istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clarifications (#4145)

This commit is contained in:
Frank Budinsky 2019-05-16 12:42:34 -04:00 committed by Martin Taillefer
parent edadcf38a8
commit 5b1d11e489
2 changed files with 5 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
content/docs/tasks/traffic-management/egress/index.md
View File

@ -23,17 +23,6 @@ This task shows you how to access external services in three different ways:
* Setup Istio by following the instructions in the [Installation guide](/docs/setup/). * Setup Istio by following the instructions in the [Installation guide](/docs/setup/).
{{< warning >}}
If the following [installation options](/docs/reference/config/installation-options/) are not configured
in your selected [configuration profile](/docs/setup/kubernetes/additional-setup/config-profiles/),
add them with the following values:
{{< text plain >}}
--set global.outboundTrafficPolicy.mode=ALLOW_ANY --set pilot.env.PILOT_ENABLE_FALLTHROUGH_ROUTE=1
{{< /text >}}
{{< /warning >}}
* Deploy the [sleep]({{< github_tree >}}/samples/sleep) sample app to use as a test source for sending requests. * Deploy the [sleep]({{< github_tree >}}/samples/sleep) sample app to use as a test source for sending requests.
If you have If you have
[automatic sidecar injection](/docs/setup/kubernetes/additional-setup/sidecar-injection/#automatic-sidecar-injection) [automatic sidecar injection](/docs/setup/kubernetes/additional-setup/sidecar-injection/#automatic-sidecar-injection)
@ -72,7 +61,7 @@ without controlling access to external services.
You can then decide to [configure access to external services](#controlled-access-to-external-services) later. You can then decide to [configure access to external services](#controlled-access-to-external-services) later.
{{< warning >}} {{< warning >}}
In versions prior to Istio 1.1.3, `ALLOW_ANY` only worked on ports with no HTTP services or In versions prior to Istio 1.1.4, `ALLOW_ANY` only worked on ports with no HTTP services or
service entries defined within the mesh. service entries defined within the mesh.
External hosts using the same port as any internal HTTP service External hosts using the same port as any internal HTTP service
fell back to a blocking-by-default behavior. fell back to a blocking-by-default behavior.

5
content/docs/tasks/traffic-management/ingress/index.md
View File

@ -53,7 +53,8 @@ $ export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway
$ export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}') $ export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
{{< /text >}} {{< /text >}}
Note that in certain environments, the load balancer may be exposed using a host name, instead of an IP address. {{< warning >}}
In certain environments, the load balancer may be exposed using a host name, instead of an IP address.
In this case, the `EXTERNAL-IP` value in the output from the command in the previous section will not be an IP address, In this case, the `EXTERNAL-IP` value in the output from the command in the previous section will not be an IP address,
but rather a host name, and the above command will have failed to set the `INGRESS_HOST` environment variable. In this case, use the following command to correct the `INGRESS_HOST` value: but rather a host name, and the above command will have failed to set the `INGRESS_HOST` environment variable. In this case, use the following command to correct the `INGRESS_HOST` value:
@ -61,6 +62,8 @@ but rather a host name, and the above command will have failed to set the `INGRE
$ export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') $ export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
{{< /text >}} {{< /text >}}
{{< /warning >}}
#### Determining the ingress IP and ports when using a node port #### Determining the ingress IP and ports when using a node port
Follow these instructions if you have determined that your environment **does not have** an external load balancer. Follow these instructions if you have determined that your environment **does not have** an external load balancer.