "-" %}
{% for w in words %}
{% assign first = w.title | slice: 0 | upcase %}
{% if first != previous %}
{% if previous != "-" %}|{% endif %}
<a href="#{{first}}" aria-label="Words starting with the letter {{first}}">{{first}}</a>
{% assign previous = first %}
{% endif %}
{% endfor %}
</div>
<div class="entries">
{% assign previous = "-" %}
{% for w in words %}
{% assign first = w.title | slice: 0 | upcase %}
{% if first != previous %}
{% if previous != "-" %}
</dl>
{% endif %}
<h4 id="{{first}}">{{first}}</h4>
<dl>
{% assign previous = first %}
{% endif %}
{% assign name = w.path | downcase | split: '/' | last | remove: ".md" %}
<dt id="{{name}}">{{w.title}}</dt>
<dd aria-labelledby="{{name}}">{{w.content}}</dd>
{% endfor %}
</dl>
</div>
</div>

160
_includes/header.html
View File

@ -1,160 +0,0 @@
{% include latest_blog_post.html %}
{% assign current = page.url | downcase | split: '/' %}
<header>
<nav class="navbar navbar-expand-md navbar-dark fixed-top bg-dark justify-content-between">
{% if page.url == "/index.html" or page.url == "/" %}
{% assign visibility = "hidden" %}
{% else %}
{% assign visibility = "visible" %}
{% endif %}
<a class="navbar-brand" href="{{home}}/" style="visibility: {{visibility}}">
<span class="logo">{% include icons/istio-logo-blue-background-round.svg %}</span>
{% if site.data.istio.archive %}
<span class="brand-name">Istioldie {{site.data.istio.version}}</span>
{% elsif site.data.istio.preliminary %}
<span class="brand-name">Istio Prelim {{site.data.istio.version}}</span>
{% else %}
<span class="brand-name">Istio {{site.data.istio.version}}</span>
{% endif %}
</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarCollapse" aria-controls="navbarCollapse" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse justify-content-end" id="navbarCollapse">
<ul id="navbar-links" class="navbar-nav active">
<li class="nav-item">
<a class="nav-link {% if current[1] == 'docs' %}active{% endif %}" href="{{home}}/docs/">Docs</a>
</li>
<li class="nav-item">
<a class="nav-link {% if current[1] == 'blog' %}active{% endif %}" href="{{latest_blog_post}}">Blog</a>
</li>
<li class="nav-item">
<a class="nav-link {% if current[1] == 'help' %}active{% endif %}" href="{{home}}/help/">Help</a>
</li>
<li class="nav-item">
<a class="nav-link {% if current[1] == 'community.html' %}active{% endif %}" href="{{home}}/community.html">Community</a>
</li>
<li class="nav-item">
<a class="nav-link {% if current[1] == 'about' %}active{% endif %}" href="{{home}}/about/">About</a>
</li>
<li class="nav-item dropdown" id="gearDropdown" style="white-space: nowrap">
<a href="" class="nav-link" data-toggle="dropdown" aria-label="Tools" aria-haspopup="true" aria-expanded="false">
<i style="width: 1em" class='fa fa-lg fa-cog'></i>
</a>
<ul class="dropdown-menu dropdown-menu-right" aria-labelledby="gearDropdown">
{% assign future_release = true %}
{% for rel in site.data.releases %}
{% if future_release %}
{% assign target = page.url | remove_first: "/" %}
{% else %}
{% assign target = "" %}
{% if current[1] == 'about' %}
{% assign target = "about/" %}
{% elsif current[1] == 'blog' %}
{% assign target = "blog/" %}
{% elsif current[1] == 'help' %}
{% assign target = "help/" %}
{% elsif current[1] == 'community.html' %}
{% assign target = "community.html" %}
{% elsif current[1] == 'docs' %}
{% assign target = "docs/" %}
{% if current[2] == 'reference' %}
{% assign target = "docs/reference/" %}
{% elsif current[2] == 'guides' %}
{% assign target = "docs/guides/" %}
{% elsif current[2] == 'tasks' %}
{% assign target = "docs/tasks/" %}
{% elsif current[2] == 'concepts' %}
{% assign target = "docs/concepts/" %}
{% elsif current[2] == 'setup' %}
{% assign target = "docs/setup/" %}
{% endif %}
{% endif %}
{% endif %}
{% assign name = rel.name | strip %}
{% if name == "0.1" %}
{% if target == "docs/setup/" %}
{% assign target = "docs/tasks/installing-istio" %}
{% elsif target == "docs/guides/" %}
{% assign target = "docs/samples/" %}
{% elsif target == "help/" %}
{% assign target = "faq" %}
{% elsif target == "community.html" %}
{% assign target = "community/" %}
{% endif %}
{% elsif name == "0.2" %}
{% if target == "help/" %}
{% assign target = "faq" %}
{% elsif target == "community.html" %}
{% assign target = "community/" %}
{% endif %}
{% elsif name == "0.3" %}
{% if target == "about/" %}
{% assign target = "about.html" %}
{% elsif target == "help/" %}
{% assign target = "help.html" %}
{% endif %}
{% elsif name == "0.4" %}
{% if target == "about/" %}
{% assign target = "about.html" %}
{% elsif target == "help/" %}
{% assign target = "help.html" %}
{% endif %}
{% endif %}
<li>
{% if site.data.istio.version == rel.name %}
<i class='fa fa-check'></i>
{{rel.name}}
{% assign future_release = false %}
{% else %}
<i style="visibility: hidden;" class='fa fa-check'></i>
<a href="{{rel.url}}/{{target}}">{{rel.name}}</a>
{% endif %}
</li>
{% endfor %}
<li class="dropdown-divider"></li>
<li>
<i class='fa fa-check light'></i>
<a href="" onclick="setActiveStyleSheet('light');return false;">Light Theme</a>
</li>
<li>
<i class='fa fa-check dark'></i>
<a href="" onclick="setActiveStyleSheet('dark');return false;">Dark Theme</a>
</li>
<li class="dropdown-divider"></li>
<li><a href="https://github.com/istio/istio.github.io/issues/new?title=Issue%20with%20{{page.path}}">Report Site Bugs</a></li>
<li><a href="https://github.com/istio/istio.github.io/edit/master/{{page.path}}">Edit this Page on GitHub</a></li>
</ul>
</li>
<li class="nav-item">
<a id="search_show" class="nav-link" href="" aria-label="Search"><i style="width: 1em" class="fa fa-lg fa-search"></i></a>
</li>
</ul>
<form name="cse" id="search_form" class="form-inline mr-sm-2" role="search">
<input type="hidden" name="cx" value="{{site.data.istio.search_engine_id}}" />
<input type="hidden" name="ie" value="utf-8" />
<input type="hidden" name="hl" value="en" />
<input id="search_textbox" class="form-control" name="q" type="text" aria-label="Search this site"/>
<button id="search_close" type="reset" aria-label="Cancel Search"><i class="far fa-lg fa-times-circle"></i></button>
</form>
</div>
</nav>
</header>

1
_includes/home.html
View File

@ -1 +0,0 @@
{% assign home = site.baseurl %}

38
_includes/image.html
View File

@ -1,38 +0,0 @@
{% comment %}
Purpose:
Inserts a figure into a page. The user of this template specifies the
relative width of the figure in percentage, and an aspect ratio value in
lieu of the Y coordinate. Through CSS trickery, these two values let us
calculate the actual width and height of the image at render time in such
a way that it avoids the typical 'shifting text' problem as images are
loaded asynchronously.
Usage:
{% include image.html width="<NN>%" ratio="<NN>%"
link="<path to image file>"
alt="<text to display when the image is not available>"
title="<text to display when hovering over the image>"
caption="<text to display below the image>"
%}
{% endcomment %}
{% assign caption = include.caption %}
{% assign title = include.title %}
{% if title == nil %}
{% assign title = caption %}
{% endif %}
{% assign alt = include.alt %}
{% if alt == nil %}
{% assign alt = title %}
{% endif %}
<figure style="width: {{include.width}}">
<div class="wrapper-with-intrinsic-ratio" style="padding-bottom: {{include.ratio}}">
<a class="not-for-endnotes" href="{{include.link}}">
<img class="element-to-stretch" src="{{include.link}}" alt="{{alt}}" title="{{title}}" />
</a>
</div>
<figcaption>{{caption}}</figcaption>
</figure>

25
_includes/latest_blog_post.html
View File

@ -1,25 +0,0 @@
{% comment %}
Assigns the latest_blog_post variable the URL of the latest blog post on the site
{% endcomment %}
{% include home.html %}
{% assign latest_year = "0" %}
{% assign sorted = site.blog | sort: "weight" %}
{% for d in sorted %}
{% if d.draft == true %}
{% continue %}
{% endif %}
{% assign path_components = d.path | downcase | split: '/' %}
{% assign last = path_components | last %}
{% if last == "index.html" or last == "index.md" %}
{% continue %}
{% endif %}
{% assign year = path_components[1] %}
{% if year > latest_year %}
{% assign latest_year = year %}
{% assign latest_blog_post = home | append: d.url %}
{% endif %}
{% endfor %}

106
_includes/primary.html
View File

@ -1,106 +0,0 @@
{% comment %}
Purpose:
Generates the main section of common site pages.
Usage:
{% include primary.html collection='<doc collection>' singlecard='true|false' bloghack='true|false' %}
Parameters:
* collection (collection) - the document collection containing the docs to index
* singlecard (boolean) - an optional boolean indicating whether the whole sidecar should be in a single card
* bloghack (boolean) - an optional boolean indicating to do special treatment for blogs
{% endcomment %}
{% include home.html %}
<div class="container-fluid">
<div class="row row-offcanvas">
<div class="col-0 col-md-3 col-xl-2 sidebar-offcanvas">
{% include sidebar.html collection=include.collection bloghack=include.bloghack singlecard=include.singlecard %}
</div>
{% assign needTOC = true %}
{% if page.toc == false %}
{% assign needTOC = false %}
{% else %}
{% include toc.html html=content sanitize=true h_min=2 h_max=4 %}
{% if emptyTOC %}
{% assign needTOC = false %}
{% endif %}
{% endif %}
{% if needTOC and page.force_inline_toc != true %}
<div class="col-12 col-md-9 col-xl-8">
{% else %}
<div class="col-12 col-md-9 col-xl-10">
{% endif %}
<p class="d-md-none">
<label class="sidebar-toggler" data-toggle="offcanvas">
<i class="fa fa-sign-out-alt"></i>
</label>
</p>
<main aria-labelledby="title">
<h1 id="title">{{page.title}}</h1>
{% if page.subtitle != nil %}
<p class="subtitle">{{page.subtitle}}</p>
{% endif %}
{% if page.attribution != nil or page.publishdate != nil %}
<p class="byline">
{% if page.attribution != nil %}
By <span class="attribution">{{page.attribution}}</span> /
{% endif %}
<span class="publish_date">{{page.publishdate | date: "%B %e, %Y"}}</span>
</p>
{% endif %}
{% if needTOC %}
<nav class="toc-inlined d-xl-none d-print-none" {% if page.force_inline_toc %}style="display:block!important" {% endif %}>
<div class="directory" role="directory">
{{ toc }}
</div>
</nav>
{% endif %}
{{content}}
</main>
{% include collection_nav.html %}
<div class="container-fluid d-print-none">
<br/><hr/><br/>
<div class="row">
<div class="col-6">
{% if next_page_url %}
<a title="{{next_page_description}}" href="{{home}}{{next_page_url}}"><i class="fa fa-arrow-left"></i> {{next_page_title}}</a>
{% endif %}
</div>
<div class="col-6" style="text-align: right">
{% if prev_page_url %}
<a title="{{prev_page_description}}" href="{{home}}{{prev_page_url}}">{{prev_page_title}} <i class="fa fa-arrow-right"></i></a>
{% endif %}
</div>
</div>
</div>
<div class="d-none d-print-block" aria-hidden="true">
<h2>Links</h2>
<ol id="endnotes"></ol>
</div>
</div>
{% if needTOC and page.force_inline_toc != true %}
<div class="col-12 col-md-2 d-none d-xl-block d-print-none">
<nav class="toc">
<div class="spacer"></div>
<div id="toc" class="directory" role="directory">
{{ toc }}
</div>
</nav>
</div>
{% endif %}
</div>
</div>

72
_includes/section-index.html
View File

@ -1,72 +0,0 @@
{% comment %}
Purpose:
Generates a section index providing access to all nested docs.
Usage:
{% include section-index.html docs='<doc collection>' %}
Parameters:
* docs (collection) - the document collection containing the docs to index
{% endcomment %}
{% include home.html %}
{% assign components = page.url | split: '/' %}
{% for comp in components %}
{% if forloop.last %}
{% break %}
{% endif %}
{% assign prefix = prefix | append: comp | append: "/" %}
{% endfor %}
{% include sort-hierarchy.html docs=include.docs prefix=prefix %}
<p>{{page.description}}</p>
{% assign pageComponents = page.url | split: "/" %}
<div class="section-index">
<ul>
{% assign pageDepth = pageComponents | size %}
{% assign depth = pageDepth %}
{% for url in urls %}
{% if forloop.first %}
{% continue %}
{% endif %}
{% assign title = titles[forloop.index0] %}
{% assign description = descriptions[forloop.index0] %}
{% assign components = url | split: "/" %}
{% assign numComponents = components | size %}
{% assign name = components | last %}
{% if name == "index.html" %}
{% for i in (numComponents..depth) %}
</ul></li>
{% endfor %}
<li class="directory">
<span title="{{description}}">{{title}}</span>
<ul>
{% else %}
{% assign end = depth | minus: 1 %}
{% for i in (numComponents..end) %}
</ul></li>
{% endfor %}
<li class="file">
<a href="{{home}}{{url}}">{{title}}</a>. {{ description }}
</li>
{% endif %}
{% assign depth = numComponents %}
{% endfor %}
{% assign end = depth | minus: 1 %}
{% for i in (pageDepth..end) %}
</ul></li>
{% endfor %}
</ul>
</div>

133
_includes/sidebar.html
View File

@ -1,133 +0,0 @@
{% comment %}
Purpose:
Generates a sidebar providing access to a document hierarchy.
Usage:
{% include sidebar.html collection='<doc collection>' singlecard='true|false' bloghack='true|false' %}
Parameters:
* collection (collection) - the document collection containing the docs to index
* singlecard (boolean) - an optional boolean indicating whether the whole hierarchy should be in a single card
* bloghack (boolean) - an optional boolean indicating to do special treatment for blogs
{% endcomment %}
{% include home.html %}
<nav class="sidebar d-print-none">
<div class="spacer"></div>
<div class="directory" role="tablist">
{% include sort-hierarchy.html docs=include.collection prefix='' %}
{% assign pageComponents = page.url | split: "/" %}
{% if include.singlecard %}
{% assign depth = 2 %}
{% else %}
{% assign depth = 3 %}
{% endif %}
{% assign componentTrigger = depth | plus: 1 %}
{% for url in urls %}
{% if forloop.first %}
{% if include.singlecard != true %}
{% continue %}
{% endif %}
{% endif %}
{% assign title = titles[forloop.index0] %}
{% assign description = descriptions[forloop.index0] %}
{% assign components = url | split: "/" %}
{% assign numComponents = components | size %}
{% assign name = components | last %}
{% if name == "index.html" %}
{% assign parent = false %}
{% for c in components %}
{% if c == "index.html" %}
{% assign parent = true %}
{% break %}
{% endif %}
{% if c != pageComponents[forloop.index0] %}
{% break %}
{% endif %}
{% endfor %}
{% if numComponents == componentTrigger %}
{% if depth >= numComponents %}
{% assign end = depth | minus: 1 %}
{% for i in (numComponents..end) %}
</ul></li>
{% endfor %}
</ul></div></div></div>
{% endif %}
<div class="card">
<div class="card-header" role="tab" id="header{{forloop.index0}}">
{% if include.singlecard %}
<div title="{{description}}">
{{title}}
</div>
{% else %}
<a data-toggle="collapse" href="#collapse{{forloop.index0}}" title="{{description}}" role="button"
aria-controls="collapse{{forloop.index0}}">
<div>
{{title}}
</div>
</a>
{% endif %}
</div>
<div id="collapse{{forloop.index0}}" class="collapse{% if parent == true %} show{% endif %}" data-parent="#sidebar" role="tabpanel"
aria-labelledby="header{{forloop.index0}}">
<div class="card-body">
<ul class="tree">
{% else %}
{% for i in (numComponents..depth) %}
</ul></li>
{% endfor %}
<li class="sublist">
<label class='tree-toggle'>
{% if parent == true %}
<i class='fa fa-lg fa-caret-down'></i>
{% else %}
<i class='fa fa-lg fa-caret-right'></i>
{% endif %}
{% assign niceurl = url | remove: "/index.html" %}
<a class="{% if url == page.url %}current{% endif %}" title="{{description}}" href="{{home}}{{niceurl}}">{{title}}</a>
</label>
<ul class="tree{% if parent == false %} collapse{% endif %}">
{% endif %}
{% else %}
{% assign end = depth | minus: 1 %}
{% for i in (numComponents..end) %}
</ul></li>
{% endfor %}
<li>
{% if url == page.url %}
<span class="current" title="{{description}}">{{title}}</span>
{% else %}
<a title="{{description}}" href="{{home}}{{url}}">{{title}}</a>
{% endif %}
</li>
{% endif %}
{% assign depth = numComponents %}
{% endfor %}
{% for i in (5..depth) %}
</ul></li>
{% endfor %}
</ul></div></div></div>
{% if include.bloghack %}
<div class="text-center subscribe" >
<a href="{{home}}/feed.xml">
<img style="width: 1.4em;" src="{{home}}/img/rss.svg" alt="RSS"/> Subscribe
</a>
</div>
{% endif %}
</div>
</nav>

94
_includes/sort-hierarchy.html
View File

@ -1,94 +0,0 @@
{% comment %}
Purpose:
Sorts a document hierarchy by the 'weight' front-matter entry of each doc.
This is hard since Liquid doesn't have functions, recursion, scoped variables,
or data structures. Oh, and Liquid is very slow too.
Usage:
{% include sort-hierarchy.html docs='<doc collection>' prefix='<doc url filter>' %}
Parameters:
* docs (collection) - the document collection to sort such as site.docs
Results:
* urls (string array) - the sorted document urls
* titles (string array) - the sorted document titles
* descriptions (string array) - the sorted document descriptions
Note:
This code uses $ and ^ as magic string markers. If any document's
URL, title, or description contain these characters, then this code
will get confused and return gibberish.
{% endcomment %}
{% assign prefixlen = include.prefix | size %}
{% assign a = "" %}
{% for doc in include.docs %}
{% if doc.draft == true %}
{% continue %}
{% endif %}
{% assign doc_prefix = doc.url | slice: 0, prefixlen %}
{% if doc_prefix != include.prefix %}
{% continue %}
{% endif %}
{% assign o = "00000" | append: doc.weight %}
{% assign start = o | size | minus: 5 %}
{% assign weight = o | slice: start, 5 %}
{% assign components = doc.url | split: "/" %}
{% assign count = components | size | minus:2 %}
{% for max in (2..count) reversed %}
{% assign p = "" %}
{% for i in (1..max) %}
{% assign p = p | append: "/" | append: components[i] %}
{% endfor %}
{% assign p = p | append: "/index.html" %}
{% for sub in include.docs %}
{% if sub.url == p %}
{% assign o = "00000" | append: sub.weight %}
{% assign start = o | size | minus: 5 %}
{% assign weight = o | slice: start, 5 | append:"/" | append: weight %}
{% break %}
{% endif %}
{% endfor %}
{% endfor %}
{% assign name = components | last %}
{% if name == "index.html" %}
{% assign len = weight | size | minus: 5 %}
{% assign weight = weight | slice: 0, len | append: "#####" %}
{% endif %}
{% comment %}
Take the full doc url and replace the last component of it by the document title, and use that for collation such that
docs in the same directory end up sorted first by 'weight', then by title
{% endcomment %}
{% assign hackUrl = "" %}
{% for i in (1..count) %}
{% assign hackUrl = hackUrl | append: "/" | append: components[i] %}
{% endfor %}
{% assign hackUrl = hackUrl | append: "/" | append: doc.title %}
{% assign a = a | append: "^" | append: weight | append: "$" | append: hackUrl | append: "$" | append: doc.url | append: "$" | append: doc.title |
append: "$" | append: doc.description %}
{% endfor %}
{% assign sorted = a | split: "^" | sort %}
{% for s in sorted %}
{% assign parts = s | split: "$" %}
{% assign urls = urls | append: "$" | append: parts[2] %}
{% assign titles = titles | append: "$" | append: parts[3] %}
{% assign descriptions = descriptions | append: "$" | append: parts[4] %}
{% endfor %}
{% assign urlslen = urls | size | minus: 2 %}
{% assign titleslen = titles | size | minus: 2 %}
{% assign descriptionslen = descriptions | size | minus: 2 %}
{% assign urls = urls | slice: 2, urlslen | split: "$" %}
{% assign titles = titles | slice: 2, titleslen | split: "$" %}
{% assign descriptions = descriptions | slice: 2, descriptionslen | split: "$" %}

78
_includes/toc.html
View File

@ -1,78 +0,0 @@
{% capture tocWorkspace %}
{% comment %}
Version 1.0.2
"...like all things liquid - where there's a will, and ~36 hours to spare, there's usually a/some way" ~jaybe
Usage:
{% include toc.html html=content sanitize=true class="inline_toc" id="my_toc" h_min=2 h_max=3 %}
Parameters:
* html (string) - the HTML of compiled markdown generated by kramdown in Jekyll
Optional Parameters:
* sanitize (bool) : false - when set to true, the headers will be stripped of any HTML in the TOC
* class (string) : '' - a CSS class assigned to the TOC
* id (string) : '' - an ID to assigned to the TOC
* h_min (int) : 1 - the minimum TOC header level to use; any header lower than this value will be ignored
* h_max (int) : 6 - the maximum TOC header level to use; any header greater than this value will be ignored
Output:
An unordered list representing the table of contents of a markdown block. This snippet will only generate the table of contents and will NOT output the markdown given to it
{% endcomment %}
{% capture my_toc %}{% endcapture %}
{% assign minHeader = include.h_min | default: 1 %}
{% assign maxHeader = include.h_max | default: 6 %}
{% assign nodes = include.html | split: '<h' %}
{% assign firstHeader = true %}
{% for node in nodes %}
{% if node == "" %}
{% continue %}
{% endif %}
{% assign headerLevel = node | replace: '"', '' | slice: 0, 1 | times: 1 %}
{% if headerLevel < minHeader or headerLevel > maxHeader %}
{% continue %}
{% endif %}
{% if firstHeader %}
{% assign firstHeader = false %}
{% assign minHeader = headerLevel %}
{% endif %}
{% assign indentAmount = headerLevel | minus: minHeader | add: 1 %}
{% assign _workspace = node | split: '</h' %}
{% assign _idWorkspace = _workspace[0] | split: 'id="' %}
{% assign _idWorkspace = _idWorkspace[1] | split: '"' %}
{% assign html_id = _idWorkspace[0] %}
{% capture _hAttrToStrip %}{{ _workspace[0] | split: '>' | first }}>{% endcapture %}
{% assign header = _workspace[0] | replace: _hAttrToStrip, '' %}
{% assign space = '' %}
{% for i in (1..indentAmount) %}
{% assign space = space | prepend: ' ' %}
{% endfor %}
{% capture my_toc %}{{ my_toc }}
{{ space }}- [{% if include.sanitize %}{{ header | strip_html }}{% else %}{{ header }}{% endif %}](#{{ html_id }}){% endcapture %}
{% endfor %}
{% if include.class %}
{% capture my_toc %}{:.{{ include.class }}}
{{ my_toc | lstrip }}{% endcapture %}
{% endif %}
{% if include.id %}
{% capture my_toc %}{: #{{ include.id }}}
{{ my_toc | lstrip }}{% endcapture %}
{% endif %}
{% endcapture %}
{% assign tocWorkspace = '' %}
{% assign toc = my_toc | markdownify | strip %}
{% assign emptyTOC = firstHeader %}

4
_layouts/about.html
View File

@ -1,4 +0,0 @@
---
layout: default
---
{% include primary.html collection=site.about singlecard=true %}

105
_layouts/base.html
View File

@ -1,105 +0,0 @@
---
layout: compress
---
{% include home.html %}
<!DOCTYPE html>
<html lang="en" itemscope itemtype="https://schema.org/WebPage">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="theme-color" content="#466BB0"/>
{% if page.description == nil %}
{% assign description = "An open platform to connect, manage, and secure microservices." %}
{% else %}
{% assign description = page.description %}
{% endif %}
<meta name="title" content="{{page.title}}">
<meta name="description" content="{{description}}">
<!-- Open Graph protocol -->
<meta name="og:title" content="{{page.title}}">
<meta name="og:description" content="{{description}}">
<meta name="og:url" content="{{page.url}}">
<meta name="og.site_name" content="Istio">
{% if site.data.istio.archive %}
{% if page.title == 'Istio' %}
<title>Istioldie {{site.data.istio.version}}</title>
{% else %}
<title>Istioldie {{site.data.istio.version}} / {{ page.title }}</title>
{% endif %}
{% elsif site.data.istio.preliminary %}
{% if page.title == 'Istio' %}
<title>Istio Prelim {{site.data.istio.version}}</title>
{% else %}
<title>Istio Prelim {{site.data.istio.version}} / {{ page.title }}</title>
{% endif %}
{% else %}
{% if page.title == 'Istio' %}
<title>Istio</title>
{% else %}
<title>Istio / {{ page.title }}</title>
{% endif %}
{% endif %}
<!-- Google Analytics -->
<script>
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-98480406-1', 'auto');
ga('send', 'pageview');
</script>
<script async src='https://www.google-analytics.com/analytics.js'></script>
<!-- End Google Analytics -->
<!-- RSS -->
<link rel="alternate" type="application/rss+xml" title="Istio Blog RSS" href="{{home}}/feed.xml">
<!-- Favicons: generated from img/istio-logo-social.svg by http://cthedot.de/icongen -->
<link rel="shortcut icon" href="{{home}}/favicons/favicon.ico" >
<link rel="apple-touch-icon" href="{{home}}/favicons/apple-touch-icon-180x180.png" sizes="180x180">
<link rel="icon" type="image/png" href="{{home}}/favicons/favicon-16x16.png" sizes="16x16">
<link rel="icon" type="image/png" href="{{home}}/favicons/favicon-32x32.png" sizes="32x32">
<link rel="icon" type="image/png" href="{{home}}/favicons/android-36x36.png" sizes="36x36">
<link rel="icon" type="image/png" href="{{home}}/favicons/android-48x48.png" sizes="48x48">
<link rel="icon" type="image/png" href="{{home}}/favicons/android-72x72.png" sizes="72x72">
<link rel="icon" type="image/png" href="{{home}}/favicons/android-96x196.png" sizes="96x196">
<link rel="icon" type="image/png" href="{{home}}/favicons/android-144x144.png" sizes="144x144">
<link rel="icon" type="image/png" href="{{home}}/favicons/android-192x192.png" sizes="192x192">
<!-- app manifests -->
<link rel="manifest" href="{{home}}/manifest.json">
<meta name="apple-mobile-web-app-title" content="Istio">
<meta name="application-name" content="Istio">
<!-- style sheets -->
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic,900,900italic">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.6/css/all.css">
<link rel="stylesheet" href="{{home}}/css/light_theme.css" title="light">
<link rel="alternate stylesheet" href="{{home}}/css/dark_theme.css" title="dark">
<script src="{{home}}/js/styleSwitcher.min.js"></script>
</head>
<body class="language-unknown theme-unknown">
{{ content }}
<div class="d-xl-none d-print-none">
<button id="scroll-to-top" aria-hidden="true" onclick="scrollToTop()" title="Back to top"><i class="fa fa-lg fa-arrow-up"></i></button>
</div>
<!-- libraries we pull in -->
<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js"></script>
<script src="https://www.google.com/cse/brand?form=search_form"></script>
<!-- our own scripts -->
<script src="{{home}}/js/misc.min.js"></script>
<script src="{{home}}/js/prism.min.js" data-manual></script>
</body>
</html>

6
_layouts/blog.html
View File

@ -1,6 +0,0 @@
---
layout: default
---
<div class="blog">
{% include primary.html collection=site.blog bloghack=true %}
</div>

15
_layouts/community.html
View File

@ -1,15 +0,0 @@
---
layout: default
---
<div class="container-fluid community">
<div class="row">
<div class="col-12 col-md-3 col-xl-2"></div>
<div class="col-12 col-md-9 col-xl-10">
<main role="main">
<h1>{{page.title}}</h1>
{{ content}}
</main>
</div>
</div>
</div>

10
_layouts/compress.html
View File

@ -1,10 +0,0 @@
---
# Jekyll layout that compresses HTML
# v3.0.2
# http://jch.penibelst.de/
# © 20142015 Anatol Broder
# MIT License
---
{% capture _LINE_FEED %}
{% endcapture %}{% if site.compress_html.ignore.envs contains jekyll.environment %}{{ content }}{% else %}{% capture _content %}{{ content }}{% endcapture %}{% assign _profile = site.compress_html.profile %}{% if site.compress_html.endings == "all" %}{% assign _endings = "html head body li dt dd p rt rp optgroup option colgroup caption thead tbody tfoot tr td th" | split: " " %}{% else %}{% assign _endings = site.compress_html.endings %}{% endif %}{% for _element in _endings %}{% capture _end %}</{{ _element }}>{% endcapture %}{% assign _content = _content | remove: _end %}{% endfor %}{% if _profile and _endings %}{% assign _profile_endings = _content | size | plus: 1 %}{% endif %}{% for _element in site.compress_html.startings %}{% capture _start %}<{{ _element }}>{% endcapture %}{% assign _content = _content | remove: _start %}{% endfor %}{% if _profile and site.compress_html.startings %}{% assign _profile_startings = _content | size | plus: 1 %}{% endif %}{% if site.compress_html.comments == "all" %}{% assign _comments = "<!-- -->" | split: " " %}{% else %}{% assign _comments = site.compress_html.comments %}{% endif %}{% if _comments.size == 2 %}{% capture _comment_befores %}.{{ _content }}{% endcapture %}{% assign _comment_befores = _comment_befores | split: _comments.first %}{% for _comment_before in _comment_befores %}{% if forloop.first %}{% continue %}{% endif %}{% capture _comment_outside %}{% if _carry %}{{ _comments.first }}{% endif %}{{ _comment_before }}{% endcapture %}{% capture _comment %}{% unless _carry %}{{ _comments.first }}{% endunless %}{{ _comment_outside | split: _comments.last | first }}{% if _comment_outside contains _comments.last %}{{ _comments.last }}{% assign _carry = false %}{% else %}{% assign _carry = true %}{% endif %}{% endcapture %}{% assign _content = _content | remove_first: _comment %}{% endfor %}{% if _profile %}{% assign _profile_comments = _content | size | plus: 1 %}{% endif %}{% endif %}{% assign _pre_befores = _content | split: "<pre" %}{% assign _content = "" %}{% for _pre_before in _pre_befores %}{% assign _pres = _pre_before | split: "</pre>" %}{% assign _pres_after = "" %}{% if _pres.size != 0 %}{% if site.compress_html.blanklines %}{% assign _lines = _pres.last | split: _LINE_FEED %}{% capture _pres_after %}{% for _line in _lines %}{% assign _trimmed = _line | split: " " | join: " " %}{% if _trimmed != empty or forloop.last %}{% unless forloop.first %}{{ _LINE_FEED }}{% endunless %}{{ _line }}{% endif %}{% endfor %}{% endcapture %}{% else %}{% assign _pres_after = _pres.last | split: " " | join: " " %}{% endif %}{% endif %}{% capture _content %}{{ _content }}{% if _pre_before contains "</pre>" %}<pre{{ _pres.first }}</pre>{% endif %}{% unless _pre_before contains "</pre>" and _pres.size == 1 %}{{ _pres_after }}{% endunless %}{% endcapture %}{% endfor %}{% if _profile %}{% assign _profile_collapse = _content | size | plus: 1 %}{% endif %}{% if site.compress_html.clippings == "all" %}{% assign _clippings = "html head title base link meta style body article section nav aside h1 h2 h3 h4 h5 h6 hgroup header footer address p hr blockquote ol ul li dl dt dd figure figcaption main div table caption colgroup col tbody thead tfoot tr td th" | split: " " %}{% else %}{% assign _clippings = site.compress_html.clippings %}{% endif %}{% for _element in _clippings %}{% assign _edges = " <e;<e; </e>;</e>;</e> ;</e>" | replace: "e", _element | split: ";" %}{% assign _content = _content | replace: _edges[0], _edges[1] | replace: _edges[2], _edges[3] | replace: _edges[4], _edges[5] %}{% endfor %}{% if _profile and _clippings %}{% assign _profile_clippings = _content | size | plus: 1 %}{% endif %}{{ _content }}{% if _profile %} <table id="compress_html_profile_{{ site.time | date: "%Y%m%d" }}" class="compress_html_profile"> <thead> <tr> <td>Step <td>Bytes <tbody> <tr> <td>raw <td>{{ content | size }}{% if _profile_endings %} <tr> <td>endings <td>{{ _profile_endings }}{% endif %}{% if _profile_startings %} <tr> <td>startings <td>{{ _profile_startings }}{% endif %}{% if _profile_comments %} <tr> <td>comments <td>{{ _profile_comments }}{% endif %}{% if _profile_collapse %} <tr> <td>collapse <td>{{ _profile_collapse }}{% endif %}{% if _profile_clippings %} <tr> <td>clippings <td>{{ _profile_clippings }}{% endif %} </table>{% endif %}{% endif %}

6
_layouts/default.html
View File

@ -1,6 +0,0 @@
---
layout: base
---
{% include header.html %}
{{ content }}
{% include footer.html %}

4
_layouts/docs.html
View File

@ -1,4 +0,0 @@
---
layout: default
---
{% include primary.html collection=site.docs %}

4
_layouts/help.html
View File

@ -1,4 +0,0 @@
---
layout: default
---
{% include primary.html collection=site.help singlecard=true %}

6
_layouts/landing.html
View File

@ -1,6 +0,0 @@
---
layout: default
---
<main class="landing">
{{ content }}
</main>

12
_layouts/notfound.html
View File

@ -1,12 +0,0 @@
---
layout: default
---
<div class="container-fluid">
<div class="row notfound">
<div class="col-12">
<main role="main">
{{ content}}
</main>
</div>
</div>
</div>

4
_layouts/pkg-collateral-docs.html
View File

@ -1,4 +0,0 @@
---
layout: docs
---
{{content}}

4
_layouts/protoc-gen-docs.html
View File

@ -1,4 +0,0 @@
---
layout: docs
---
{{content}}

2
_rake_config_override.yml
View File

@ -1,2 +0,0 @@
destination: _rakesite/test
baseurl: /test

11
archetypes/blog.md Normal file
View File

@ -0,0 +1,11 @@
---
title: My Title
subtitle: My optional on-line subtitle
description: My one-line description for the page
publishdate: 2017-05-24
attribution: My Name
weight: 0
---
## What's next

11
archetypes/default.md Normal file
View File

@ -0,0 +1,11 @@
---
title: My Title
description: My one-line description for the page
weight: 0
---
## Before you begin
## Cleaning up
## What's next

25
config.toml Normal file
View File

@ -0,0 +1,25 @@
defaultContentLanguage = "en"
languageCode = "en-us"
metaDataFormat = "yaml"
title = "Istio"
uglyURLs = false
enableRobotsTXT = true
googleAnalytics = "UA-98480406-1"
pluralizeListTitles = false
canonifyURLs = false
disableKinds = ["taxonomy", "taxonomyTerm"]
anchor = "smart"
# MARKDOWN
## Configuration for BlackFriday markdown parser: https://github.com/russross/blackfriday
[blackfriday]
plainIDAnchors = true
# See https://github.com/gohugoio/hugo/issues/2424
hrefTargetBlank = false
angledQuotes = false
latexDashes = true
extensions = [""]
[outputs]
home = ["HTML"]
section = ["HTML"]

3
content/_index.md Normal file
View File

@ -0,0 +1,3 @@
---
title: Istio
---

19
content/about/_index.md Normal file
View File

@ -0,0 +1,19 @@
---
title: About Istio
description: All about Istio.
weight: 15
toc: false
---
Get a bit more in-depth info about the Istio project.
- [What is Istio?](/about/intro/). Get some context about what problems Istio is designed to solve.
- [Release Notes](/about/notes/). Learn about the latest features, improvements, and bug fixes.
- [Feature Status](/about/feature-stages/). Get a detailed list of Istio's individual features and their relative
maturity and support level.
- [Contributing to the Docs](/about/contribute/). Learn how you can help contribute to improve Istio's documentation.

6
_about/contribute/index.md → content/about/contribute/_index.md
View File

@ -2,9 +2,7 @@
title: Contributing to the Docs
description: Learn how to contribute to improve and expand the Istio documentation.
weight: 100
toc: false
redirect_from:
type: section-index
aliases:
- /docs/welcome/contribute/index.html
---
{% include section-index.html docs=site.about %}

8
_about/contribute/creating-a-pull-request.md → content/about/contribute/creating-a-pull-request.md
View File

@ -2,7 +2,7 @@
title: Creating a Pull Request
description: Shows you how to create a GitHub pull request in order to submit your docs for approval.
weight: 20
redirect_from:
aliases:
- /docs/welcome/contribute/creating-a-pull-request.html
---
@ -35,8 +35,8 @@ documentation repository in your GitHub account. The copy is called a *fork*.
a new branch to use for your contribution.
1. In your new branch, make your changes and commit them. If you want to
[write a new topic](./writing-a-new-topic.html),
choose the [page-type](./writing-a-new-topic.html#choosing-a-page-type)
[write a new topic](/about/contribute/writing-a-new-topic/),
choose the [page-type](/about/contribute/writing-a-new-topic/#choosing-a-page-type)
that is the best fit for your content.
## Submitting a pull request
@ -56,4 +56,4 @@ If needed, revise your pull request by committing changes to your
new branch in your fork.
> Once your changes have been committed, they will show up immediately on [preliminary.istio.io](https://preliminary.istio.io), but
will only show up on [istio.io](http://istio.io) the next time we produce a new release, which happens around once a month.
will only show up on [istio.io](https://istio.io) the next time we produce a new release, which happens around once a month.

4
_about/contribute/editing.md → content/about/contribute/editing.md
View File

@ -2,7 +2,7 @@
title: Editing Docs
description: Lets you start editing this site's documentation.
weight: 10
redirect_from:
aliases:
- /docs/welcome/contribute/editing.html
---
@ -14,4 +14,4 @@ are ready to send those changes to us, go to the index page for your fork and cl
<a class="btn btn-istio" href="https://github.com/istio/istio.github.io/">Browse this site's source code</a>
> Once your changes have been committed, they will show up immediately on [preliminary.istio.io](https://preliminary.istio.io), but
will only show up on [istio.io](http://istio.io) the next time we produce a new release, which happens around once a month.
will only show up on [istio.io](https://istio.io) the next time we produce a new release, which happens around once a month.

4
_about/contribute/reviewing-doc-issues.md → content/about/contribute/reviewing-doc-issues.md
View File

@ -1,10 +1,8 @@
---
title: Doc Issues
description: Explains the process involved in accepting documentation updates.
weight: 60
redirect_from:
aliases:
- /docs/welcome/contribute/reviewing-doc-issues.html
---

28
content/about/contribute/staging-your-changes.md Normal file
View File

@ -0,0 +1,28 @@
---
title: Staging Your Changes
description: Explains how to test your changes locally before submitting them.
weight: 40
aliases:
- /docs/welcome/contribute/staging-your-changes.html
---
This page shows how to stage content that you want to contribute
to the Istio documentation.
## Before you begin
Create a fork of the Istio documentation repository as described in
[Creating a Doc Pull Request](/about/contribute/creating-a-pull-request/).
## Staging locally
See [Detailed instructions and options on GitHub](https://github.com/istio/istio.github.io/blob/master/README.md)
Once Hugo is running, you can open a web browser and go to `http://localhost:1313` to see your
changes. You can make further changes to the content in your repo and just refresh your browser page to see
the results, no need to restart Hugo all the time.
## Staging from your GitHub account
Once you push a PR from your fork to the istio.github.io's master branch, your PR page on GitHub will show a link to a staging site
built automatically for your PR. This is useful for folks trying to review your changes.

6
_about/contribute/style-guide.md → content/about/contribute/style-guide.md
View File

@ -1,10 +1,8 @@
---
title: Style Guide
description: Explains the dos and donts of writing Istio docs.
weight: 70
redirect_from:
aliases:
- /docs/welcome/contribute/style-guide.html
- /docs/reference/contribute/style-guide.html
---
@ -17,7 +15,7 @@ propose changes to this document in a pull request.
For additional information on creating new content for the Istio
docs, follow the instructions on
[Creating a Doc Pull Request](./creating-a-pull-request.html).
[Creating a Doc Pull Request](/about/contribute/creating-a-pull-request/).
## Formatting standards

55
_about/contribute/writing-a-new-topic.md → content/about/contribute/writing-a-new-topic.md
View File

@ -2,17 +2,16 @@
title: Writing a New Topic
description: Explains the mechanics of creating new documentation pages.
weight: 30
redirect_from:
aliases:
- /docs/welcome/contribute/writing-a-new-topic.html
---
{% include home.html %}
This page shows how to create a new Istio documentation topic.
## Before you begin
You first need to create a fork of the Istio documentation repository as described in
[Creating a Doc Pull Request](./creating-a-pull-request.html).
[Creating a Doc Pull Request](/about/contribute/creating-a-pull-request/).
## Choosing a page type
@ -76,8 +75,8 @@ all in lower case.
## Updating the front matter
Every documentation file needs to start with Jekyll
[front matter](https://jekyllrb.com/docs/frontmatter/).
Every documentation file needs to start with
[front matter](https://gohugo.io/content-management/front-matter/).
The front matter is a block of YAML that is between the
triple-dashed lines at the top of each file. Here's the
chunk of front matter you should start with:
@ -99,9 +98,8 @@ matter fields are:
|`title` | The short title of the page
|`description` | A one-line description of what the topic is about
|`weight` | An integer used to determine the sort order of this page relative to other pages in the same directory.
|`layout` | Indicates which of the Jekyll layouts this page uses
|`draft` | When true, prevents the page from showing up in any navigation area
|`publishdate` | For blog posts, indicates the date of publication of the post
|`publishdate` | For blog posts, indicates the date of publication of the post
|`subtitle` | For blog posts, supplies an optional subtitle to be displayed below the main title
|`attribution` | For blog posts, supplies an optional author's name
|`toc` | Set this to false to prevent the page from having a table of contents generated for it
@ -135,14 +133,12 @@ if needed.
Within markdown, use the following sequence to add the image:
```html
{% raw %}
{% include image.html width="75%" ratio="69.52%"
{{</* image width="75%" ratio="69.52%"
link="./img/myfile.svg"
alt="Alternate text to display when the image is not available"
title="A tooltip displayed when hovering over the image"
caption="A caption displayed under the image"
%}
{% endraw %}
*/>}}
```
The `width`, `ratio`, `link` and `caption` values are required. If the `title` value isn't
@ -157,14 +153,14 @@ relative to the surrounding text. `ratio` (image height / image width) * 100.
There are three types of links that can be included in documentation. Each uses a different
way to indicate the link target:
- **Internet Link**. You use classic URL syntax, preferably with the HTTPS protocol, to reference
1. **Internet Link**. You use classic URL syntax, preferably with the HTTPS protocol, to reference
files on the Internet:
```markdown
[see here](https://mysite/myfile.html)
```
- **Relative Link**. You use relative links that start with a period to
1. **Relative Link**. You use relative links that start with a period to
reference any content that is at the same level as the current file, or below within
the hierarchy of the site:
@ -172,25 +168,13 @@ the hierarchy of the site:
[see here](./adir/anotherfile.html)
```
- **Absolute Link**. You use absolute links with the special \{\{home\}\} notation to reference content outside of the
1. **Absolute Link**. You use absolute links that start with a `/` to reference content outside of the
current hierarchy:
```markdown
{% raw %}[see here]({{home}}/docs/adir/afile.html){% endraw %}
[see here](/docs/adir/afile/)
```
In order to use \{\{home\}\} in a file,
you need to make sure that the file contains the following
line of boilerplate right after the block of front matter:
```markdown
...
---
{% raw %}{% include home.html %}{% endraw %}
```
Adding this include statement is what defines the `home` variable that is used in the link target.
## Embedding preformatted blocks
You can embed blocks of preformatted content using the normal markdown technique:
@ -282,15 +266,14 @@ instead of merely `command` in order to apply syntax coloring to the command's o
## Displaying file content
You can pull in an external file and display its content as a preformatted block. This is handy to display a
config file or a test file. To do so, you use a Jekyll include statement such as:
config file or a test file. To do so, you use a statement such as:
```html
{% raw %}{% include file-content.html url='https://raw.githubusercontent.com/istio/istio/master/Makefile' %}{% endraw %}
```markdown
{{</* file_content url="https://raw.githubusercontent.com/istio/istio/master/Makefile" */>}}
```
which produces the following result:
{% include file-content.html url='https://raw.githubusercontent.com/istio/istio/master/Makefile' %}
{{< file_content url="https://raw.githubusercontent.com/istio/istio/master/Makefile" >}}
If the file is from a different origin site, CORS should be enabled on that site. Note that the
GitHub raw content site (raw.githubusercontent.com) is CORS
@ -308,7 +291,7 @@ In the page that is the target of the redirect (where you'd like users to land),
following to the front-matter:
```plain
redirect_from:
aliases:
- <url>
```
@ -319,14 +302,14 @@ For example
title: Frequently Asked Questions
description: Questions Asked Frequently
weight: 12
redirect_from:
aliases:
- /faq
---
```
With the above in a page saved as _help/faq.md, the user will be able to access the page by going
to istio.io/help/faq as normal, as well as istio.io/faq.
to `istio.io/help/faq/` as normal, as well as `istio.io/faq/`.
You can also add many redirects like so:
@ -335,7 +318,7 @@ You can also add many redirects like so:
title: Frequently Asked Questions
description: Questions Asked Frequently
weight: 12
redirect_from:
aliases:
- /faq
- /faq2
- /faq3

102
content/about/feature-stages.md Normal file
View File

@ -0,0 +1,102 @@
---
title: Feature Status
description: List of features and their release stages.
weight: 10
aliases:
- /docs/reference/release-roadmap.html
- /docs/reference/feature-stages.html
- /docs/welcome/feature-stages.html
---
This page lists the relative maturity and support
level of every Istio feature. Please note that the phases (Alpha, Beta, and Stable) are applied to individual features
within the project, not to the project as a whole. Here is a high level description of what these labels means:
## Feature phase definitions
| | Alpha | Beta | Stable
|-------------------|-------------------|-------------------|-------------------
| **Purpose** | Demo-able, works end-to-end but has limitations | Usable in production, not a toy anymore | Dependable, production hardened
| **API** | No guarantees on backward compatibility | APIs are versioned | Dependable, production-worthy. APIs are versioned, with automated version conversion for backward compatibility
| **Performance** | Not quantified or guaranteed | Not quantified or guaranteed | Performance (latency/scale) is quantified, documented, with guarantees against regression
| **Deprecation Policy** | None | Weak - 3 months | Dependable, Firm. 1 year notice will be provided before changes
## Istio features
Below is our list of existing features and their current phases. This information will be updated after every monthly release.
### Traffic management
| Feature | Phase
|-------------------|-------------------
| [Protocols: HTTP 1.1](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http_connection_management.html#http-protocols) | Beta
| [Protocols: HTTP 2.0](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http_connection_management.html#http-protocols) | Alpha
| [Protocols: gRPC](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/grpc) | Alpha
| [Protocols: TCP](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/tcp_proxy) | Alpha
| [Protocols: WebSocket](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/websocket) | Alpha
| [Protocols: MongoDB](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/mongo) | Alpha
| [Routing Rules: Retry](/docs/tasks/traffic-management/request-routing/) | Alpha
| [Routing Rules: Timeout](/docs/tasks/traffic-management/request-routing/) | Alpha
| [Routing Rules: Circuit Break](/docs/tasks/traffic-management/request-routing/) | Alpha
| [Routing Rules: Header Rewrite](/docs/tasks/traffic-management/request-routing/) | Alpha
| [Routing Rules: Traffic Splitting](/docs/tasks/traffic-management/request-routing/) | Alpha
| [Improved Routing Rules: Composite Service](/docs/reference/config/istio.networking.v1alpha3/) | Alpha
| [Quota / Redis Rate Limiting (Adapter and Server)](/docs/tasks/policy-enforcement/rate-limiting/) | Alpha
| [Memquota Implementation and Integration](/docs/tasks/telemetry/metrics-logs/) | Stable
| [Ingress TLS](/docs/tasks/traffic-management/ingress/) | Alpha
| Egress Policy and Telemetry | Alpha
### Observability
| Feature | Phase
|-------------------|-------------------
| [Prometheus Integration](/docs/guides/telemetry/) | Beta
| [Local Logging (STDIO)](/docs/guides/telemetry/) | Stable
| [Statsd Integration](/docs/reference/config/policy-and-telemetry/adapters/statsd/) | Stable
| [Service Dashboard in Grafana](/docs/tasks/telemetry/using-istio-dashboard/) | Beta
| [Stackdriver Integration](/docs/reference/config/policy-and-telemetry/adapters/stackdriver/) | Alpha
| [Service Graph](/docs/tasks/telemetry/servicegraph/) | Alpha
| [Distributed Tracing to Zipkin / Jaeger](/docs/tasks/telemetry/distributed-tracing/) | Alpha
| [Istio Component Dashboard in Grafana](/docs/tasks/telemetry/using-istio-dashboard/) | Beta
| [Service Tracing](/docs/tasks/telemetry/distributed-tracing/) | Alpha
### Security
| Feature | Phase
|-------------------|-------------------
| [Deny Checker](/docs/reference/config/policy-and-telemetry/adapters/denier/) | Stable
| [List Checker](/docs/reference/config/policy-and-telemetry/adapters/list/) | Stable
| [Kubernetes: Service Credential Distribution](/docs/concepts/security/mutual-tls/) | Stable
| [Pluggable Key/Cert Support for Istio CA](/docs/tasks/security/plugin-ca-cert/) | Stable
| [Service-to-service mutual TLS](/docs/concepts/security/mutual-tls/) | Stable
| [Incremental Enablement of service-to-service mutual TLS](/docs/tasks/security/per-service-mtls/) | Alpha
| [VM: Service Credential Distribution](/docs/concepts/security/mutual-tls/) | Alpha
| [OPA Checker](https://github.com/istio/istio/blob/41a8aa4f75f31bf0c1911d844a18da4cff8ac584/mixer/adapter/opa/README.md) | Alpha
| RBAC Mixer Adapter | Alpha
| [API Keys](/docs/reference/config/policy-and-telemetry/templates/apikey/) | Alpha
### Core
| Feature | Phase
|-------------------|-------------------
| [Kubernetes: Envoy Installation and Traffic Interception](/docs/setup/kubernetes/) | Beta
| [Kubernetes: Istio Control Plane Installation](/docs/setup/kubernetes/) | Beta
| [Pilot Integration into Kubernetes Service Discovery](/docs/setup/kubernetes/) | Stable
| [Attribute Expression Language](/docs/reference/config/policy-and-telemetry/expression-language/) | Stable
| [Mixer Adapter Authoring Model](/blog/2017/adapter-model/) | Stable
| [VM: Envoy Installation, Traffic Interception and Service Registration](/docs/guides/integrating-vms/) | Alpha
| [VM: Istio Control Plane Installation and Upgrade (Galley, Mixer, Pilot, CA)](https://github.com/istio/istio/issues/2083) | Alpha
| VM: Ansible Envoy Installation, Interception and Registration | Alpha
| [Kubernetes: Istio Control Plane Upgrade](/docs/setup/kubernetes/) | Beta
| [Pilot Integration into Consul](/docs/setup/consul/quick-start/) | Alpha
| [Pilot Integration into Eureka](/docs/setup/consul/quick-start/) | Alpha
| [Pilot Integration into Cloud Foundry Service Discovery](/docs/setup/consul/quick-start/) | Alpha
| [Basic Config Resource Validation](https://github.com/istio/istio/issues/1894) | Alpha
| Mixer Telemetry Collection (Tracing, Logging, Monitoring) | Alpha
| [Custom Mixer Build Model](https://github.com/istio/istio/wiki/Mixer-Adapter-Dev-Guide) | Alpha
| Enable API attributes using an IDL | Alpha
| [Helm](/docs/setup/kubernetes/helm-install/) | Alpha
| [Multicluster Mesh](/docs/setup/kubernetes/multicluster-install/) | Alpha
> <img src="/img/bulb.svg" alt="Bulb" title="Help" style="width: 32px; display:inline" />
Please get in touch by joining our [community](/community/) if there are features you'd like to see in our future releases!

3
_about/intro.md → content/about/intro.md
View File

@ -1,10 +1,7 @@
---
title: What is Istio?
description: Context about what problems Istio is designed to solve.
weight: 1
toc: false
---
Istio is an open platform that provides a uniform way to connect, manage,

4
_about/notes/0.1.md → content/about/notes/0.1.md
View File

@ -1,10 +1,8 @@
---
title: Istio 0.1
weight: 100
toc: false
redirect_from:
aliases:
- /docs/welcome/notes/0.1.html
---

4
_about/notes/0.2.md → content/about/notes/0.2.md
View File

@ -1,9 +1,7 @@
---
title: Istio 0.2
weight: 99
redirect_from:
aliases:
- /docs/welcome/notes/0.2.html
---

10
_about/notes/0.3.md → content/about/notes/0.3.md
View File

@ -1,18 +1,14 @@
---
title: Istio 0.3
weight: 98
redirect_from:
aliases:
- /docs/welcome/notes/0.3.html
---
{% include home.html %}
## General
Starting with 0.3, Istio is switching to a monthly release cadence. We hope this will help accelerate our ability
to deliver timely improvements. See [here]({{home}}/about/feature-stages.html) for information on the state of individual features
to deliver timely improvements. See [here](/about/feature-stages/) for information on the state of individual features
for this release.
This is a fairly modest release in terms of new features as the team put emphasis on internal
@ -36,7 +32,7 @@ which helps with incremental migration to Istio.
significant drop in average latency for authorization checks.
- **Improved list Adapter**. The Mixer 'list' adapter now supports regular expression matching. See the adapter's
[configuration options]({{home}}/docs/reference/config/policy-and-telemetry/adapters/list.html) for details.
[configuration options](/docs/reference/config/policy-and-telemetry/adapters/list/) for details.
- **Config Validation**. Mixer does more extensive validation of configuration state in order to catch problems earlier.
We expect to invest more in this area in coming releases.

7
_about/notes/0.4.md → content/about/notes/0.4.md
View File

@ -1,13 +1,10 @@
---
title: Istio 0.4
weight: 97
toc: false
redirect_from:
aliases:
- /docs/welcome/notes/0.4.html
---
{% include home.html %}
This release has only got a few weeks' worth of changes, as we stabilize our monthly release process.
In addition to the usual pile of bug fixes and performance improvements, this release includes:
@ -22,7 +19,7 @@ possible for Pilot to discover CF services and service instances.
- **Helm Charts**. We now provide helm charts to install Istio.
- **Enhanced Attribute Expressions**. Mixer's expression language gained a few new functions
to make it easier to write policy rules. [Learn more]({{home}}/docs/reference/config/policy-and-telemetry/expression-language.html)
to make it easier to write policy rules. [Learn more](/docs/reference/config/policy-and-telemetry/expression-language/)
If you're into the nitty-gritty details, you can see our more detailed low-level
release notes [here](https://github.com/istio/istio/wiki/v0.4.0).

13
_about/notes/0.5.md → content/about/notes/0.5.md
View File

@ -1,10 +1,7 @@
---
title: Istio 0.5
weight: 96
---
{% include home.html %}
In addition to the usual pile of bug fixes and performance improvements, this release includes the new or
updated features detailed below.
@ -19,7 +16,7 @@ information on customized Istio deployments.
[mutating webhook feature](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.9.md#api-machinery) to provide automatic
pod-level proxy injection. Automatic injection requires Kubernetes 1.9 or beyond and
therefore doesn't work on older versions. The alpha initializer mechanism is no longer supported.
[Learn more]({{home}}/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection)
[Learn more](/docs/setup/kubernetes/sidecar-injection/#automatic-sidecar-injection)
- **Revised Traffic Rules**. Based on user feedback, we have made significant changes to Istio's traffic management
(routing rules, destination rules, etc.). We would love your continuing feedback while we polish this in the coming weeks.
@ -30,10 +27,10 @@ therefore doesn't work on older versions. The alpha initializer mechanism is no
providing a flexible fine-grained access control mechanism. [Learn more](https://docs.google.com/document/d/1U2XFmah7tYdmC5lWkk3D43VMAAQ0xkBatKmohf90ICA/edit#heading=h.fmlgl8m03gfy)
- **Istio RBAC**. Mixer now has a role-based access control adapter.
[Learn more]({{home}}/docs/concepts/security/rbac.html)
[Learn more](/docs/concepts/security/rbac/)
- **Fluentd**. Mixer now has an adapter for log collection through [fluentd](https://www.fluentd.org).
[Learn more]({{home}}/docs/tasks/telemetry/fluentd.html)
[Learn more](/docs/tasks/telemetry/fluentd/)
- **Stdio**. The stdio adapter now lets you log to files with support for log rotation & backup, along with a host
of controls.
@ -41,12 +38,12 @@ of controls.
## Security
- **Bring Your Own CA**. There have been many enhancements to the 'bring your own CA' feature.
[Learn more]({{home}}/docs/tasks/security/plugin-ca-cert.html)
[Learn more](/docs/tasks/security/plugin-ca-cert/)
- **PKCS8**. Add support for PKCS8 keys to Istio PKI.
- **Istio RBAC** Istio RBAC provides access control for services in Istio mesh.
[Learn more]({{home}}/docs/concepts/security/rbac.html).
[Learn more](/docs/concepts/security/rbac/).
## Other

13
_about/notes/0.6.md → content/about/notes/0.6.md
View File

@ -1,10 +1,7 @@
---
title: Istio 0.6
weight: 95
---
{% include home.html %}
In addition to the usual pile of bug fixes and performance improvements, this release includes the new or
updated features detailed below.
@ -17,13 +14,13 @@ proxy. [Learn more](https://github.com/mandarjog/istioluawebhook)
## Mixer adapters
- **SolarWinds**. Mixer can now interface to AppOptics and Papertrail.
[Learn more]({{home}}/docs/reference/config/policy-and-telemetry/adapters/solarwinds.html)
[Learn more](/docs/reference/config/policy-and-telemetry/adapters/solarwinds/)
- **Redisquota**. Mixer now supports a Redis-based adapter for rate limit tracking.
[Learn more]({{home}}/docs/reference/config/policy-and-telemetry/adapters/redisquota.html)
[Learn more](/docs/reference/config/policy-and-telemetry/adapters/redisquota/)
- **Datadog**. Mixer now provides an adapter to deliver metric data to a Datadog agent.
[Learn more]({{home}}/docs/reference/config/policy-and-telemetry/adapters/datadog.html)
[Learn more](/docs/reference/config/policy-and-telemetry/adapters/datadog/)
## Other
@ -33,10 +30,10 @@ functionality. This may be useful in large deployments for better scaling of Mix
- **Monitoring Dashboards**. There are now preliminary Mixer & Pilot monitoring dashboard in Grafana.
- **Servicegraph Visualization**. Servicegraph has a new visualization. [Learn more]({{home}}/docs/tasks/telemetry/servicegraph.html).
- **Servicegraph Visualization**. Servicegraph has a new visualization. [Learn more](/docs/tasks/telemetry/servicegraph/).
- **Liveness and Readiness Probes**. Istio components now provide canonical liveness and readiness
probe support to help ensure mesh infrastructure health. [Learn more]({{home}}/docs/tasks/security/health-check.html)
probe support to help ensure mesh infrastructure health. [Learn more](/docs/tasks/security/health-check/)
- **Egress Policy and Telemetry**. Istio can monitor traffic to external services defined by EgressRule or External Service. Istio can also apply
Mixer policies on this traffic.

5
_about/notes/0.7.md → content/about/notes/0.7.md
View File

@ -1,10 +1,7 @@
---
title: Istio 0.7
weight: 94
---
{% include home.html %}
For this release, we focused on improving our build and test infrastructures and increasing the
quality of our tests. As a result, there are no new features for this month.
@ -18,5 +15,5 @@ change in 0.8 and beyond.
Known Issues:
Our [helm chart](https://istio.io/docs/setup/kubernetes/helm.html)
Our [helm chart](/docs/setup/kubernetes/helm-install/)
currently requires some workaround to apply the chart correctly, see [4701](https://github.com/istio/istio/issues/4701) for details.

16
_about/notes/0.8.md → content/about/notes/0.8.md
View File

@ -1,9 +1,7 @@
---
title: Istio 0.8
weight: 93
---
{% include home.html %}
In addition to the usual pile of bug fixes and performance improvements, this release includes the new or
updated features detailed below.
@ -11,17 +9,17 @@ updated features detailed below.
## Networking
- **Revamped Traffic Management Model**. We're finally ready to take the wraps off our
[new traffic management configuration model]({{home}}/blog/2018/v1alpha3-routing.html).
[new traffic management configuration model](/blog/2018/v1alpha3-routing/).
This model adds many new features and addresses usability issues
with the prior model. There is a conversion tool built into `istioctl` to help migrate your config from
the old model. [Try out the new traffic management model]({{home}}/docs/tasks/traffic-management).
the old model. [Try out the new traffic management model](/docs/tasks/traffic-management).
- **Envoy V2**. Users can choose to inject Envoy V2 as the sidecar. In this mode, Pilot uses Envoy's new API to push configuration to the data plane. This new approach
increases effective scalability and should eliminate spurious 404 errors. [TBD: docs on how to control this?]
- **Gateway for Ingress/Egress**. We no longer support combining Kubernetes Ingress specs with Istio route rules,
as it has led to several bugs and reliability issues. Istio now supports a platform independent ingress/egress
[Gateway]({{home}}/docs/concepts/traffic-management/rules-configuration.html#gateways) that works across
[Gateway](/docs/concepts/traffic-management/rules-configuration/#gateways) that works across
Kubernetes and Cloud Foundry and works seamlessly with the routing rules.
- **Constrained Inbound Ports**. We now restrict the inbound ports in a pod to the ones declared by the apps running inside that pod.
@ -36,7 +34,7 @@ and workloads can authenticate each other across the mesh.
- **Authentication Policy**. We've introduced authentication policy that can be used to configure service-to-service
authentication (mutual TLS) and end user authentication. This is the recommended way for enabling mutual TLS
(over the existing config flag and service annotations). [Learn more]({{home}}/docs/tasks/security/authn-policy.html).
(over the existing config flag and service annotations). [Learn more](/docs/tasks/security/authn-policy/).
## Telemetry
@ -48,13 +46,13 @@ Istio telemetry pipeline, just like services in the mesh.
- **A la Carte Istio**. Istio has a rich set of features, however you don't need to install or consume them all together. By using
Helm or `istioctl gen-deploy`, users can install only the features they want. For example, users can install Pilot only and enjoy traffic
management functionality without dealing with Mixer or Citadel.
Learn more about [customization through Helm](https://istio.io/docs/setup/kubernetes/helm-install.html#customization-with-helm)
and about [`istioctl gen-deploy`](https://istio.io/docs/reference/commands/istioctl.html#istioctl%20gen-deploy).
Learn more about [customization through Helm](/docs/setup/kubernetes/helm-install/#customization-with-helm)
and about [`istioctl gen-deploy`](/docs/reference/commands/istioctl/#istioctl%20gen-deploy).
## Mixer adapters
- **CloudWatch**. Mixer can now report metrics to AWS CloudWatch.
[Learn more]({{home}}/docs/reference/config/policy-and-telemetry/adapters/cloudwatch.html)
[Learn more](/docs/reference/config/policy-and-telemetry/adapters/cloudwatch/)
## Known issues with 0.8

8
_about/notes/index.md → content/about/notes/_index.md
View File

@ -2,17 +2,17 @@
title: Release Notes
description: Description of features and improvements for every Istio release.
weight: 5
redirect_from:
type: section-index
aliases:
- /docs/reference/release-notes.html
- /release-notes
- /docs/welcome/notes/index.html
- /docs/references/notes
toc: false
---
{% include section-index.html docs=site.about %}
The latest Istio monthly release is {{site.data.istio.version}} ([release notes]({{site.data.istio.version}}.html)). You can
[download {{site.data.istio.version}}](https://github.com/istio/istio/releases) with:
The latest Istio snapshot release is {{< istio_version >}} ([release notes](/about/notes/{{< istio_version >}}/)). You can
[download {{< istio_version >}}](https://github.com/istio/istio/releases) with:
```command
$ curl -L https://git.io/getLatestIstio | sh -

3
_about/release-cadence.md → content/about/release-cadence.md
View File

@ -3,7 +3,6 @@ title: Build & Release Cadence
description: How we manage, number, and support Istio releases.
weight: 5
---
{% include home.html %}
We produce new builds of Istio on a daily basis. Around once a month or so, we take one of these daily
builds and run it through a number of additional qualification tests and tag the build as a Snapshot release.
@ -24,7 +23,7 @@ offer technical assistance. Separately, 3rd parties and partners may offer longe
You can find available releases on the [releases page](https://github.com/istio/istio/releases),
and if you're the adventurous type, you can learn about our daily builds on the [daily builds wiki](https://github.com/istio/istio/wiki/Daily-builds).
You can find high-level releases notes for each LTS release [here]({{home}}/about/notes).
You can find high-level releases notes for each LTS release [here](/about/notes).
## Naming Scheme

29
_blog/2017/0.1-announcement.md → content/blog/2017/0.1-announcement.md
View File

@ -1,17 +1,16 @@
---
title: Introducing Istio
description: Istio 0.1 announcement
publishdate: 2018-05-24
publishdate: 2017-05-24
subtitle: A robust service mesh for microservices
attribution: The Istio Team
weight: 100
redirect_from:
- /blog/istio-service-mesh-for-microservices.html
- /blog/0.1-announcement.html
aliases:
- /blog/istio-service-mesh-for-microservices.html
- /blog/0.1-announcement.html
---
{% include home.html %}
Google, IBM, and Lyft are proud to announce the first public release of [Istio]({{home}}/): an open source project that provides a uniform way to connect, secure, manage and monitor microservices. Our current release is targeted at the [Kubernetes](https://kubernetes.io/) environment; we intend to add support for other environments such as virtual machines and Cloud Foundry in the coming months.
Google, IBM, and Lyft are proud to announce the first public release of [Istio](/): an open source project that provides a uniform way to connect, secure, manage and monitor microservices. Our current release is targeted at the [Kubernetes](https://kubernetes.io/) environment; we intend to add support for other environments such as virtual machines and Cloud Foundry in the coming months.
Istio adds traffic management to microservices and creates a basis for value-add capabilities like security, monitoring, routing, connectivity management and policy. The software is built using the battle-tested [Envoy](https://envoyproxy.github.io/envoy/) proxy from Lyft, and gives visibility and control over traffic *without requiring any changes to application code*. Istio gives CIOs a powerful tool to enforce security, policy and compliance requirements across the enterprise.
## Background
@ -33,15 +32,15 @@ Google, IBM and Lyft joined forces to create Istio from a desire to provide a re
**Fleet-wide Visibility**: Failures happen, and operators need tools to stay on top of the health of clusters and their graphs of microservices. Istio produces detailed monitoring data about application and network behaviors that is rendered using [Prometheus](https://prometheus.io/) & [Grafana](https://github.com/grafana/grafana), and can be easily extended to send metrics and logs to any collection, aggregation and querying system. Istio enables analysis of performance hotspots and diagnosis of distributed failure modes with [Zipkin](https://github.com/openzipkin/zipkin) tracing.
{% include image.html width="100%" ratio="55.42%"
link="./img/istio_grafana_dashboard-new.png"
{{< image width="100%" ratio="55.42%"
link="../img/istio_grafana_dashboard-new.png"
caption="Grafana Dashboard with Response Size"
%}
>}}
{% include image.html width="100%" ratio="29.91%"
link="./img/istio_zipkin_dashboard.png"
{{< image width="100%" ratio="29.91%"
link="../img/istio_zipkin_dashboard.png"
caption="Zipkin Dashboard"
%}
>}}
**Resiliency and efficiency**: When developing microservices, operators need to assume that the network will be unreliable. Operators can use retries, load balancing, flow-control (HTTP/2), and circuit-breaking to compensate for some of the common failure modes due to an unreliable network. Istio provides a uniform approach to configuring these features, making it easier to operate a highly resilient service mesh.
@ -58,11 +57,11 @@ Google, IBM and Lyft joined forces to create Istio from a desire to provide a re
Istio is a completely open development project. Today we are releasing version 0.1, which works in a Kubernetes cluster, and we plan to have major new
releases every 3 months, including support for additional environments. Our goal is to enable developers and operators to rollout and operate microservices
with agility, complete visibility of the underlying network, and uniform control and security in all environments. We look forward to working with the Istio
community and our partners towards these goals, following our [roadmap]({{home}}/docs/reference/release-roadmap.html).
community and our partners towards these goals, following our [roadmap](/about/feature-stages/).
Visit [here](https://github.com/istio/istio/releases) to get the latest released bits.
View the [presentation]({{home}}/talks/istio_talk_gluecon_2017.pdf) from GlueCon 2017, where Istio was unveiled.
View the [presentation](/talks/istio_talk_gluecon_2017.pdf) from GlueCon 2017, where Istio was unveiled.
## Community
@ -76,7 +75,7 @@ this journey.
To get involved, connect with us via any of these channels:
* [istio.io]({{home}}) for documentation and examples.
* [istio.io]() for documentation and examples.
* The [istio-users@googlegroups.com](https://groups.google.com/forum/#!forum/istio-users) mailing list for general discussions,
or [istio-announce@googlegroups.com](https://groups.google.com/forum/#!forum/istio-announce) for key announcements regarding the project.

21
_blog/2017/0.1-auth.md → content/blog/2017/0.1-auth.md
View File

@ -5,15 +5,14 @@ publishdate: 2017-05-25
subtitle: Secure by default service to service communications
attribution: The Istio Team
weight: 99
redirect_from:
- /blog/0.1-auth.html
- /blog/istio-auth-for-microservices.html
aliases:
- /blog/0.1-auth.html
- /blog/istio-auth-for-microservices.html
---
{% include home.html %}
Conventional network security approaches fail to address security threats to distributed applications deployed in dynamic production environments. Today, we describe how Istio Auth enables enterprises to transform their security posture from just protecting the edge to consistently securing all inter-service communications deep within their applications. With Istio Auth, developers and operators can protect services with sensitive data against unauthorized insider access and they can achieve this without any changes to the application code!
Istio Auth is the security component of the broader [Istio platform]({{home}}/). It incorporates the learnings of securing millions of microservice
Istio Auth is the security component of the broader [Istio platform](/). It incorporates the learnings of securing millions of microservice
endpoints in Googles production environment.
## Background
@ -42,10 +41,10 @@ Istio Auth is based on industry standards like mutual TLS and X.509. Furthermore
The diagram below provides an overview of the Istio Auth service authentication architecture on Kubernetes.
{% include image.html width="100%" ratio="56.25%"
link="./img/istio_auth_overview.svg"
{{< image width="100%" ratio="56.25%"
link="../img/istio_auth_overview.svg"
caption="Istio Auth Overview"
%}
>}}
The above diagram illustrates three key security features:
@ -77,10 +76,10 @@ Istio Auth provides a per-cluster CA (Certificate Authority) and automated key &
The following diagram explains the end to end Istio Auth authentication workflow on Kubernetes:
{% include image.html width="100%" ratio="56.25%"
link="./img/istio_auth_workflow.svg"
{{< image width="100%" ratio="56.25%"
link="../img/istio_auth_workflow.svg"
caption="Istio Auth Workflow"
%}
>}}
Istio Auth is part of the broader security story for containers. Red Hat, a partner on the development of Kubernetes, has identified [10 Layers](https://www.redhat.com/en/resources/container-security-openshift-cloud-devops-whitepaper) of container security. Istio and Istio Auth addresses two of these layers: "Network Isolation" and "API and Service Endpoint Management". As cluster federation evolves on Kubernetes and other platforms, our intent is for Istio to secure communications across services spanning multiple federated clusters.

19
_blog/2017/0.1-canary.md → content/blog/2017/0.1-canary.md
View File

@ -2,20 +2,13 @@
title: Canary Deployments using Istio
description: Using Istio to create autoscaled canary deployments
publishdate: 2017-06-14
subtitle:
attribution: Frank Budinsky
weight: 98
redirect_from:
aliases:
- /blog/canary-deployments-using-istio.html
---
{% include home.html %}
> This post was updated on May 16, 2018 to use the latest version of the traffic management model.
One of the benefits of the [Istio]({{home}}) project is that it provides the control needed to deploy canary services. The idea behind canary deployment (or rollout) is to introduce a new version of a service by first testing it using a small percentage of user traffic, and then if all goes well, increase, possibly gradually in increments, the percentage while simultaneously phasing out the old version. If anything goes wrong along the way, we abort and rollback to the previous version. In its simplest form, the traffic sent to the canary version is a randomly selected percentage of requests, but in more sophisticated schemes it can be based on the region, user, or other properties of the request.
> This post was updated on May 16, 2018 to use the latest version of the traffic management model. One of the benefits of the [Istio]() project is that it provides the control needed to deploy canary services. The idea behind canary deployment (or rollout) is to introduce a new version of a service by first testing it using a small percentage of user traffic, and then if all goes well, increase, possibly gradually in increments, the percentage while simultaneously phasing out the old version. If anything goes wrong along the way, we abort and rollback to the previous version. In its simplest form, the traffic sent to the canary version is a randomly selected percentage of requests, but in more sophisticated schemes it can be based on the region, user, or other properties of the request.
Depending on your level of expertise in this area, you may wonder why Istio's support for canary deployment is even needed, given that platforms like Kubernetes already provide a way to do [version rollout](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment) and [canary deployment](https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/#canary-deployments). Problem solved, right? Well, not exactly. Although doing a rollout this way works in simple cases, its very limited, especially in large scale cloud environments receiving lots of (and especially varying amounts of) traffic, where autoscaling is needed.
@ -31,7 +24,7 @@ Whether we use one deployment or two, canary management using deployment feature
With Istio, traffic routing and replica deployment are two completely independent functions. The number of pods implementing services are free to scale up and down based on traffic load, completely orthogonal to the control of version traffic routing. This makes managing a canary version in the presence of autoscaling a much simpler problem. Autoscalers may, in fact, respond to load variations resulting from traffic routing changes, but they are nevertheless functioning independently and no differently than when loads change for other reasons.
Istios [routing rules]({{home}}/docs/concepts/traffic-management/rules-configuration.html) also provide other important advantages; you can easily control
Istios [routing rules](/docs/concepts/traffic-management/rules-configuration/) also provide other important advantages; you can easily control
fine grain traffic percentages (e.g., route 1% of traffic without requiring 100 pods) and you can control traffic using other criteria (e.g., route traffic for specific users to the canary version). To illustrate, lets look at deploying the **helloworld** service and see how simple the problem becomes.
We begin by defining the **helloworld** Service, just like any other Kubernetes service, something like this:
@ -86,9 +79,9 @@ spec:
Note that this is exactly the same way we would do a [canary deployment](https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/#canary-deployments) using plain Kubernetes, but in that case we would need to adjust the number of replicas of each Deployment to control the distribution of traffic. For example, to send 10% of the traffic to the canary version (**v2**), the replicas for **v1** and **v2** could be set to 9 and 1, respectively.
However, since we are going to deploy the service in an [Istio enabled]({{home}}/docs/setup/) cluster, all we need to do is set a routing
However, since we are going to deploy the service in an [Istio enabled](/docs/setup/) cluster, all we need to do is set a routing
rule to control the traffic distribution. For example if we want to send 10% of the traffic to the canary, we could use the
[istioctl]({{home}}/docs/reference/commands/istioctl.html) command to set a routing rule something like this:
[istioctl](/docs/reference/commands/istioctl/) command to set a routing rule something like this:
```bash
cat <<EOF | istioctl create -f -
@ -215,5 +208,5 @@ As before, the autoscalers bound to the 2 version Deployments will automatically
In this article weve shown how Istio supports general scalable canary deployments, and how this differs from the basic deployment support in Kubernetes. Istios service mesh provides the control necessary to manage traffic distribution with complete independence from deployment scaling. This allows for a simpler, yet significantly more functional, way to do canary test and rollout.
Intelligent routing in support of canary deployment is just one of the many features of Istio that will make the production deployment of large-scale microservices-based applications much simpler. Check out [istio.io]({{home}}) for more information and to try it out.
Intelligent routing in support of canary deployment is just one of the many features of Istio that will make the production deployment of large-scale microservices-based applications much simpler. Check out [istio.io]() for more information and to try it out.
The sample code used in this article can be found [here](https://github.com/istio/istio/tree/master/samples/helloworld).

12
_blog/2017/0.1-using-network-policy.md → content/blog/2017/0.1-using-network-policy.md
View File

@ -4,13 +4,10 @@ description: How Kubernetes Network Policy relates to Istio policy
publishdate: 2017-08-10
subtitle:
attribution: Spike Curtis
weight: 97
redirect_from:
aliases:
- /blog/using-network-policy-in-concert-with-istio.html
---
{% include home.html %}
The use of Network Policy to secure applications running on Kubernetes is a now a widely accepted industry best practice. Given that Istio also supports policy, we want to spend some time explaining how Istio policy and Kubernetes Network Policy interact and support each other to deliver your application securely.
@ -106,11 +103,10 @@ spec:
Here is the service graph for the Bookinfo application.
{% assign url = home | append: "/docs/guides/img/bookinfo/withistio.svg" %}
{% include image.html width="80%" ratio="59.08%"
link=url
{{< image width="80%" ratio="59.08%"
link="/docs/guides/img/bookinfo/withistio.svg"
caption="Bookinfo Service Graph"
%}
>}}
This graph shows every connection that a correctly functioning application should be allowed to make. All other connections, say from the Istio Ingress directly to the Rating service, are not part of the application. Lets lock out those extraneous connections so they cannot be used by an attacker. Imagine, for example, that the Ingress pod is compromised by an exploit that allows an attacker to run arbitrary code. If we only allow connections to the Product Page pods using Network Policy, the attacker has gained no more access to my application backends _even though they have compromised a member of the service mesh_.

9
_blog/2017/0.2-announcement.md → content/blog/2017/0.2-announcement.md
View File

@ -4,14 +4,11 @@ description: Istio 0.2 announcement
publishdate: 2017-10-10
subtitle: Improved mesh and support for multiple environments
attribution: The Istio Team
weight: 96
toc: false
redirect_from:
aliases:
- /blog/istio-0.2-announcement.html
---
{% include home.html %}
We launched Istio; an open platform to connect, manage, monitor, and secure microservices, on May 24, 2017. We have been humbled by the incredible interest, and
rapid community growth of developers, operators, and partners. Our 0.1 release was focused on showing all the concepts of Istio in Kubernetes.
@ -42,11 +39,11 @@ you easily integrate your solution with Istio.
* _Mesh expansion_: Istio mesh can now span services running outside of Kubernetes - like those running in virtual machines while enjoying benefits such as automatic mutual TLS authentication, traffic management, telemetry, and policy enforcement across the mesh.
* _Running outside Kubernetes_: We know many customers use other service registry and orchestration solutions like [Consul/Nomad]({{home}}/docs/setup/consul/quick-start.html) and [Eureka]({{home}}/docs/setup/eureka/quick-start.html). Istio Pilot can now run standalone outside Kubernetes, consuming information from these systems, and manage the Envoy fleet in VMs or containers.
* _Running outside Kubernetes_: We know many customers use other service registry and orchestration solutions like [Consul/Nomad](/docs/setup/consul/quick-start/) and [Eureka](/docs/setup/eureka/quick-start/). Istio Pilot can now run standalone outside Kubernetes, consuming information from these systems, and manage the Envoy fleet in VMs or containers.
## Get involved in shaping the future of Istio
We have a growing [roadmap]({{home}}/docs/reference/release-roadmap.html) ahead of us, full of great features to implement. Our focus next release is going to be on stability, reliability, integration with third party tools and multicluster use cases.
We have a growing [roadmap](/about/feature-stages/) ahead of us, full of great features to implement. Our focus next release is going to be on stability, reliability, integration with third party tools and multicluster use cases.
To learn how to get involved and contribute to Istio's future, check out our [community](https://github.com/istio/community) GitHub repository which
will introduce you to our working groups, our mailing lists, our various community meetings, our general procedures and our guidelines.

6
_blog/2017/index.md → content/blog/2017/_index.md
View File

@ -1,10 +1,6 @@
---
title: 2017 Posts
description: Blog posts for 2017
weight: 20
toc: false
type: section-index
---
{% include section-index.html docs=site.blog %}

32
_blog/2017/adapter-model.md → content/blog/2017/adapter-model.md
View File

@ -4,13 +4,10 @@ description: Provides an overview of the Mixer plug-in architecture
publishdate: 2017-11-03
subtitle: Extending Istio to integrate with a world of infrastructure backends
attribution: Martin Taillefer
weight: 95
redirect_from:
aliases:
- /blog/mixer-adapter-model.html
---
{% include home.html %}
Istio 0.2 introduced a new Mixer adapter model which is intended to increase Mixers flexibility to address a varied set of infrastructure backends. This post intends to put the adapter model in context and explain how it works.
@ -29,13 +26,12 @@ Adapters are Go packages that are directly linked into the Mixer binary. Its
## Philosophy
Mixer is essentially an attribute processing and routing machine. The proxy sends it [attributes]({{home}}/docs/concepts/policies-and-telemetry/config.html#attributes) as part of doing precondition checks and telemetry reports, which it turns into a series of calls into adapters. The operator supplies configuration which describes how to map incoming attributes to inputs for the adapters.
Mixer is essentially an attribute processing and routing machine. The proxy sends it [attributes](/docs/concepts/policies-and-telemetry/config/#attributes) as part of doing precondition checks and telemetry reports, which it turns into a series of calls into adapters. The operator supplies configuration which describes how to map incoming attributes to inputs for the adapters.
{% assign url = home | append: "/docs/concepts/policies-and-telemetry/img/machine.svg" %}
{% include image.html width="60%" ratio="42.60%"
link=url
{{< image width="60%" ratio="42.60%"
link="/docs/concepts/policies-and-telemetry/img/machine.svg"
caption="Attribute Machine"
%}
>}}
Configuration is a complex task. In fact, evidence shows that the overwhelming majority of service outages are caused by configuration errors. To help combat this, Mixers configuration model enforces a number of constraints designed to avoid errors. For example, the configuration model uses strong typing to ensure that only meaningful attributes or attribute expressions are used in any given context.
@ -43,26 +39,26 @@ Configuration is a complex task. In fact, evidence shows that the overwhelming m
Each adapter that Mixer uses requires some configuration to operate. Typically, adapters need things like the URL to their backend, credentials, caching options, and so forth. Each adapter defines the exact configuration data it needs via a [protobuf](https://developers.google.com/protocol-buffers/) message.
You configure each adapter by creating [*handlers*]({{home}}/docs/concepts/policies-and-telemetry/config.html#handlers) for them. A handler is a
You configure each adapter by creating [*handlers*](/docs/concepts/policies-and-telemetry/config/#handlers) for them. A handler is a
configuration resource which represents a fully configured adapter ready for use. There can be any number of handlers for a single adapter, making it possible to reuse an adapter in different scenarios.
## Templates: adapter input schema
Mixer is typically invoked twice for every incoming request to a mesh service, once for precondition checks and once for telemetry reporting. For every such call, Mixer invokes one or more adapters. Different adapters need different pieces of data as input in order to do their work. A logging adapter needs a log entry, a metric adapter needs a metric, an authorization adapter needs credentials, etc.
Mixer [*templates*]({{home}}/docs/reference/config/policy-and-telemetry/templates/) are used to describe the exact data that an adapter consumes at request time.
Mixer [*templates*](/docs/reference/config/policy-and-telemetry/templates/) are used to describe the exact data that an adapter consumes at request time.
Each template is specified as a [protobuf](https://developers.google.com/protocol-buffers/) message. A single template describes a bundle of data that is delivered to one or more adapters at runtime. Any given adapter can be designed to support any number of templates, the specific templates the adapter supports is determined by the adapter developer.
[metric]({{home}}/docs/reference/config/policy-and-telemetry/templates/metric.html) and [logentry]({{home}}/docs/reference/config/policy-and-telemetry/templates/logentry.html) are two of the most essential templates used within Istio. They represent respectively the payload to report a single metric and a single log entry to appropriate backends.
[`metric`](/docs/reference/config/policy-and-telemetry/templates/metric/) and [`logentry`](/docs/reference/config/policy-and-telemetry/templates/logentry/) are two of the most essential templates used within Istio. They represent respectively the payload to report a single metric and a single log entry to appropriate backends.
## Instances: attribute mapping
You control which data is delivered to individual adapters by creating
[*instances*]({{home}}/docs/concepts/policies-and-telemetry/config.html#instances).
Instances control how Mixer uses the [attributes]({{home}}/docs/concepts/policies-and-telemetry/config.html#attributes) delivered
[*instances*](/docs/concepts/policies-and-telemetry/config/#instances).
Instances control how Mixer uses the [attributes](/docs/concepts/policies-and-telemetry/config/#attributes) delivered
by the proxy into individual bundles of data that can be routed to different adapters.
Creating instances generally requires using [attribute expressions]({{home}}/docs/concepts/policies-and-telemetry/config.html#attribute-expressions). The point of these expressions is to use any attribute or literal value in order to produce a result that can be assigned to an instances field.
Creating instances generally requires using [attribute expressions](/docs/concepts/policies-and-telemetry/config/#attribute-expressions). The point of these expressions is to use any attribute or literal value in order to produce a result that can be assigned to an instances field.
Every instance field has a type, as defined in the template, every attribute has a
[type](https://github.com/istio/api/blob/master/policy/v1beta1/value_type.proto), and every attribute expression has a type.
@ -72,7 +68,7 @@ to a string field. This kind of strong typing is designed to minimize the risk
## Rules: delivering data to adapters
The last piece to the puzzle is telling Mixer which instances to send to which handler and when. This is done by
creating [*rules*]({{home}}/docs/concepts/policies-and-telemetry/config.html#rules). Each rule identifies a specific handler and the set of
creating [*rules*](/docs/concepts/policies-and-telemetry/config/#rules). Each rule identifies a specific handler and the set of
instances to send to that handler. Whenever Mixer processes an incoming call, it invokes the indicated handler and gives it the specific set of instances for processing.
Rules contain matching predicates. A predicate is an attribute expression which returns a true/false value. A rule only takes effect if its predicate expression returns true. Otherwise, its like the rule didnt exist and the indicated handler isnt invoked.
@ -89,6 +85,6 @@ The refreshed Mixer adapter model is designed to provide a flexible framework to
Handlers provide configuration data for individual adapters, templates determine exactly what kind of data different adapters want to consume at runtime, instances let operators prepare this data, rules direct the data to one or more handlers.
You can learn more about Mixer's overall architecture [here]({{home}}/docs/concepts/policies-and-telemetry/), and learn the specifics of templates, handlers,
and rules [here]({{home}}/docs/reference/config/policy-and-telemetry). You can find many examples of Mixer configuration resources in the Bookinfo sample
You can learn more about Mixer's overall architecture [here](/docs/concepts/policies-and-telemetry/), and learn the specifics of templates, handlers,
and rules [here](/docs/reference/config/policy-and-telemetry). You can find many examples of Mixer configuration resources in the Bookinfo sample
[here](https://github.com/istio/istio/tree/master/samples/bookinfo/kube).

0
_blog/2017/img/istio_auth_overview.svg → content/blog/2017/img/istio_auth_overview.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 138 KiB

After

Width:  |  Height:  |  Size: 138 KiB

0
_blog/2017/img/istio_auth_workflow.svg → content/blog/2017/img/istio_auth_workflow.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 240 KiB

After

Width:  |  Height:  |  Size: 240 KiB

0
_blog/2017/img/istio_grafana_dashboard-new.png → content/blog/2017/img/istio_grafana_dashboard-new.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 510 KiB

After

Width:  |  Height:  |  Size: 510 KiB

0
_blog/2017/img/istio_zipkin_dashboard.png → content/blog/2017/img/istio_zipkin_dashboard.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 138 KiB

After

Width:  |  Height:  |  Size: 138 KiB

0
_blog/2017/img/mixer-spof-myth-1.svg → content/blog/2017/img/mixer-spof-myth-1.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 170 KiB

After

Width:  |  Height:  |  Size: 170 KiB

0
_blog/2017/img/mixer-spof-myth-2.svg → content/blog/2017/img/mixer-spof-myth-2.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 164 KiB

After

Width:  |  Height:  |  Size: 164 KiB

21
_blog/2017/mixer-spof-myth.md → content/blog/2017/mixer-spof-myth.md
View File

@ -4,16 +4,13 @@ description: Improving availability and reducing latency
publishdate: 2017-12-07
subtitle: Improving availability and reducing latency
attribution: Martin Taillefer
weight: 94
redirect_from:
aliases:
- /blog/posts/2017/mixer-spof-myth.html
- /blog/mixer-spof-myth.html
---
{% include home.html %}
As [Mixer]({{home}}/docs/concepts/policies-and-telemetry/overview.html) is in the request path, it is natural to question how it impacts
As [Mixer](/docs/concepts/policies-and-telemetry/overview/) is in the request path, it is natural to question how it impacts
overall system availability and latency. A common refrain we hear when people first glance at Istio architecture diagrams is
"Isn't this just introducing a single point of failure?"
@ -36,11 +33,11 @@ In 2014, we started an initiative to create a replacement architecture that woul
The older system was built around a centralized fleet of fairly heavy proxies into which all incoming traffic would flow, before being forwarded to the services where the real work was done. The newer architecture jettisons the shared proxy design and instead consists of a very lean and efficient distributed sidecar proxy sitting next to service instances, along with a shared fleet of sharded control plane intermediaries:
{% include image.html width="75%" ratio="74.79%"
link="./img/mixer-spof-myth-1.svg"
{{< image width="75%" ratio="74.79%"
link="../img/mixer-spof-myth-1.svg"
title="Google System Topology"
caption="Google's API & Service Management System"
%}
>}}
Look familiar? Of course: its just like Istio! Istio was conceived as a second generation of this distributed proxy architecture. We took the core lessons from this internal system, generalized many of the concepts by working with our partners, and created Istio.
@ -48,10 +45,10 @@ Look familiar? Of course: its just like Istio! Istio was conceived as a secon
As shown in the diagram below, Mixer sits between the mesh and the infrastructure backends that support it:
{% include image.html width="75%" ratio="65.89%"
link="./img/mixer-spof-myth-2.svg"
{{< image width="75%" ratio="65.89%"
link="../img/mixer-spof-myth-2.svg"
caption="Istio Topology"
%}
>}}
The Envoy sidecar logically calls Mixer before each request to perform precondition checks, and after each request to report telemetry.
The sidecar has local caching such that a relatively large percentage of precondition checks can be performed from cache. Additionally, the
@ -123,5 +120,5 @@ cache, we spend more time in Mixer to respond to requests than we should. Wer
that Mixer imparts in the synchronous precondition check case.
We hope this post makes you appreciate the inherent benefits that Mixer brings to Istio.
Dont hesitate to post comments or questions to [istio-integrations@](https://groups.google.com/forum/#!forum/istio-integrations).
Dont hesitate to post comments or questions to [istio-policies-and-telemetry@](https://groups.google.com/forum/#!forum/istio-policies-and-telemetry).

6
_blog/2018/index.md → content/blog/2018/_index.md
View File

@ -1,10 +1,6 @@
---
title: 2018 Posts
description: Blog posts for 2018
weight: 10
toc: false
type: section-index
---
{% include section-index.html docs=site.blog %}

127
content/blog/2018/aws-nlb.md Normal file
View File

@ -0,0 +1,127 @@
---
title: Configuring Istio Ingress with AWS NLB
description: Describes how to configure Istio ingress with a network load balancer on AWS
publishdate: 2018-04-20
subtitle: Ingress AWS Network Load Balancer
attribution: Julien SENON
weight: 89
---
This post provides instructions to use and configure ingress Istio with [AWS Network Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html).
Network load balancer (NLB) could be used instead of classical load balancer. You can find [comparison](https://aws.amazon.com/elasticloadbalancing/details/#compare) between different AWS `loadbalancer` for more explanation.
## Prerequisites
The following instructions require a Kubernetes **1.9.0 or newer** cluster.
<img src="/img/exclamation-mark.svg" alt="Warning" title="Warning" style="width: 32px; display:inline" /> Usage of AWS `nlb` on kubernetes is an alpha feature and not recommended for production clusters.
## IAM Policy
You need to apply policy on the master role in order to be able to provision network load balancer.
1. In AWS `iam` console click on policies and click on create a new one:
{{< image width="80%" ratio="60%"
link="../img/createpolicystart.png"
caption="Create a new policy"
>}}
1. Select `json`:
{{< image width="80%" ratio="60%"
link="../img/createpolicyjson.png"
caption="Select json"
>}}
1. Copy/paste text below:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "kopsK8sNLBMasterPermsRestrictive",
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcs",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:SetLoadBalancerPoliciesOfListener"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeRegions"
],
"Resource": "*"
}
]
}
```
1. Click review policy, fill all fields and click create policy:
{{< image width="80%" ratio="60%"
link="../img/create_policy.png"
caption="Validate policy"
>}}
1. Click on roles, select you master role nodes, and click attach policy:
{{< image width="100%" ratio="35%"
link="../img/roles_summary.png"
caption="Attach policy"
>}}
1. Your policy is now attach to your master node.
## Rewrite Istio Ingress Service
You need to rewrite ingress service with the following:
```yaml
apiVersion: v1
kind: Service
metadata:
name: istio-ingress
namespace: istio-system
labels:
istio: ingress
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
spec:
externalTrafficPolicy: Local
ports:
- port: 80
protocol: TCP
targetPort: 80
name: http
- port: 443
protocol: TCP
targetPort: 443
name: https
selector:
istio: ingress
type: LoadBalancer
```
## What's next
Kubernetes [service networking](https://kubernetes.io/docs/concepts/services-networking/service/) should be consulted if further information is needed.

50
_blog/2018/egress-https.md → content/blog/2018/egress-https.md
View File

@ -6,30 +6,28 @@ subtitle: Egress Rules for HTTPS traffic
attribution: Vadim Eisenberg
weight: 93
---
{% include home.html %}
In many cases, not all the parts of a microservices-based application reside in a _service mesh_. Sometimes, the microservices-based applications use functionality provided by legacy systems that reside outside the mesh. We may want to migrate these systems to the service mesh gradually. Until these systems are migrated, they must be accessed by the applications inside the mesh. In other cases, the applications use web services provided by external organizations, often over the World Wide Web.
In this blog post, I modify the [Istio Bookinfo Sample Application]({{home}}/docs/guides/bookinfo.html) to fetch book details from an external web service ([Google Books APIs](https://developers.google.com/books/docs/v1/getting_started)). I show how to enable external HTTPS traffic in Istio by using an _egress rule_. Finally, I explain the current issues related to the egress traffic control in Istio.
In this blog post, I modify the [Istio Bookinfo Sample Application](/docs/guides/bookinfo/) to fetch book details from an external web service ([Google Books APIs](https://developers.google.com/books/docs/v1/getting_started)). I show how to enable external HTTPS traffic in Istio by using an _egress rule_. Finally, I explain the current issues related to the egress traffic control in Istio.
## Bookinfo sample application with external details web service
### Initial setting
To demonstrate the scenario of consuming an external web service, I start with a Kubernetes cluster with [Istio installed]({{home}}/docs/setup/kubernetes/quick-start.html#installation-steps). Then I deploy [Istio Bookinfo Sample Application]({{home}}/docs/guides/bookinfo.html). This application uses the _details_ microservice to fetch book details, such as the number of pages and the publisher. The original _details_ microservice provides the book details without consulting any external service.
To demonstrate the scenario of consuming an external web service, I start with a Kubernetes cluster with [Istio installed](/docs/setup/kubernetes/quick-start/#installation-steps). Then I deploy [Istio Bookinfo Sample Application](/docs/guides/bookinfo/). This application uses the _details_ microservice to fetch book details, such as the number of pages and the publisher. The original _details_ microservice provides the book details without consulting any external service.
The example commands in this blog post work with Istio 0.2+, with or without [Mutual TLS]({{home}}/docs/concepts/security/mutual-tls.html) enabled.
The example commands in this blog post work with Istio 0.2+, with or without [Mutual TLS](/docs/concepts/security/mutual-tls/) enabled.
The Bookinfo configuration files required for the scenario of this post appear starting from [Istio release version 0.5](https://github.com/istio/istio/releases/tag/0.5.0).
The Bookinfo configuration files reside in the `samples/bookinfo/kube` directory of the Istio release archive.
Here is a copy of the end-to-end architecture of the application from the original [Bookinfo Guide]({{home}}/docs/guides/bookinfo.html).
Here is a copy of the end-to-end architecture of the application from the original [Bookinfo Guide](/docs/guides/bookinfo/).
{% assign url = home | append: "/docs/guides/img/bookinfo/withistio.svg" %}
{% include image.html width="80%" ratio="59.08%"
link=url
{{< image width="80%" ratio="59.08%"
link="/docs/guides/img/bookinfo/withistio.svg"
caption="The Original Bookinfo Application"
%}
>}}
### Bookinfo with details version 2
@ -41,10 +39,10 @@ $ kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/kube/bookinfo-deta
The updated architecture of the application now looks as follows:
{% include image.html width="80%" ratio="65.16%"
link="./img/bookinfo-details-v2.svg"
{{< image width="80%" ratio="65.16%"
link="../img/bookinfo-details-v2.svg"
caption="The Bookinfo Application with details V2"
%}
>}}
Note that the Google Books web service is outside the Istio service mesh, the boundary of which is marked by a dashed line.
@ -66,18 +64,18 @@ spec:
EOF
```
Let's access the web page of the application, after [determining the ingress IP and port]({{home}}/docs/guides/bookinfo.html#determining-the-ingress-ip-and-port).
Let's access the web page of the application, after [determining the ingress IP and port](/docs/guides/bookinfo/#determining-the-ingress-ip-and-port).
Oops... Instead of the book details we have the _Error fetching product details_ message displayed:
{% include image.html width="80%" ratio="36.01%"
link="./img/errorFetchingBookDetails.png"
{{< image width="80%" ratio="36.01%"
link="../img/errorFetchingBookDetails.png"
caption="The Error Fetching Product Details Message"
%}
>}}
The good news is that our application did not crash. With a good microservice design, we do not have **failure propagation**. In our case, the failing _details_ microservice does not cause the _productpage_ microservice to fail. Most of the functionality of the application is still provided, despite the failure in the _details_ microservice. We have **graceful service degradation**: as you can see, the reviews and the ratings are displayed correctly, and the application is still useful.
So what might have gone wrong? Ah... The answer is that I forgot to enable traffic from inside the mesh to an external service, in this case to the Google Books web service. By default, the Istio sidecar proxies ([Envoy proxies](https://www.envoyproxy.io)) **block all the traffic to destinations outside the cluster**. To enable such traffic, we must define an [egress rule]({{home}}/docs/reference/config/istio.routing.v1alpha1.html#EgressRule).
So what might have gone wrong? Ah... The answer is that I forgot to enable traffic from inside the mesh to an external service, in this case to the Google Books web service. By default, the Istio sidecar proxies ([Envoy proxies](https://www.envoyproxy.io)) **block all the traffic to destinations outside the cluster**. To enable such traffic, we must define an [egress rule](/docs/reference/config/istio.routing.v1alpha1/#EgressRule).
### Egress rule for Google Books web service
@ -101,10 +99,10 @@ EOF
Now accessing the web page of the application displays the book details without error:
{% include image.html width="80%" ratio="34.82%"
link="./img/externalBookDetails.png"
{{< image width="80%" ratio="34.82%"
link="../img/externalBookDetails.png"
caption="Book Details Displayed Correctly"
%}
>}}
Note that our egress rule allows traffic to any domain matching _*.googleapis.com_, on port 443, using the HTTPS protocol. Let's assume for the sake of the example that the applications in our Istio service mesh must access multiple subdomains of _googleapis.com_, for example _www.googleapis.com_ and also _fcm.googleapis.com_. Our rule allows traffic to both _www.googleapis.com_ and _fcm.googleapis.com_, since they both match _*.googleapis.com_. This **wildcard** feature allows us to enable traffic to multiple domains using a single egress rule.
@ -132,15 +130,15 @@ Accessing the web page after deleting the egress rule produces the same error th
There is a caveat to this story. In HTTPS, all the HTTP details (hostname, path, headers etc.) are encrypted, so Istio cannot know the destination domain of the encrypted requests. Well, Istio could know the destination domain by the [SNI](https://tools.ietf.org/html/rfc3546#section-3.1) (_Server Name Indication_) field. This feature, however, is not yet implemented in Istio. Therefore, currently Istio cannot perform filtering of HTTPS requests based on the destination domains.
To allow Istio to perform filtering of egress requests based on domains, the microservices must issue HTTP requests. Istio then opens an HTTPS connection to the destination (performs TLS origination). The code of the microservices must be written differently or configured differently, according to whether the microservice runs inside or outside an Istio service mesh. This contradicts the Istio design goal of [maximizing transparency]({{home}}/docs/concepts/what-is-istio/goals.html). Sometimes we need to compromise...
To allow Istio to perform filtering of egress requests based on domains, the microservices must issue HTTP requests. Istio then opens an HTTPS connection to the destination (performs TLS origination). The code of the microservices must be written differently or configured differently, according to whether the microservice runs inside or outside an Istio service mesh. This contradicts the Istio design goal of [maximizing transparency](/docs/concepts/what-is-istio/goals/). Sometimes we need to compromise...
The diagram below shows how the HTTPS traffic to external services is performed. On the top, a microservice outside an Istio service mesh
sends regular HTTPS requests, encrypted end-to-end. On the bottom, the same microservice inside an Istio service mesh must send unencrypted HTTP requests inside a pod, which are intercepted by the sidecar Envoy proxy. The sidecar proxy performs TLS origination, so the traffic between the pod and the external service is encrypted.
{% include image.html width="80%" ratio="65.16%"
link="./img/https_from_the_app.svg"
{{< image width="80%" ratio="65.16%"
link="../img/https_from_the_app.svg"
caption="HTTPS traffic to external services, from outside vs. from inside an Istio service mesh"
%}
>}}
Here is how we code this behavior in the [the Bookinfo details microservice code](https://github.com/istio/istio/blob/master/samples/bookinfo/src/details/details.rb), using the Ruby [net/http module](https://docs.ruby-lang.org/en/2.0.0/Net/HTTP.html):
@ -169,7 +167,7 @@ env:
#### Relation to Istio mutual TLS
Note that the TLS origination in this case is unrelated to [the mutual TLS]({{home}}/docs/concepts/security/mutual-tls.html) applied by Istio. The TLS origination for the external services will work, whether the Istio mutual TLS is enabled or not. The **mutual** TLS secures service-to-service communication **inside** the service mesh and provides each service with a strong identity. In the case of the **external services**, we have **one-way** TLS, the same mechanism used to secure communication between a web browser and a web server. TLS is applied to the communication with external services to verify the identity of the external server and to encrypt the traffic.
Note that the TLS origination in this case is unrelated to [the mutual TLS](/docs/concepts/security/mutual-tls/) applied by Istio. The TLS origination for the external services will work, whether the Istio mutual TLS is enabled or not. The **mutual** TLS secures service-to-service communication **inside** the service mesh and provides each service with a strong identity. In the case of the **external services**, we have **one-way** TLS, the same mechanism used to secure communication between a web browser and a web server. TLS is applied to the communication with external services to verify the identity of the external server and to encrypt the traffic.
### Malicious microservices threat
@ -191,4 +189,4 @@ In Istio, we are working on making Istio egress traffic more secure, and in part
In this blog post I demonstrated how the microservices in an Istio service mesh can consume external web services via HTTPS. By default, Istio blocks all the traffic to the hosts outside the cluster. To enable such traffic, egress rules must be created for the service mesh. It is possible to access the external sites by HTTPS, however the microservices must issue HTTP requests while Istio will perform TLS origination. Currently, no tracing, telemetry and Mixer checks are enabled for the egress traffic. Egress rules are currently not a security feature, so additional mechanisms are required for securing egress traffic. We're working to enable logging/telemetry and security policies for the egress traffic in future releases.
To read more about Istio egress traffic control, see [Control Egress Traffic Task]({{home}}/docs/tasks/traffic-management/egress.html).
To read more about Istio egress traffic control, see [Control Egress Traffic Task](/docs/tasks/traffic-management/egress/).

58
_blog/2018/egress-tcp.md → content/blog/2018/egress-tcp.md
View File

@ -6,13 +6,12 @@ subtitle: Egress rules for TCP traffic
attribution: Vadim Eisenberg
weight: 92
---
{% include home.html %}
In my previous blog post, [Consuming External Web Services]({{home}}/blog/2018/egress-https.html), I described how external services can be consumed by in-mesh Istio applications via HTTPS. In this post, I demonstrate consuming external services over TCP. I use the [Istio Bookinfo sample application]({{home}}/docs/guides/bookinfo.html), the version in which the book ratings data is persisted in a MySQL database. I deploy this database outside the cluster and configure the _ratings_ microservice to use it. I define an [egress rule]({{home}}/docs/reference/config/istio.routing.v1alpha1.html#EgressRule) to allow the in-mesh applications to access the external database.
In my previous blog post, [Consuming External Web Services](/blog/2018/egress-https/), I described how external services can be consumed by in-mesh Istio applications via HTTPS. In this post, I demonstrate consuming external services over TCP. I use the [Istio Bookinfo sample application](/docs/guides/bookinfo/), the version in which the book ratings data is persisted in a MySQL database. I deploy this database outside the cluster and configure the _ratings_ microservice to use it. I define an [egress rule](/docs/reference/config/istio.routing.v1alpha1/#EgressRule) to allow the in-mesh applications to access the external database.
## Bookinfo sample application with external ratings database
First, I set up a MySQL database instance to hold book ratings data, outside my Kubernetes cluster. Then I modify the [Bookinfo sample application]({{home}}/docs/guides/bookinfo.html) to use my database.
First, I set up a MySQL database instance to hold book ratings data, outside my Kubernetes cluster. Then I modify the [Bookinfo sample application](/docs/guides/bookinfo/) to use my database.
### Setting up the database for ratings data
@ -118,17 +117,16 @@ Now I am ready to deploy a version of the Bookinfo application that will use my
### Initial setting of Bookinfo application
To demonstrate the scenario of using an external database, I start with a Kubernetes cluster with [Istio installed]({{home}}/docs/setup/kubernetes/quick-start.html#installation-steps). Then I deploy the [Istio Bookinfo sample application]({{home}}/docs/guides/bookinfo.html). This application uses the _ratings_ microservice to fetch book ratings, a number between 1 and 5. The ratings are displayed as stars for each review. There are several versions of the _ratings_ microservice. Some use [MongoDB](https://www.mongodb.com), others use [MySQL](https://www.mysql.com) as their database.
To demonstrate the scenario of using an external database, I start with a Kubernetes cluster with [Istio installed](/docs/setup/kubernetes/quick-start/#installation-steps). Then I deploy the [Istio Bookinfo sample application](/docs/guides/bookinfo/). This application uses the _ratings_ microservice to fetch book ratings, a number between 1 and 5. The ratings are displayed as stars for each review. There are several versions of the _ratings_ microservice. Some use [MongoDB](https://www.mongodb.com), others use [MySQL](https://www.mysql.com) as their database.
The example commands in this blog post work with Istio 0.3+, with or without [Mutual TLS]({{home}}/docs/concepts/security/mutual-tls.html) enabled.
The example commands in this blog post work with Istio 0.3+, with or without [Mutual TLS](/docs/concepts/security/mutual-tls/) enabled.
As a reminder, here is the end-to-end architecture of the application from the [Bookinfo Guide]({{home}}/docs/guides/bookinfo.html).
As a reminder, here is the end-to-end architecture of the application from the [Bookinfo Guide](/docs/guides/bookinfo/).
{% assign url = home | append: "/docs/guides/img/bookinfo/withistio.svg" %}
{% include image.html width="80%" ratio="59.08%"
link=url
{{< image width="80%" ratio="59.08%"
link="/docs/guides/img/bookinfo/withistio.svg"
caption="The original Bookinfo application"
%}
>}}
### Use the database for ratings data in Bookinfo application
@ -155,7 +153,7 @@ As a reminder, here is the end-to-end architecture of the application from the [
```
1. I route all the traffic destined to the _reviews_ service to its _v3_ version. I do this to ensure that the _reviews_ service always calls the _ratings_
service. In addition, I route all the traffic destined to the _ratings_ service to _ratings v2-mysql_ that uses my database. I add routing for both services above by adding two [route rules]({{home}}/docs/reference/config/istio.routing.v1alpha1.html). These rules are specified in `samples/bookinfo/kube/route-rule-ratings-mysql.yaml` of an Istio release archive.
service. In addition, I route all the traffic destined to the _ratings_ service to _ratings v2-mysql_ that uses my database. I add routing for both services above by adding two [route rules](/docs/reference/config/istio.routing.v1alpha1/). These rules are specified in `samples/bookinfo/kube/route-rule-ratings-mysql.yaml` of an Istio release archive.
```command
$ istioctl create -f samples/bookinfo/kube/route-rule-ratings-mysql.yaml
@ -165,27 +163,27 @@ service. In addition, I route all the traffic destined to the _ratings_ service
The updated architecture appears below. Note that the blue arrows inside the mesh mark the traffic configured according to the route rules we added. According to the route rules, the traffic is sent to _reviews v3_ and _ratings v2-mysql_.
{% include image.html width="80%" ratio="59.31%"
link="./img/bookinfo-ratings-v2-mysql-external.svg"
{{< image width="80%" ratio="59.31%"
link="../img/bookinfo-ratings-v2-mysql-external.svg"
caption="The Bookinfo application with ratings v2-mysql and an external MySQL database"
%}
>}}
Note that the MySQL database is outside the Istio service mesh, or more precisely outside the Kubernetes cluster. The boundary of the service mesh is marked by a dashed line.
### Access the webpage
Let's access the webpage of the application, after [determining the ingress IP and port]({{home}}/docs/guides/bookinfo.html#determining-the-ingress-ip-and-port).
Let's access the webpage of the application, after [determining the ingress IP and port](/docs/guides/bookinfo/#determining-the-ingress-ip-and-port).
We have a problem... Instead of the rating stars, the message _"Ratings service is currently unavailable"_ is currently displayed below each review:
{% include image.html width="80%" ratio="36.19%"
link="./img/errorFetchingBookRating.png"
{{< image width="80%" ratio="36.19%"
link="../img/errorFetchingBookRating.png"
caption="The Ratings service error messages"
%}
>}}
As in [Consuming External Web Services]({{home}}/blog/2018/egress-https.html), we experience **graceful service degradation**, which is good. The application did not crash due to the error in the _ratings_ microservice. The webpage of the application correctly displayed the book information, the details, and the reviews, just without the rating stars.
As in [Consuming External Web Services](/blog/2018/egress-https/), we experience **graceful service degradation**, which is good. The application did not crash due to the error in the _ratings_ microservice. The webpage of the application correctly displayed the book information, the details, and the reviews, just without the rating stars.
We have the same problem as in [Consuming External Web Services]({{home}}/blog/2018/egress-https.html), namely all the traffic outside the Kubernetes cluster, both TCP and HTTP, is blocked by default by the sidecar proxies. To enable such traffic for TCP, an egress rule for TCP must be defined.
We have the same problem as in [Consuming External Web Services](/blog/2018/egress-https/), namely all the traffic outside the Kubernetes cluster, both TCP and HTTP, is blocked by default by the sidecar proxies. To enable such traffic for TCP, an egress rule for TCP must be defined.
### Egress rule for an external MySQL instance
@ -215,10 +213,10 @@ Note that for a TCP egress rule, we specify `tcp` as the protocol of a port of t
It worked! Accessing the web page of the application displays the ratings without error:
{% include image.html width="80%" ratio="36.69%"
link="./img/externalMySQLRatings.png"
{{< image width="80%" ratio="36.69%"
link="../img/externalMySQLRatings.png"
caption="Book Ratings Displayed Correctly"
%}
>}}
Note that we see a one-star rating for both displayed reviews, as expected. I changed the ratings to be one star to provide us with a visual clue that our external database is indeed being used.
@ -228,7 +226,7 @@ As with egress rules for HTTP/HTTPS, we can delete and create egress rules for T
Some in-mesh Istio applications must access external services, for example legacy systems. In many cases, the access is not performed over HTTP or HTTPS protocols. Other TCP protocols are used, such as database-specific protocols like [MongoDB Wire Protocol](https://docs.mongodb.com/manual/reference/mongodb-wire-protocol/) and [MySQL Client/Server Protocol](https://dev.mysql.com/doc/internals/en/client-server-protocol.html) to communicate with external databases.
Note that in case of access to external HTTPS services, as described in the [Control Egress TCP Traffic]({{home}}/docs/tasks/traffic-management/egress.html) task, an application must issue HTTP requests to the external service. The Envoy sidecar proxy attached to the pod or the VM, will intercept the requests and open an HTTPS connection to the external service. The traffic will be unencrypted inside the pod or the VM, but it will leave the pod or the VM encrypted.
Note that in case of access to external HTTPS services, as described in the [Control Egress TCP Traffic](/docs/tasks/traffic-management/egress/) task, an application must issue HTTP requests to the external service. The Envoy sidecar proxy attached to the pod or the VM, will intercept the requests and open an HTTPS connection to the external service. The traffic will be unencrypted inside the pod or the VM, but it will leave the pod or the VM encrypted.
However, sometimes this approach cannot work due to the following reasons:
@ -252,17 +250,17 @@ To enable TCP traffic to an external service by its hostname, all the IPs of the
Note that all the IPs of an external service are not always known. To enable TCP traffic by IPs, as opposed to the traffic by a hostname, only the IPs that are used by the applications must be specified.
Also note that the IPs of an external service are not always static, for example in the case of [CDNs](https://en.wikipedia.org/wiki/Content_delivery_network). Sometimes the IPs are static most of the time, but can be changed from time to time, for example due to infrastructure changes. In these cases, if the range of the possible IPs is known, you should specify the range by CIDR blocks (even by multiple egress rules if needed). As an example, see the approach we used in the case of `wikipedia.org`, described in [Control Egress TCP Traffic Task]({{home}}/docs/tasks/traffic-management/egress-tcp.html). If the range of the possible IPs is not known, egress rules for TCP cannot be used and [the external services must be called directly]({{home}}/docs/tasks/traffic-management/egress.html#calling-external-services-directly), circumventing the sidecar proxies.
Also note that the IPs of an external service are not always static, for example in the case of [CDNs](https://en.wikipedia.org/wiki/Content_delivery_network). Sometimes the IPs are static most of the time, but can be changed from time to time, for example due to infrastructure changes. In these cases, if the range of the possible IPs is known, you should specify the range by CIDR blocks (even by multiple egress rules if needed). As an example, see the approach we used in the case of `wikipedia.org`, described in [Control Egress TCP Traffic Task](/docs/tasks/traffic-management/egress-tcp/). If the range of the possible IPs is not known, egress rules for TCP cannot be used and [the external services must be called directly](/docs/tasks/traffic-management/egress/#calling-external-services-directly), circumventing the sidecar proxies.
## Relation to mesh expansion
Note that the scenario described in this post is different from the mesh expansion scenario, described in the
[Integrating Virtual Machines]({{home}}/docs/guides/integrating-vms.html) guide. In that scenario, a MySQL instance runs on an external
[Integrating Virtual Machines](/docs/guides/integrating-vms/) guide. In that scenario, a MySQL instance runs on an external
(outside the cluster) machine (a bare metal or a VM), integrated with the Istio service mesh. The MySQL service becomes a first-class citizen of the mesh with all the beneficial features of Istio applicable. Among other things, the service becomes addressable by a local cluster domain name, for example by `mysqldb.vm.svc.cluster.local`, and the communication to it can be secured by
[mutual TLS authentication]({{home}}/docs/concepts/security/mutual-tls.html). There is no need to create an egress rule to access this service; however, the
[mutual TLS authentication](/docs/concepts/security/mutual-tls/). There is no need to create an egress rule to access this service; however, the
service must be registered with Istio. To enable such integration, Istio components (_Envoy proxy_, _node-agent_, _istio-agent_) must be
installed on the machine and the Istio control plane (_Pilot_, _Mixer_, _CA_) must be accessible from it. See the
[Istio Mesh Expansion]({{home}}/docs/setup/kubernetes/mesh-expansion.html) instructions for more details.
[Istio Mesh Expansion](/docs/setup/kubernetes/mesh-expansion/) instructions for more details.
In our case, the MySQL instance can run on any machine or can be provisioned as a service by a cloud provider. There is no requirement to integrate the machine
with Istio. The Istio control plane does not have to be accessible from the machine. In the case of MySQL as a service, the machine which MySQL runs on may be not accessible and installing on it the required components may be impossible. In our case, the MySQL instance is addressable by its global domain name, which could be beneficial if the consuming applications expect to use that domain name. This is especially relevant when that expected domain name cannot be changed in the deployment configuration of the consuming applications.
@ -318,6 +316,6 @@ In this blog post, I demonstrated how the microservices in an Istio service mesh
To read more about Istio egress traffic control:
* for TCP, see [Control Egress TCP Traffic Task]({{home}}/docs/tasks/traffic-management/egress-tcp.html)
* for TCP, see [Control Egress TCP Traffic Task](/docs/tasks/traffic-management/egress-tcp/)
* for HTTP/HTTPS, see [Control Egress Traffic Task]({{home}}/docs/tasks/traffic-management/egress.html)
* for HTTP/HTTPS, see [Control Egress Traffic Task](/docs/tasks/traffic-management/egress/)

0
_blog/2018/img/attach_policies.png → content/blog/2018/img/attach_policies.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 32 KiB

After

Width:  |  Height:  |  Size: 32 KiB

0
_blog/2018/img/bookinfo-details-v2.svg → content/blog/2018/img/bookinfo-details-v2.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 123 KiB

After

Width:  |  Height:  |  Size: 123 KiB

Some files were not shown because too many files have changed in this diff Show More