mirror of https://github.com/istio/istio.io.git
Update lint checker configuration. (#12602)
* Update lint checker configuration. * Uses mdl.rb in the root * Fix trailing lines * Reset mdl.rb * Fix for adding an empty line
This commit is contained in:
Eric Van Norman
GitHub
parent
297056e6f4
commit
510f278525
|
|
@ -5,4 +5,4 @@ description: My one-line description for the page.
|
|||
publishdate: 2017-05-24
|
||||
attribution: My Name (My Company Name)
|
||||
keywords: [keyword1,keyword2]
|
||||
---
|
||||
---
|
||||
|
|
|
|||
|
|
@ -4,4 +4,4 @@ subtitle: My optional on-line subtitle
|
|||
description: My one-line description for the page.
|
||||
publishdate: 2017-05-24
|
||||
keywords: [keyword1,keyword2]
|
||||
---
|
||||
---
|
||||
|
|
|
|||
|
|
@ -22,4 +22,4 @@ In a [presentation at IstioCon 2021](https://events.istio.io/istiocon-2021/sessi
|
|||
|
||||
<iframe width="696" height="392" src="https://www.youtube-nocookie.com/embed/6kDiDQW5YXQ" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||
|
||||
[Download the slides](https://events.istio.io/istiocon-2021/slides/f1s-AirbnbIstioJourney.pdf)
|
||||
[Download the slides](https://events.istio.io/istiocon-2021/slides/f1s-AirbnbIstioJourney.pdf)
|
||||
|
|
|
|||
|
|
@ -22,4 +22,4 @@ Atlassian has been deploying Envoy to the compute nodes of its internal PaaS ove
|
|||
|
||||
<iframe width="696" height="392" src="https://www.youtube-nocookie.com/embed/iAyVhjuA1HE" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||
|
||||
[Download the slides](https://events.istio.io/istiocon-2021/slides/c1s-GoingDynamicEnvoy-NicolasMeessen.pdf)
|
||||
[Download the slides](https://events.istio.io/istiocon-2021/slides/c1s-GoingDynamicEnvoy-NicolasMeessen.pdf)
|
||||
|
|
|
|||
|
|
@ -22,4 +22,4 @@ As service mesh gains wider adoption, more and more companies are looking to bri
|
|||
|
||||
<iframe width="696" height="392" src="https://www.youtube-nocookie.com/embed/TL97Id9j7F0" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||
|
||||
[Download the slides](https://events.istio.io/istiocon-2021/slides/f5a-IstioAdoption-CashApp.pdf)
|
||||
[Download the slides](https://events.istio.io/istiocon-2021/slides/f5a-IstioAdoption-CashApp.pdf)
|
||||
|
|
|
|||
|
|
@ -22,4 +22,4 @@ Managing a service mesh that spans hundreds of thousands of containers across th
|
|||
|
||||
<iframe width="696" height="392" src="https://www.youtube-nocookie.com/embed/Yo6x5Knv7Kc" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||
|
||||
[Download the slides](https://events.istio.io/istiocon-2021/slides/g2s-IstioAtScale-eBay-Sudhi.pdf)
|
||||
[Download the slides](https://events.istio.io/istiocon-2021/slides/g2s-IstioAtScale-eBay-Sudhi.pdf)
|
||||
|
|
|
|||
|
|
@ -24,4 +24,4 @@ In [this talk from IstioCon 2022](https://events.istio.io/istiocon-2022/sessions
|
|||
|
||||
<iframe width="696" height="392" src="https://www.youtube.com/embed/O2IamfjFk7E" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||
|
||||
[Download the slides](https://events.istio.io/istiocon-2022/slides/a7-IstioSplunk.pdf)
|
||||
[Download the slides](https://events.istio.io/istiocon-2022/slides/a7-IstioSplunk.pdf)
|
||||
|
|
|
|||
|
|
@ -24,4 +24,4 @@ In [this talk from IstioCon 2021](https://events.istio.io/istiocon-2021/sessions
|
|||
|
||||
<iframe width="696" height="392" src="https://www.youtube-nocookie.com/embed/gzrWEP87mKg" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||
|
||||
[Download the slides](https://events.istio.io/istiocon-2021/slides/c2s-GoodBadMesh-JoeSearcy.pdf)
|
||||
[Download the slides](https://events.istio.io/istiocon-2021/slides/c2s-GoodBadMesh-JoeSearcy.pdf)
|
||||
|
|
|
|||
|
|
@ -26,4 +26,4 @@ In [this talk from IstioCon 2022](https://events.istio.io/istiocon-2022/sessions
|
|||
|
||||
<iframe width="696" height="392" src="https://www.youtube.com/embed/aI-o1KYwBhs" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||
|
||||
[Download the slides](https://events.istio.io/istiocon-2022/slides/d5a-WPEngine.pdf)
|
||||
[Download the slides](https://events.istio.io/istiocon-2022/slides/d5a-WPEngine.pdf)
|
||||
|
|
|
|||
|
|
@ -24,4 +24,4 @@ In [this talk from IstioCon 2022](https://events.istio.io/istiocon-2022/sessions
|
|||
|
||||
<iframe width="696" height="392" src="https://www.youtube.com/embed/CKDuv9hwQPs" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||
|
||||
[Download the slides](https://events.istio.io/istiocon-2022/slides/f1c-AcceleratingZozotown.pdf)
|
||||
[Download the slides](https://events.istio.io/istiocon-2022/slides/f1c-AcceleratingZozotown.pdf)
|
||||
|
|
|
|||
|
|
@ -3,4 +3,4 @@ title: How can I verify that traffic is using mutual TLS encryption?
|
|||
weight: 25
|
||||
---
|
||||
|
||||
If you installed Istio with `values.global.proxy.privileged=true`, you can use `tcpdump` to determine encryption status. Also in Kubernetes 1.23 and later, as an alternative to installing Istio as privileged, you can use `kubectl debug` to run `tcpdump` in an [ephemeral container](https://kubernetes.io/docs/tasks/debug/debug-application/debug-running-pod/#ephemeral-container). See [Istio mutual TLS migration](/docs/tasks/security/authentication/mtls-migration) for instructions.
|
||||
If you installed Istio with `values.global.proxy.privileged=true`, you can use `tcpdump` to determine encryption status. Also in Kubernetes 1.23 and later, as an alternative to installing Istio as privileged, you can use `kubectl debug` to run `tcpdump` in an [ephemeral container](https://kubernetes.io/docs/tasks/debug/debug-application/debug-running-pod/#ephemeral-container). See [Istio mutual TLS migration](/docs/tasks/security/authentication/mtls-migration) for instructions.
|
||||
|
|
|
|||
|
|
@ -614,4 +614,4 @@ demonstrated a simple policy that allowed certain URL paths only. We also showed
|
|||
serviceaccount "politics" deleted
|
||||
service "politics" deleted
|
||||
deployment "politics" deleted
|
||||
{{< /text >}}
|
||||
{{< /text >}}
|
||||
|
|
|
|||
|
|
@ -255,4 +255,4 @@ exported. In detail as follows:
|
|||
## Availability of logs in export sinks
|
||||
|
||||
Export to BigQuery is within minutes (we see it to be almost instant), GCS can
|
||||
have a delay of 2 to 12 hours and Pub/Sub is almost immediately.
|
||||
have a delay of 2 to 12 hours and Pub/Sub is almost immediately.
|
||||
|
|
|
|||
|
|
@ -119,4 +119,3 @@ In terms of CPU consumption per transaction, Istio has used significantly more C
|
|||
## Conclusion
|
||||
|
||||
In this investigation, we tried different options to access an external TLS-enabled MongoDB to compare their performance. The introduction of the Egress Gateway did not have a significant impact on the performance nor meaningful additional CPU consumption. Only when enabling mutual TLS between sidecars and egress gateway or using an additional SNI proxy for wildcarded domains we could observe some degradation.
|
||||
|
||||
|
|
|
|||
|
|
@ -126,4 +126,4 @@ Hopefully, I managed to convince you that Istio is an effective tool to prevent
|
|||
traffic. In [the next part of this series](/blog/2019/egress-traffic-control-in-istio-part-3/), I compare secure control of egress traffic in Istio with alternative
|
||||
solutions such as
|
||||
[Kubernetes Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) and legacy
|
||||
egress proxies/firewalls.
|
||||
egress proxies/firewalls.
|
||||
|
|
|
|||
|
|
@ -149,4 +149,4 @@ microservices inside the cluster.
|
|||
|
||||
So, if you haven't had the chance to work with Istio yet, [install Istio](/docs/setup/install/) on your cluster
|
||||
and check our [egress traffic control tasks](/docs/tasks/traffic-management/egress/) and the tasks for the other
|
||||
[Istio features](/docs/tasks/). We also want to hear from you, please join us at [discuss.istio.io](https://discuss.istio.io).
|
||||
[Istio features](/docs/tasks/). We also want to hear from you, please join us at [discuss.istio.io](https://discuss.istio.io).
|
||||
|
|
|
|||
|
|
@ -369,4 +369,4 @@ labels emitted based on the listener type invoked in Envoy.
|
|||
connection that is ever established.
|
||||
|
||||
Monitoring these metrics can help operators easily understand all the external
|
||||
services consumed by the applications in their cluster.
|
||||
services consumed by the applications in their cluster.
|
||||
|
|
|
|||
|
|
@ -458,4 +458,4 @@ across clusters in a multicluster service mesh with a replicated control plane m
|
|||
In this example, we manually configured the `.global` service entry and destination rules needed to provide
|
||||
connectivity to one remote service, `reviews`. In general, however, if we wanted to enable any service
|
||||
to run either locally or remotely, we would need to create `.global` resources for every service.
|
||||
Fortunately, this process could be automated and likely will be in a future Istio release.
|
||||
Fortunately, this process could be automated and likely will be in a future Istio release.
|
||||
|
|
|
|||
|
|
@ -19,4 +19,4 @@ information on how to gauge the age of your certificates and how to perform rota
|
|||
{{< tip >}}
|
||||
We strongly recommend you rotate root keys and root certificates annually as a security best practice.
|
||||
We will send out instructions for root key/cert rotation soon.
|
||||
{{< /tip >}}
|
||||
{{< /tip >}}
|
||||
|
|
|
|||
|
|
@ -489,5 +489,3 @@ support the full `v1alpha1` semantics as of the date of this blog post.
|
|||
|
||||
The command to support the full `v1alpha1` semantics is expected in a patch
|
||||
release following Istio 1.4.
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -19,4 +19,3 @@ There are two different approaches to doing this. The supported way for Gloo OSS
|
|||
See a quick demo of integrating open-source Gloo with Istio 1.5:
|
||||
|
||||
<iframe width="560" height="315" src="https://www.youtube.com/embed/zhUR3HgeFSg" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||
|
||||
|
|
|
|||
|
|
@ -166,4 +166,4 @@ spec:
|
|||
|
||||
Admiral provides a new Global Traffic Routing and unique service naming functionality to address some challenges posed by the Istio model described in [multi-cluster deployment with replicated control planes](https://istio.io/v1.6/docs/setup/install/multicluster/gateways/#deploy-the-istio-control-plane-in-each-cluster). It removes the need for manual configuration synchronization between clusters and generates contextual configuration for each cluster. This makes it possible to operate a Service Mesh composed of many Kubernetes clusters.
|
||||
|
||||
We think Istio/Service Mesh community would benefit from this approach, so we [open sourced Admiral](https://github.com/istio-ecosystem/admiral) and would love your feedback and support!
|
||||
We think Istio/Service Mesh community would benefit from this approach, so we [open sourced Admiral](https://github.com/istio-ecosystem/admiral) and would love your feedback and support!
|
||||
|
|
|
|||
|
|
@ -210,4 +210,4 @@ community home for the tooling and the WebAssembly Hub
|
|||
|
||||
- [Tutorials](https://docs.solo.io/web-assembly-hub/latest/tutorial_code/)
|
||||
|
||||
- Videos on the [Solo.io YouTube Channel](https://www.youtube.com/channel/UCuketWAG3WqYjjxtQ9Q8ApQ)
|
||||
- Videos on the [Solo.io YouTube Channel](https://www.youtube.com/channel/UCuketWAG3WqYjjxtQ9Q8ApQ)
|
||||
|
|
|
|||
|
|
@ -212,4 +212,4 @@ spec:
|
|||
|
||||
## Wrapping Up
|
||||
|
||||
Istio’s `VirtualService` and `DestinationRule` API’s provide traffic routing, failure recovery and fault injection features so that you can create resilient applications. The ServiceEntry API extends many of these features to external services that are not part of your service mesh.
|
||||
Istio’s `VirtualService` and `DestinationRule` API’s provide traffic routing, failure recovery and fault injection features so that you can create resilient applications. The ServiceEntry API extends many of these features to external services that are not part of your service mesh.
|
||||
|
|
|
|||
|
|
@ -85,4 +85,4 @@ In part 2, I will explain how to configure Istio as well as a virtual machine to
|
|||
|
||||
### Special Thanks
|
||||
|
||||
A special thanks to Dave Ortiz for this virtual machine idea and congrats to Constant Contact [a new registered Istio user!](https://github.com/istio/istio.io/pull/10571)
|
||||
A special thanks to Dave Ortiz for this virtual machine idea and congrats to Constant Contact [a new registered Istio user!](https://github.com/istio/istio.io/pull/10571)
|
||||
|
|
|
|||
|
|
@ -54,4 +54,4 @@ In ambient mesh, we do not share L7 processing in a proxy across multiple identi
|
|||
|
||||
## Sidecars are still a first-class supported deployment
|
||||
|
||||
We understand that some folks are comfortable with the sidecar model and their known security boundaries and wish to stay on that model. With Istio, sidecars are a first-class citizen to the mesh and platform owners have the choice to continue using them. If a platform owner wants to support both sidecar and ambient, they can. A workload with the ambient data plane can natively communicate with workloads that have a sidecar deployed. As folks better understand the security posture of ambient mesh, we are confident that ambient will be the preferred mode of Istio service mesh with sidecars used for specific optimizations.
|
||||
We understand that some folks are comfortable with the sidecar model and their known security boundaries and wish to stay on that model. With Istio, sidecars are a first-class citizen to the mesh and platform owners have the choice to continue using them. If a platform owner wants to support both sidecar and ambient, they can. A workload with the ambient data plane can natively communicate with workloads that have a sidecar deployed. As folks better understand the security posture of ambient mesh, we are confident that ambient will be the preferred mode of Istio service mesh with sidecars used for specific optimizations.
|
||||
|
|
|
|||
|
|
@ -45,4 +45,3 @@ Do you want to put your product or service in front of the most discerning Cloud
|
|||
For those of you who can't make it, keep your eyes peeled for announcements of IstioCon 2023 and Istio Day North America later this year.
|
||||
|
||||
Stay tuned to hear more about the event, and we hope you can join us at Istio Day Europe!
|
||||
|
||||
|
|
|
|||
|
|
@ -29,4 +29,3 @@ Based on this, here is the complete list of Istio Steering Committee members, in
|
|||
- [Zhonghu Xu](https://github.com/hzxuzhonghu) (Huawei)
|
||||
|
||||
Our sincerest thanks to Louis Ryan, Srihari Angaluri, Kebe Liu and Jason McGee, all long-time contributors to the Istio project, whose terms have come to an end.
|
||||
|
||||
|
|
|
|||
|
|
@ -11,4 +11,4 @@ If third party tokens are not enabled, you should add the option
|
|||
If the `jwtPolicy` is not set correctly, pods associated with `istiod`,
|
||||
gateways or workloads with injected Envoy proxies will not get deployed due
|
||||
to the missing `istio-token` volume.
|
||||
{{< /warning >}}
|
||||
{{< /warning >}}
|
||||
|
|
|
|||
|
|
@ -13,4 +13,4 @@
|
|||
{{< text bash >}}
|
||||
$ helm repo add istio https://istio-release.storage.googleapis.com/charts
|
||||
$ helm repo update
|
||||
{{< /text >}}
|
||||
{{< /text >}}
|
||||
|
|
|
|||
|
|
@ -2,4 +2,4 @@
|
|||
---
|
||||
When using the `default` tag alongside an existing non-revisioned Istio installation it is recommended to remove the old
|
||||
`MutatingWebhookConfiguration` (typically called `istio-sidecar-injector`) to avoid having both the older and newer control
|
||||
planes attempt injection.
|
||||
planes attempt injection.
|
||||
|
|
|
|||
|
|
@ -2,4 +2,4 @@
|
|||
---
|
||||
Manually relabeling namespaces when moving them to a new revision can be tedious and error-prone.
|
||||
[Revision tags](/docs/reference/commands/istioctl/#istioctl-tag) solve this problem.
|
||||
[Revision tags](/docs/reference/commands/istioctl/#istioctl-tag) are stable identifiers that point to revisions and can be used to avoid relabeling namespaces. Rather than relabeling the namespace, a mesh operator can simply change the tag to point to a new revision. All namespaces labeled with that tag will be updated at the same time.
|
||||
[Revision tags](/docs/reference/commands/istioctl/#istioctl-tag) are stable identifiers that point to revisions and can be used to avoid relabeling namespaces. Rather than relabeling the namespace, a mesh operator can simply change the tag to point to a new revision. All namespaces labeled with that tag will be updated at the same time.
|
||||
|
|
|
|||
|
|
@ -8,4 +8,4 @@ caption="Namespace labels unchanged but now all namespaces pointed to 1-10-0"
|
|||
>}}
|
||||
|
||||
Restarting injected workloads in the namespaces marked `prod-stable` will now result in those workloads using the `1-10-0`
|
||||
control plane. Notice that no namespace relabeling was required to migrate workloads to the new revision.
|
||||
control plane. Notice that no namespace relabeling was required to migrate workloads to the new revision.
|
||||
|
|
|
|||
|
|
@ -2,4 +2,4 @@
|
|||
---
|
||||
Consider a cluster with two revisions installed, `1-9-5` and `1-10-0`. The cluster operator creates a revision tag `prod-stable`,
|
||||
pointed at the older, stable `1-9-5` version, and a revision tag `prod-canary` pointed at the newer `1-10-0` revision. That
|
||||
state could be reached via the following commands:
|
||||
state could be reached via the following commands:
|
||||
|
|
|
|||
|
|
@ -2,4 +2,4 @@
|
|||
---
|
||||
{{< tip >}}
|
||||
Users are encouraged to transition to the [Telemetry API](/docs/tasks/observability/telemetry/) for tracing configuration.
|
||||
{{</ tip >}}
|
||||
{{</ tip >}}
|
||||
|
|
|
|||
|
|
@ -65,4 +65,3 @@ The following checks were performed on each of these signatures:
|
|||
|
||||
[{"critical":{"identity":{"docker-reference":"gcr.io/istio-release/pilot"},"image":{"docker-manifest-digest":"sha256:c37fd83f6435ca0966d653dc6ac42c9fe5ac11d0d5d719dfe97de84acbf7a32d"},"type":"cosign container image signature"},"optional":null}]
|
||||
{{< /text >}}
|
||||
|
||||
|
|
|
|||
|
|
@ -319,5 +319,3 @@ To make sure services will have zero down-time when configuring routes with subs
|
|||
1. Wait a few seconds for the `VirtualService` configuration to propagate to the Envoy sidecars.
|
||||
|
||||
1. Update the `DestinationRule` to remove the unused subsets.
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -35,4 +35,4 @@ In Kubernetes, `ImagePullPolicy: Always` means that an image is pulled directly
|
|||
Every time a new pod is started, Kubernetes pulls the image anew.
|
||||
|
||||
For a `WasmPlugin`, `ImagePullPolicy: Always` means that Istio will pull an image directly from its source each time the corresponding `WasmPlugin` Kubernetes resource is created or changed.
|
||||
Please note that a change not only in `spec` but also `metadata` triggers the pulling of a Wasm module when the `Always` policy is used. This can mean that an image is pulled from source several times over the lifetime of a pod, and over the lifetime of an individual proxy.
|
||||
Please note that a change not only in `spec` but also `metadata` triggers the pulling of a Wasm module when the `Always` policy is used. This can mean that an image is pulled from source several times over the lifetime of a pod, and over the lifetime of an individual proxy.
|
||||
|
|
|
|||
|
|
@ -234,4 +234,3 @@ spec:
|
|||
The client IP is retrieved from the PROXY protocol by the gateway and set (or appended) in the `X-Forwarded-For` and `X-Envoy-External-Address` header. Note that the PROXY protocol is mutually exclusive with L7 headers like `X-Forwarded-For` and `X-Envoy-External-Address`. When PROXY protocol is used in conjunction with the `gatewayTopology` configuration, the `numTrustedProxies` and the received `X-Forwarded-For` header takes precedence in determining the trusted client addresses, and PROXY protocol client information will be ignored.
|
||||
|
||||
Note that the above example only configures the Gateway to accept incoming PROXY protocol TCP traffic - See the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/other_features/ip_transparency#proxy-protocol) for examples of how to configure Envoy itself to communicate with upstream services using PROXY protocol.
|
||||
|
||||
|
|
|
|||
|
|
@ -10,4 +10,4 @@ keywords:
|
|||
- installation
|
||||
- configuration
|
||||
test: n/a
|
||||
---
|
||||
---
|
||||
|
|
|
|||
|
|
@ -61,4 +61,3 @@ In this example, the port `svc-8080` does follow the syntax: `name: <http|https|
|
|||
## How to resolve
|
||||
|
||||
- JWT authentication is only supported over http, https or http2. Rename the Service port name to conform with `<http|https|http2>[-<suffix>]`
|
||||
|
||||
|
|
|
|||
|
|
@ -52,4 +52,4 @@ the second destination.
|
|||
If you need traffic to go to more than one place, use `mirror`.
|
||||
|
||||
Re-order your routes so that the most specific ones are first. Place 'catch all'
|
||||
routes at the end.
|
||||
routes at the end.
|
||||
|
|
|
|||
|
|
@ -38,4 +38,3 @@ In this example, the port name `tcp` follows the syntax: `name: <protocol>`. How
|
|||
|
||||
- If you have an ExternalName service type, and the protocol is TCP, rename the port to `<protocol>[-<suffix>]` or `<protocol>` where protocol is `https` or `tls`. To learn more, review
|
||||
docs on [explicit protocol selection](/docs/ops/configuration/traffic-management/protocol-selection/#explicit-protocol-selection).
|
||||
|
||||
|
|
|
|||
|
|
@ -172,4 +172,3 @@ spec:
|
|||
5000)
|
||||
end
|
||||
{{< /text >}}
|
||||
|
||||
|
|
|
|||
|
|
@ -125,4 +125,3 @@ For TCP traffic, Istio generates the following metrics:
|
|||
|
||||
* **gRPC Response Status**: This identifies the response status of the gRPC. This
|
||||
label is present only on gRPC metrics.
|
||||
|
||||
|
|
|
|||
|
|
@ -5,4 +5,4 @@ weight: 30
|
|||
aliases:
|
||||
- /docs/reference/config/proxy_extensions/
|
||||
test: n/a
|
||||
---
|
||||
---
|
||||
|
|
|
|||
|
|
@ -39,4 +39,3 @@ Istio supports the following service identities on different platforms:
|
|||
name, Istio service account, or GCP service account. The custom service
|
||||
account refers to the existing service account just like the identities that
|
||||
the customer’s Identity Directory manages.
|
||||
|
||||
|
|
|
|||
|
|
@ -5,4 +5,3 @@ test: n/a
|
|||
|
||||
Micro-segmentation is a security technique that creates secure zones in cloud deployments and allows organizations to
|
||||
isolate workloads from one another and secure them individually.
|
||||
|
||||
|
|
|
|||
|
|
@ -7,4 +7,4 @@ Routing rules, which you configure in a [virtual service](/docs/concepts/traffic
|
|||
define the paths that requests follow within the service mesh. With routing rules, you can define
|
||||
conditions to route traffic addressed to the virtual service's host to specific
|
||||
destination workloads. Routing rules let you control traffic for tasks
|
||||
like A/B testing, canary rollouts, and staged rollouts with percentage-based traffic splits.
|
||||
like A/B testing, canary rollouts, and staged rollouts with percentage-based traffic splits.
|
||||
|
|
|
|||
|
|
@ -5,4 +5,4 @@ weight: 40
|
|||
aliases:
|
||||
keywords: [releases]
|
||||
test: n/a
|
||||
---
|
||||
---
|
||||
|
|
|
|||
|
|
@ -105,4 +105,4 @@ The relationship between the two project's versions:
|
|||
| 1.16.x | 1.24.x |
|
||||
| 1.15.x | 1.23.x |
|
||||
|
||||
In general, Istio releases tend to map one to one with Envoy releases. You can find the precise Envoy commit used by Istio in [`istio/proxy`](https://github.com/istio/proxy/blob/master/WORKSPACE#L38).
|
||||
In general, Istio releases tend to map one to one with Envoy releases. You can find the precise Envoy commit used by Istio in [`istio/proxy`](https://github.com/istio/proxy/blob/master/WORKSPACE#L38).
|
||||
|
|
|
|||
|
|
@ -155,5 +155,3 @@ For further detailed information about the concepts and techniques described in
|
|||
1. [IstioOperator - Customize Installation](/docs/setup/additional-setup/customize-installation)
|
||||
1. [Advanced Helm Techniques](https://helm.sh/docs/topics/advanced/)
|
||||
1. [Kustomize](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -188,4 +188,4 @@ and remote clusters!
|
|||
|
||||
## Next Steps
|
||||
|
||||
You can now [verify the installation](/docs/setup/install/multicluster/verify).
|
||||
You can now [verify the installation](/docs/setup/install/multicluster/verify).
|
||||
|
|
|
|||
|
|
@ -247,4 +247,4 @@ and remote clusters on different networks!
|
|||
|
||||
## Next Steps
|
||||
|
||||
You can now [verify the installation](/docs/setup/install/multicluster/verify).
|
||||
You can now [verify the installation](/docs/setup/install/multicluster/verify).
|
||||
|
|
|
|||
|
|
@ -120,4 +120,3 @@ Follow these instructions to set up Dashboard for kind.
|
|||
{{< warning >}}
|
||||
You have to save your token somewhere, otherwise you have to run step number 4 everytime you need a token to login to your Dashboard.
|
||||
{{< /warning >}}
|
||||
|
||||
|
|
|
|||
|
|
@ -251,4 +251,4 @@ with the canary uninstall.
|
|||
|
||||
{{< text bash >}}
|
||||
$ kubectl delete ns istio-system app-ns-1 app-ns-2 app-ns-3
|
||||
{{< /text >}}
|
||||
{{< /text >}}
|
||||
|
|
|
|||
|
|
@ -110,4 +110,4 @@ which is maintained by the Istio community and used to develop Istio's Telemetry
|
|||
|
||||
There are known limitations with this module distribution mechanism, which will be addressed in future releases:
|
||||
|
||||
- Only HTTP filters are supported.
|
||||
- Only HTTP filters are supported.
|
||||
|
|
|
|||
|
|
@ -5,4 +5,4 @@ weight: 20
|
|||
aliases:
|
||||
- /docs/tasks/telemetry/logs/
|
||||
test: n/a
|
||||
---
|
||||
---
|
||||
|
|
|
|||
|
|
@ -5,4 +5,4 @@ weight: 1
|
|||
aliases:
|
||||
- /docs/tasks/telemetry/metrics/
|
||||
test: n/a
|
||||
---
|
||||
---
|
||||
|
|
|
|||
|
|
@ -108,4 +108,4 @@ accepts a JWT issued by `testing@secure.istio.io` and copies the value of claim
|
|||
|
||||
{{< text bash >}}
|
||||
$ kubectl delete namespace foo
|
||||
{{< /text >}}
|
||||
{{< /text >}}
|
||||
|
|
|
|||
|
|
@ -3,4 +3,4 @@ title: TLS Configuration
|
|||
description: TLS configuration in Istio.
|
||||
weight: 40
|
||||
test: n/a
|
||||
---
|
||||
---
|
||||
|
|
|
|||
|
|
@ -328,4 +328,3 @@ Delete the `sleep` service and deployment:
|
|||
$ kubectl delete service sleep
|
||||
$ kubectl delete deployment sleep
|
||||
{{< /text >}}
|
||||
|
||||
|
|
|
|||
|
|
@ -357,4 +357,4 @@ More details and examples can be found in other [traffic management tasks](/docs
|
|||
|
||||
{{< text bash >}}
|
||||
$ kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref={{< k8s_gateway_api_version >}}" | kubectl delete -f -
|
||||
{{< /text >}}
|
||||
{{< /text >}}
|
||||
|
|
|
|||
|
|
@ -5,4 +5,4 @@ period_end: 2021-03-26
|
|||
---
|
||||
[comment]: <> (TODO: Replace placeholder and change periods if needed or remove file)
|
||||
|
||||
This is a test banner showing until 16th of March. [Check Istio page](https://www.istio.io)
|
||||
This is a test banner showing until 16th of March. [Check Istio page](https://www.istio.io)
|
||||
|
|
|
|||
|
|
@ -17,4 +17,3 @@ We're pleased to announce the availability of Istio 1.1.17. This will be the la
|
|||
## Bug fixes
|
||||
|
||||
- Fix a bug introduced by [our October 8th security release](/news/security/istio-security-2019-005) which incorrectly calculated HTTP header and body sizes ([Issue 17735](https://github.com/istio/istio/issues/17735).
|
||||
|
||||
|
|
|
|||
|
|
@ -20,4 +20,3 @@ This release contains bug fixes to improve robustness. This release note describ
|
|||
- **Fixed** a bug where setting the `retryRemoteLocalities` on a `VirtualService` would produce configuration that Envoy would reject. ([Issue #33737](https://github.com/istio/istio/issues/33737))
|
||||
|
||||
- **Improved** the `meshConfig.defaultConfig.proxyMetadata` field to do a deep merge when overridden rather than replacing all values.
|
||||
|
||||
|
|
|
|||
|
|
@ -33,4 +33,3 @@ This release fixes the security vulnerabilities described in our August 24th pos
|
|||
Note: this vulnerability does not impact downstream client connections.
|
||||
|
||||
- [CVE-2021-32781](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32781) (CVSS score 8.6, High): Envoy contains a remotely exploitable vulnerability that affects Envoy's decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies. Modifying and increasing the size of the body in an Envoy’s extension beyond internal buffer size may lead to Envoy accessing deallocated memory and terminating abnormally.
|
||||
|
||||
|
|
|
|||
|
|
@ -34,4 +34,3 @@ This release contains bug fixes to improve robustness. This release note describ
|
|||
|
||||
- **Fixed** `DestinationRule` updates not triggering an update for `AUTO_PASSTHROUGH` listeners on gateways.
|
||||
([Issue #34944](https://github.com/istio/istio/issues/34944))
|
||||
|
||||
|
|
|
|||
|
|
@ -23,4 +23,3 @@ This release contains bug fixes to improve robustness. This release note describ
|
|||
|
||||
- **Fixed** an issue in webhook analysis which would make helm reconciler complain about overlapping webhooks.
|
||||
([Issue #36114](https://github.com/istio/istio/issues/36114))
|
||||
|
||||
|
|
|
|||
|
|
@ -16,4 +16,3 @@ This release contains bug fixes to improve robustness. This release note describ
|
|||
- **Fixed** building routes order where a catch-all route no longer short circuits other routes declared after it. ([Issue #39188](https://github.com/istio/istio/issues/39188))
|
||||
|
||||
- **Fixed** a bug where the previous cluster was not stopping when updating a multicluster secret. The previous cluster did not stop even when the secret was deleted. ([Issue #39366](https://github.com/istio/istio/issues/39366))
|
||||
|
||||
|
|
|
|||
|
|
@ -23,4 +23,3 @@ When installing a new Istio control plane revision the previous resource validat
|
|||
unintended effects on the existing, stable revision. Once prepared to migrate over to the new control plane revision,
|
||||
cluster operators should switch the default revision. This can be done through `istioctl tag set default --revision <new revision>`,
|
||||
or if using a Helm-based flow, `helm upgrade istio-base manifests/charts/base -n istio-system --set defaultRevision=<new revision>`.
|
||||
|
||||
|
|
|
|||
|
|
@ -6,4 +6,3 @@ list_by_publishdate: true
|
|||
layout: release-grid
|
||||
decoration: dot
|
||||
---
|
||||
|
||||
|
|
|
|||
|
|
@ -25,4 +25,4 @@ which includes 9 security fixes. We recommend you to upgrade to this newer Go ve
|
|||
|
||||
# Security update
|
||||
|
||||
- **Fixed** [CVE-2022-31045](/news/security/istio-security-2022-005/#cve-2022-31045).
|
||||
- **Fixed** [CVE-2022-31045](/news/security/istio-security-2022-005/#cve-2022-31045).
|
||||
|
|
|
|||
|
|
@ -25,4 +25,4 @@ which includes 9 security fixes. We recommend you to upgrade to this newer Go ve
|
|||
|
||||
# Security update
|
||||
|
||||
- **Fixed** [CVE-2022-31045](/news/security/istio-security-2022-005/#cve-2022-31045).
|
||||
- **Fixed** [CVE-2022-31045](/news/security/istio-security-2022-005/#cve-2022-31045).
|
||||
|
|
|
|||
|
|
@ -30,4 +30,4 @@ FYI, this release includes security fixes in Go 1.18.9 (released on 2022-12-06).
|
|||
Previously, istiod silently ignored the failover settings.
|
||||
|
||||
- **Improved** when Wasm module downloading fails and `fail_open` is true, a RBAC filter allows all traffic to pass to `Envoy` instead of the original Wasm filter.
|
||||
Previously, the given Wasm filter itself was passed to `Envoy` in this case, but it may cause errors because some fields of Wasm configuration are optional in Istio, but not in `Envoy`.
|
||||
Previously, the given Wasm filter itself was passed to `Envoy` in this case, but it may cause errors because some fields of Wasm configuration are optional in Istio, but not in `Envoy`.
|
||||
|
|
|
|||
|
|
@ -23,4 +23,4 @@ This release contains bug fixes to improve robustness. This release note describ
|
|||
|
||||
- **Fixed** an issue where an incorrect schema configuration caused the Istio Operator to go into an error loop. ([Issue #40876](https://github.com/istio/istio/issues/40876))
|
||||
|
||||
- **Fixed** network port forward issue to support IPv4 and IPv6. ([Issue #40605](https://github.com/istio/istio/issues/40605))
|
||||
- **Fixed** network port forward issue to support IPv4 and IPv6. ([Issue #40605](https://github.com/istio/istio/issues/40605))
|
||||
|
|
|
|||
|
|
@ -65,4 +65,4 @@ We have added support for the OpenTelemetry tracing provider with the Telemetry
|
|||
When you upgrade, we would like to hear from you! Please take a few minutes to respond to a brief [survey](https://forms.gle/99uiMML96AmsXY5d6) to let us know how we’re doing.
|
||||
|
||||
You can also join the conversation at [Discuss Istio](https://discuss.istio.io/), or join our [Slack workspace](https://slack.istio.io/).
|
||||
Would you like to contribute directly to Istio? Find and join one of our [Working Groups](https://github.com/istio/community/blob/master/WORKING-GROUPS.md) and help us improve.
|
||||
Would you like to contribute directly to Istio? Find and join one of our [Working Groups](https://github.com/istio/community/blob/master/WORKING-GROUPS.md) and help us improve.
|
||||
|
|
|
|||
|
|
@ -13,4 +13,4 @@ Users upgrading from 1.14.x to Istio 1.16.0 should also reference the [1.15 chan
|
|||
|
||||
## Gateway API Resources
|
||||
|
||||
The Gateway API integration has been upgraded to read `v1beta1` resources for `HTTPRoute`, `Gateway`, and `GatewayClass`. If using the new Gateway API feature for traffic management, which is currently beta, this change requires the gateway-api to be version 0.5.0 or higher. For more information, see the Kubernetes Gateway API [Getting Started Guide](/docs/setup/additional-setup/getting-started).
|
||||
The Gateway API integration has been upgraded to read `v1beta1` resources for `HTTPRoute`, `Gateway`, and `GatewayClass`. If using the new Gateway API feature for traffic management, which is currently beta, this change requires the gateway-api to be version 0.5.0 or higher. For more information, see the Kubernetes Gateway API [Getting Started Guide](/docs/setup/additional-setup/getting-started).
|
||||
|
|
|
|||
|
|
@ -24,4 +24,3 @@ __ISTIO-SECURITY-2019-005__: A DoS vulnerability has been discovered by the Env
|
|||
## Bug fix
|
||||
|
||||
- Fix a bug where `nodeagent` was failing to start when using citadel ([Issue 15876](https://github.com/istio/istio/issues/17108))
|
||||
|
||||
|
|
|
|||
|
|
@ -20,4 +20,3 @@ This release note describes what's different between Istio 1.5.5 and Istio 1.5.4
|
|||
- **ISTIO-SECURITY-2020-006** Excessive CPU usage when processing HTTP/2 SETTINGS frames with too many parameters, potentially leading to a denial of service.
|
||||
|
||||
__[CVE-2020-11080](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080)__: By sending a specially crafted packet, an attacker could cause the CPU to spike at 100%. This could be sent to the ingress gateway or a sidecar.
|
||||
|
||||
|
|
|
|||
|
|
@ -20,4 +20,3 @@ This release contains bug fixes to improve robustness. This release note describ
|
|||
|
||||
- **Fixed** Pilot agent app probe connection leak.
|
||||
([Issue #27726](https://github.com/istio/istio/issues/27726))
|
||||
|
||||
|
|
|
|||
|
|
@ -21,4 +21,4 @@ This release contains bug fixes to improve robustness. This release note describ
|
|||
|
||||
- **Fixed** setting the `ISTIO_META_REQUESTED_NETWORK_VIEW` environment variable for a proxy will filter out endpoints that aren’t part of the comma-separated list of networks. This should be set to the local-network on the ingress-gateway used for cross-network traffic to prevent odd load balancing behavior. ([Issue #26293](https://github.com/istio/istio/issues/26293))
|
||||
|
||||
- **Fixed** issues with `WorkloadEntry` when the Service or `WorkloadEntry` is updated after creation. ([Issue #27183](https://github.com/istio/istio/issues/27183)),([Issue #27151](https://github.com/istio/istio/issues/27151)),([Issue #27185](https://github.com/istio/istio/issues/27185))
|
||||
- **Fixed** issues with `WorkloadEntry` when the Service or `WorkloadEntry` is updated after creation. ([Issue #27183](https://github.com/istio/istio/issues/27183)),([Issue #27151](https://github.com/istio/istio/issues/27151)),([Issue #27185](https://github.com/istio/istio/issues/27185))
|
||||
|
|
|
|||
|
|
@ -18,4 +18,3 @@ This release fixes the security vulnerability described in [our September 29 pos
|
|||
- __[CVE-2020-25017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25017)__:
|
||||
In some cases, Envoy only considers the first value when multiple headers are present. Also, Envoy does not replace all existing occurrences of a non-inline header.
|
||||
- __CVSS Score__: 8.3 [AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L&version=3.1)
|
||||
|
||||
|
|
|
|||
|
|
@ -35,4 +35,4 @@ This release contains bug fixes to improve robustness. This release note describ
|
|||
|
||||
- **Fixed** an issue periodically causing a deadlock in Pilot’s `syncz` debug endpoint.
|
||||
|
||||
- **Removed** deprecated `outboundTrafficPolicy` from global values. ([Issue #27494](https://github.com/istio/istio/issues/27494))
|
||||
- **Removed** deprecated `outboundTrafficPolicy` from global values. ([Issue #27494](https://github.com/istio/istio/issues/27494))
|
||||
|
|
|
|||
|
|
@ -20,4 +20,4 @@ This release contains bug fixes to improve robustness. This release note describ
|
|||
- **Fixed** an issue where namespace isn’t resolved correctly in `VirtualService` delegation’s short destination host.
|
||||
([Issue #30387](https://github.com/istio/istio/issues/30387))
|
||||
- **Fixed** an issue causing HTTP headers to be duplicated when using Istio probe rewrite.
|
||||
([Issue #28466](https://github.com/istio/istio/issues/28466))
|
||||
([Issue #28466](https://github.com/istio/istio/issues/28466))
|
||||
|
|
|
|||
|
|
@ -86,4 +86,3 @@ accurate.
|
|||
|
||||
- **Added** visual indication if an istio.io page has been tested by istio.io automated tests.
|
||||
([Issue #7672](https://github.com/istio/istio.io/issues/7672))
|
||||
|
||||
|
|
|
|||
|
|
@ -22,4 +22,4 @@ This release contains bug fixes to improve stability. This release note describe
|
|||
([Issue #31038](https://github.com/istio/istio/issues/31038))
|
||||
|
||||
- **Fixed** an issue causing HTTP headers to be duplicated when using Istio probe rewrite.
|
||||
([Issue #28466](https://github.com/istio/istio/issues/28466))
|
||||
([Issue #28466](https://github.com/istio/istio/issues/28466))
|
||||
|
|
|
|||
|
|
@ -35,4 +35,4 @@ The following Go issue points to the security vulnerability caused by the Go reg
|
|||
|
||||
## Am I Impacted?
|
||||
|
||||
You are at most risk if you are running Istio in an external istiod environment, or if you have exposed your istiod externally and you are using any of the affected Istio versions.
|
||||
You are at most risk if you are running Istio in an external istiod environment, or if you have exposed your istiod externally and you are using any of the affected Istio versions.
|
||||
|
|
|
|||
|
|
@ -24,4 +24,4 @@ User can impersonate any workload identity within the service mesh if they have
|
|||
|
||||
## Am I Impacted?
|
||||
|
||||
You are at most risk if you are running Istio 1.15.2 and users have access to the machine where Istiod is running.
|
||||
You are at most risk if you are running Istio 1.15.2 and users have access to the machine where Istiod is running.
|
||||
|
|
|
|||
|
|
@ -10,4 +10,3 @@ According to Istio's [support policy](/docs/releases/supported-releases#supporte
|
|||
At that point we will stop back-porting fixes for security issues and critical bugs to 1.13, so we encourage you to upgrade to the latest version of Istio ({{<istio_release_name>}}). If you don't do this you may put yourself in the position of having to do a major upgrade on a short timeframe to pick up a critical fix.
|
||||
|
||||
We care about you and your clusters, so please be kind to yourself and upgrade.
|
||||
|
||||
|
|
|
|||
|
|
@ -8,4 +8,4 @@ publishdate: 2021-02-25
|
|||
As [previously announced](/news/support/announcing-1.7-eol/), support for Istio 1.7 has now officially ended.
|
||||
|
||||
At this point we will no longer back-port fixes for security issues and critical bugs to 1.7, so we heartily encourage
|
||||
you to upgrade to the latest version of Istio ({{<istio_release_name>}}) if you haven't already.
|
||||
you to upgrade to the latest version of Istio ({{<istio_release_name>}}) if you haven't already.
|
||||
|
|
|
|||
|
|
@ -8,4 +8,4 @@ publishdate: 2021-05-12
|
|||
As [previously announced](/news/support/announcing-1.8-eol/), support for Istio 1.8 has now officially ended.
|
||||
|
||||
At this point we will no longer back-port fixes for security issues and critical bugs to 1.8, so we heartily encourage
|
||||
you to upgrade to the latest version of Istio ({{<istio_release_name>}}) if you haven't already.
|
||||
you to upgrade to the latest version of Istio ({{<istio_release_name>}}) if you haven't already.
|
||||
|
|
|
|||
|
|
@ -8,4 +8,4 @@ publishdate: 2021-10-08
|
|||
As [previously announced](/news/support/revised-1.9-eol/), support for Istio 1.9 has now officially ended.
|
||||
|
||||
At this point we will no longer back-port fixes for security issues and critical bugs to 1.9, so we heartily encourage
|
||||
you to upgrade to the latest version of Istio ({{<istio_release_name>}}) if you haven't already.
|
||||
you to upgrade to the latest version of Istio ({{<istio_release_name>}}) if you haven't already.
|
||||
|
|
|
|||
|
|
@ -12,4 +12,3 @@ Istio is [expanding](/blog/2021/extended-support/) the support window of the 1.9
|
|||
At that point we will stop back-porting fixes for security issues and critical bugs to 1.9, so we encourage you to upgrade to the latest version of Istio (1.11.1). If you don’t do this you may put yourself in the position of having to do a major upgrade on a short timeframe to pick up a critical fix.
|
||||
|
||||
We care about you and your clusters, so please be kind to yourself and upgrade.
|
||||
|
||||
|
|
|
|||
|
|
@ -9,4 +9,4 @@ type: case-studies
|
|||
sidebar_none: true
|
||||
---
|
||||
|
||||
[comment]: <> (要将自己添加为 Istio 用户,请参见 https://github.com/istio/community/blob/master/CONTRIBUTING.md#tell-the-world-youre-using-istio.)
|
||||
[comment]: <> (要将自己添加为 Istio 用户,请参见 https://github.com/istio/community/blob/master/CONTRIBUTING.md#tell-the-world-youre-using-istio.)
|
||||
|
|
|
|||
|
|
@ -22,4 +22,4 @@ weight: 20
|
|||
|
||||
<iframe width="696" height="392" src="https://www.youtube-nocookie.com/embed/6kDiDQW5YXQ" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||
|
||||
[下载幻灯片](https://events.istio.io/istiocon-2021/slides/f1s-AirbnbIstioJourney.pdf)
|
||||
[下载幻灯片](https://events.istio.io/istiocon-2021/slides/f1s-AirbnbIstioJourney.pdf)
|
||||
|
|
|
|||
|
|
@ -22,4 +22,4 @@ Atlassian 在过去两年中一直在其内部 PaaS 的计算节点上部署 Env
|
|||
|
||||
<iframe width="696" height="392" src="https://www.youtube-nocookie.com/embed/iAyVhjuA1HE" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||
|
||||
[下载幻灯片](https://events.istio.io/istiocon-2021/slides/c1s-GoingDynamicEnvoy-NicolasMeessen.pdf)
|
||||
[下载幻灯片](https://events.istio.io/istiocon-2021/slides/c1s-GoingDynamicEnvoy-NicolasMeessen.pdf)
|
||||
|
|
|
|||
|
|
@ -59,4 +59,4 @@ Istio 使 Auto Trader 有信心将所有应用程序部署到公有云。随着
|
|||
|
||||
甚至一个全新的应用程序也可以在五分钟内完成部署。现有应用程序的快速部署已经改变了 Auto Trader 的发布方法。他们不再使用发布周期,而是使用 CI/CD 快速部署新更改。使用 Istio 进行的微调监控使部署团队可以快速而准确地查明新部署中的问题。各个团队可以查看自己的绩效仪表板。如果他们看到新的错误,可以通过 CI/CD 仪表板立即回滚更改。Istio 的恢复时间仅为数分钟。
|
||||
|
||||
Auto Trader 收购了一个大型的,完全定制的 IT 资产,并将其系统地转移到公共云上的微服务。他们对 Istio 的实施是迁移成功的关键部分,并为整个组织开放了更好的流程,更好的可观测性和更好的应用程序。
|
||||
Auto Trader 收购了一个大型的,完全定制的 IT 资产,并将其系统地转移到公共云上的微服务。他们对 Istio 的实施是迁移成功的关键部分,并为整个组织开放了更好的流程,更好的可观测性和更好的应用程序。
|
||||
|
|
|
|||
|
|
@ -59,4 +59,4 @@ Bol.com 需要一个支持多集群部署的服务网格,而 Istio 正好符
|
|||
|
||||
开发人员提供了很好的反馈,并热情地接受了 Istio 的许多功能。他们很高兴地看到,现在让应用程序在集群间相互通信是多么容易。由于 Istio,所有这些连接都易于设置和管理。
|
||||
|
||||
bol.com 基础设施不断发展,由于它提供的可观察性,Istio 是该路线图的关键部分。通过[将 Istio 与 Prometheus 集成](/zh/docs/ops/integrations/prometheus/),他们能够收集所需的指标和诊断信息,以了解路线图需要将它们带到何处。未来的计划现在包括整合负载均衡服务、新的测试方法、分布式跟踪以及在公司的更多基础设施中安装 Istio。
|
||||
bol.com 基础设施不断发展,由于它提供的可观察性,Istio 是该路线图的关键部分。通过[将 Istio 与 Prometheus 集成](/zh/docs/ops/integrations/prometheus/),他们能够收集所需的指标和诊断信息,以了解路线图需要将它们带到何处。未来的计划现在包括整合负载均衡服务、新的测试方法、分布式跟踪以及在公司的更多基础设施中安装 Istio。
|
||||
|
|
|
|||
|
|
@ -22,4 +22,4 @@ weight: 50
|
|||
|
||||
<iframe width="696" height="392" src="https://www.youtube-nocookie.com/embed/TL97Id9j7F0" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||
|
||||
[下载幻灯片](https://events.istio.io/istiocon-2021/slides/f5a-IstioAdoption-CashApp.pdf)
|
||||
[下载幻灯片](https://events.istio.io/istiocon-2021/slides/f5a-IstioAdoption-CashApp.pdf)
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue