istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Restructure the cert management tasks. (#7209) 

* Restructure the cert management tasks.

* Small fix.

* Fix references.

* Fix links

* Small fix.

* Update content/en/docs/tasks/security/cert-management/plugin-ca-cert/index.md

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Small fix.

* Change the weights.

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
This commit is contained in:
Oliver Liu 2020-05-04 11:57:29 -07:00 committed by GitHub
parent a3e54ed121
commit 1e73594260
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 29 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/en/about/feature-stages/index.md
View File

@ -73,7 +73,7 @@ Below is our list of existing features and their current phases. This informatio
| [Service-to-service mutual TLS](/docs/concepts/security/#mutual-tls-authentication) | Stable
| [Kubernetes: Service Credential Distribution](/docs/concepts/security/#pki) | Stable
| [Certificate management on Ingress Gateway](/docs/tasks/traffic-management/ingress/secure-ingress) | Stable
| [Pluggable Key/Cert Support for Istio CA](/docs/tasks/security/plugin-ca-cert/) | Stable
| [Pluggable Key/Cert Support for Istio CA](/docs/tasks/security/cert-management/plugin-ca-cert/) | Stable
| [Authorization](/docs/concepts/security/#authorization) | Beta
| [End User (JWT) Authentication](/docs/concepts/security/#authentication) | Beta
| [Automatic mutual TLS](/docs/tasks/security/authentication/authn-policy/#auto-mutual-tls) | Beta

2
content/en/blog/2019/dns-cert/index.md
View File

@ -28,4 +28,4 @@ Chiron is the component provisioning and managing DNS certificates in Istio.
caption="The architecture of provisioning and managing DNS certificates in Istio"
>}}
To try this new feature, refer to the [DNS certificate management task](/docs/tasks/security/dns-cert).
To try this new feature, refer to the [DNS certificate management task](/docs/tasks/security/cert-management/dns-cert).

2
content/en/blog/2020/istiod/index.md
View File

@ -61,7 +61,7 @@ A separate component, the istio-agent, helps each sidecar connect to the mesh by
There will still be some cases where you might want to run Istio components independently, or replace certain components.
Some users might want to use a Certificate Authority (CA) outside the mesh, and we have [documentation on how to do that](/docs/tasks/security/plugin-ca-cert/). If you do your certificate provisioning using a different tool, we can use that instead of the built-in CA.
Some users might want to use a Certificate Authority (CA) outside the mesh, and we have [documentation on how to do that](/docs/tasks/security/cert-management/plugin-ca-cert/). If you do your certificate provisioning using a different tool, we can use that instead of the built-in CA.
## Moving forward

2
content/en/docs/examples/virtual-machines/multi-network/index.md
View File

@ -35,7 +35,7 @@ configure the Istio installation itself, and generate the configuration files
that let VMs connect to the mesh. Prepare the cluster for the VM with the
following commands on a machine with cluster admin privileges:
1. Create a Kubernetes secret for your generated CA certificates using a command similar to the following. See [Certificate Authority (CA) certificates](/docs/tasks/security/plugin-ca-cert/) for more details.
1. Create a Kubernetes secret for your generated CA certificates using a command similar to the following. See [Certificate Authority (CA) certificates](/docs/tasks/security/cert-management/plugin-ca-cert/) for more details.
1. Follow the same steps as [setting up single-network](/docs/examples/virtual-machines/single-network) configuration for the initial setup of the
cluster and certificates with the change of how you deploy Istio control plane:

2
content/en/docs/examples/virtual-machines/single-network/index.md
View File

@ -48,7 +48,7 @@ configure the Istio installation itself, and generate the configuration files
that let VMs connect to the mesh. Prepare the cluster for the VM with the
following commands on a machine with cluster admin privileges:
1. Create a Kubernetes secret for your generated CA certificates using a command similar to the following. See [Certificate Authority (CA) certificates](/docs/tasks/security/plugin-ca-cert/) for more details.
1. Create a Kubernetes secret for your generated CA certificates using a command similar to the following. See [Certificate Authority (CA) certificates](/docs/tasks/security/cert-management/plugin-ca-cert/) for more details.
{{< warning >}}
The root and intermediate certificate from the samples directory are widely

2
content/en/docs/setup/install/multicluster/gateways/index.md
View File

@ -63,7 +63,7 @@ Cross-cluster communication occurs over the Istio gateways of the respective clu
1. Run the following commands in **every cluster** to deploy an identical Istio control plane
configuration in all of them.
* Create a Kubernetes secret for your generated CA certificates using a command similar to the following. See [Certificate Authority (CA) certificates](/docs/tasks/security/plugin-ca-cert/) for more details.
* Create a Kubernetes secret for your generated CA certificates using a command similar to the following. See [Certificate Authority (CA) certificates](/docs/tasks/security/cert-management/plugin-ca-cert/) for more details.
{{< warning >}}
The root and intermediate certificate from the samples directory are widely

2
content/en/docs/setup/install/multicluster/shared/index.md
View File

@ -48,7 +48,7 @@ across different clusters. For illustration purposes, the following instructions
use the certificates from the Istio samples directory for both clusters.
Run the following commands on each cluster in the mesh to install the certificates.
See [Certificate Authority (CA) certificates](/docs/tasks/security/plugin-ca-cert/)
See [Certificate Authority (CA) certificates](/docs/tasks/security/cert-management/plugin-ca-cert/)
for more details on configuring an external CA.
{{< text bash >}}

2
content/en/docs/tasks/security/authentication/_index.md
View File

@ -1,5 +1,5 @@
---
title: Authentication
description: Controlling mutual TLS and end-user authentication for mesh services.
weight: 10
weight: 20
---

2
content/en/docs/tasks/security/authorization/_index.md
View File

@ -1,5 +1,5 @@
---
title: Authorization
description: Shows how to control access to Istio services.
weight: 20
weight: 30
---

5
content/en/docs/tasks/security/cert-management/_index.md Normal file
View File

@ -0,0 +1,5 @@
---
title: Certificate Management
description: Management of the certificates in Istio.
weight: 10
---

2
content/en/docs/tasks/security/dns-cert/index.md → content/en/docs/tasks/security/cert-management/dns-cert/index.md
View File

@ -3,6 +3,8 @@ title: Istio DNS Certificate Management
description: Shows how to provision and manage DNS certificates in Istio.
weight: 90
keywords: [security,certificate]
aliases:
- /docs/tasks/security/dns-cert/
test: true
---

2
content/en/docs/tasks/security/dns-cert/snips.sh → content/en/docs/tasks/security/cert-management/dns-cert/snips.sh
View File

@ -17,7 +17,7 @@
####################################################################################################
# WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE:
# docs/tasks/security/dns-cert/index.md
# docs/tasks/security/cert-management/dns-cert/index.md
####################################################################################################
snip_before_you_begin_1() {

0
content/en/docs/tasks/security/plugin-ca-cert/index.md → content/en/docs/tasks/security/cert-management/plugin-ca-cert/index.md
View File

2
content/en/docs/tasks/security/plugin-ca-cert/snips.sh → content/en/docs/tasks/security/cert-management/plugin-ca-cert/snips.sh
View File

@ -17,7 +17,7 @@
####################################################################################################
# WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE:
# docs/tasks/security/plugin-ca-cert/index.md
# docs/tasks/security/cert-management/plugin-ca-cert/index.md
####################################################################################################
snip_plugging_in_existing_certificates_and_key_1() {

2
content/en/news/releases/0.x/announcing-0.5/index.md
View File

@ -49,7 +49,7 @@ of controls.
## Security
- **Bring Your Own CA**. There have been many enhancements to the 'bring your own CA' feature.
[Learn more](/docs/tasks/security/plugin-ca-cert/)
[Learn more](/docs/tasks/security/cert-management/plugin-ca-cert/)
- **PKCS8**. Add support for PKCS8 keys to Istio PKI.

6
tests/security/dns_cert/dns_cert_test.go
View File

@ -22,8 +22,8 @@ import (
"istio.io/istio.io/pkg/test/istioio"
)
//https://istio.io/docs/tasks/security/dns-cert/
//https://github.com/istio/istio.io/blob/release-1.5/content/en/docs/tasks/security/dns-cert/index.md
//https://istio.io/docs/tasks/security/cert-management/dns-cert/
//https://github.com/istio/istio.io/blob/release-1.5/content/en/docs/tasks/security/cert-management/dns-cert/index.md
func TestDNSCert(t *testing.T) {
framework.
NewTest(t).
@ -36,7 +36,7 @@ func TestDNSCert(t *testing.T) {
Input: istioio.Inline{
FileName: "cleanup.sh",
Value: `
source ${REPO_ROOT}/content/en/docs/tasks/security/dns-cert/snips.sh
source ${REPO_ROOT}/content/en/docs/tasks/security/cert-management/dns-cert/snips.sh
snip_cleanup_1`,
},
}).

2
tests/security/dns_cert/scripts/dns_cert.txt
View File

@ -18,7 +18,7 @@ set -e
set -u
set -o pipefail
source ${REPO_ROOT}/content/en/docs/tasks/security/dns-cert/snips.sh
source ${REPO_ROOT}/content/en/docs/tasks/security/cert-management/dns-cert/snips.sh
out=$(snip_check_the_provisioning_of_dns_certificates_1 2>&1)
# Remove trailing spaces

8
tests/security/plugin_ca_cert/plugin_ca_cert_test.go
View File

@ -22,8 +22,8 @@ import (
"istio.io/istio.io/pkg/test/istioio"
)
//https://istio.io/docs/tasks/security/plugin-ca-cert/
//https://github.com/istio/istio.io/blob/release-1.5/content/en/docs/tasks/security/plugin-ca-cert/index.md
//https://istio.io/docs/tasks/security/cert-management/plugin-ca-cert/
//https://github.com/istio/istio.io/blob/release-1.5/content/en/docs/tasks/security/cert-management/plugin-ca-cert/index.md
func TestPluginCACert(t *testing.T) {
framework.
@ -36,7 +36,7 @@ func TestPluginCACert(t *testing.T) {
set -e
set -u
set -o pipefail
source ${REPO_ROOT}/content/en/docs/tasks/security/plugin-ca-cert/snips.sh
source ${REPO_ROOT}/content/en/docs/tasks/security/cert-management/plugin-ca-cert/snips.sh
# create_ns_foo_with_httpbin_sleep
snip_deploying_example_services_1
snip_deploying_example_services_2`,
@ -52,7 +52,7 @@ snip_deploying_example_services_2`,
Input: istioio.Inline{
FileName: "cleanup.sh",
Value: `
source ${REPO_ROOT}/content/en/docs/tasks/security/plugin-ca-cert/snips.sh
source ${REPO_ROOT}/content/en/docs/tasks/security/cert-management/plugin-ca-cert/snips.sh
snip_cleanup_1`,
},
}).

2
tests/security/plugin_ca_cert/scripts/plugin_ca_cert.txt
View File

@ -18,7 +18,7 @@ set -e
set -u
set -o pipefail
source ${REPO_ROOT}/content/en/docs/tasks/security/plugin-ca-cert/snips.sh
source ${REPO_ROOT}/content/en/docs/tasks/security/cert-management/plugin-ca-cert/snips.sh
# Disable errors, since the next command is expected to return an error.
set +e