Added a bunch of links around istioctl. (#4970)

2019-09-12 08:26:58 -07:00 · 2019-09-12 08:26:58 -07:00 · 91c93a39b3
parent c8e691d744
commit 91c93a39b3
21 changed files with 33 additions and 36 deletions
--- a/content/en/blog/2019/announcing-1.2/index.md
+++ b/content/en/blog/2019/announcing-1.2/index.md
@ -45,7 +45,7 @@ list of changes in the [release notes](/about/notes/1.2).

 We're seeing early results from the usability group. In the release notes,
 you'll find that you can now set log levels for the control plane and the
-data plane globally.  You can use `istioctl` to validate that your Kubernetes
+data plane globally.  You can use [`istioctl`](/docs/reference/commands/istioctl) to validate that your Kubernetes
 installation meets Istio's requirements. And the new
 `traffic.sidecar.istio.io/includeInboundPorts` annotation to eliminate the
 need for service owner to declare `containerPort` in the deployment yaml.
--- a/content/en/blog/2019/data-plane-setup/index.md
+++ b/content/en/blog/2019/data-plane-setup/index.md
@ -45,7 +45,7 @@ This is the actual sidecar proxy (based on Envoy).

 ### Manual injection

-In the manual injection method, you can use `istioctl` to modify the pod template and add the configuration of the two containers previously mentioned. For both manual as well as automatic injection, Istio takes the configuration from the `istio-sidecar-injector` configuration map (configmap) and the mesh's `istio` configmap.
+In the manual injection method, you can use [`istioctl`](/docs/reference/commands/istioctl) to modify the pod template and add the configuration of the two containers previously mentioned. For both manual as well as automatic injection, Istio takes the configuration from the `istio-sidecar-injector` configuration map (configmap) and the mesh's `istio` configmap.

 Let’s look at the configuration of the `istio-sidecar-injector` configmap, to get an idea of what actually is going on.

@ -189,7 +189,7 @@ As seen in the output, the `State` of the `istio-init` container is `Terminated`

 ### Automatic injection

-Most of the times, you don’t want to manually inject a sidecar every time you deploy an application, using the `istioctl` command, but would prefer that Istio automatically inject the sidecar to your pod. This is the recommended approach and for it to work, all you need to do is to label the namespace where you are deploying the app with `istio-injection=enabled`.
+Most of the times, you don’t want to manually inject a sidecar every time you deploy an application, using the [`istioctl`](/docs/reference/commands/istioctl) command, but would prefer that Istio automatically inject the sidecar to your pod. This is the recommended approach and for it to work, all you need to do is to label the namespace where you are deploying the app with `istio-injection=enabled`.

 Once labeled, Istio injects the sidecar automatically for any pod you deploy in that namespace. In the following example, the sidecar gets automatically injected in the deployed pods in the `istio-dev` namespace.

--- a/content/en/boilerplates/notes/1.1.3.md
+++ b/content/en/boilerplates/notes/1.1.3.md
@ -27,7 +27,7 @@ to services for `Sidecar` listeners ([Issue 12536](https://github.com/istio/isti

 - Fix validation logic so that `port.name` is no longer a valid `PortSelection`.

- Fix `istioctl proxy-config clusters` cluster type column rendering ([Issue 12455](https://github.com/istio/istio/issues/12455)).
+- Fix [`istioctl proxy-config cluster`](/docs/reference/commands/istioctl/#istioctl-proxy-config-cluster) cluster type column rendering ([Issue 12455](https://github.com/istio/istio/issues/12455)).

 - Fix SDS secret mount configuration.

--- a/content/en/docs/examples/bookinfo/index.md
+++ b/content/en/docs/examples/bookinfo/index.md
@ -79,9 +79,8 @@ If you use GKE, please ensure your cluster has at least 4 standard GKE nodes. If
    {{< warning >}}
    If you disabled automatic sidecar injection during installation and rely on [manual sidecar injection]
    (/docs/setup/additional-setup/sidecar-injection/#manual-sidecar-injection),
-    use the `istioctl kube-inject` command to modify the `bookinfo.yaml`
-    file before deploying your application. For more information please
-    visit the `istioctl` [reference documentation](/docs/reference/commands/istioctl/#istioctl-kube-inject).
+    use the [`istioctl kube-inject`](/docs/reference/commands/istioctl/#istioctl-kube-inject) command to modify the `bookinfo.yaml`
+    file before deploying your application.

    {{< text bash >}}
    $ kubectl apply -f <(istioctl kube-inject -f @samples/bookinfo/platform/kube/bookinfo.yaml@)
--- a/content/en/docs/examples/mesh-expansion/bookinfo-expanded/index.md
+++ b/content/en/docs/examples/mesh-expansion/bookinfo-expanded/index.md
@ -95,7 +95,7 @@ $ hostname -I

 ## Registering the mysql service with the mesh

-On a host with access to `istioctl` commands, register the VM and mysql db service
+On a host with access to [`istioctl`](/docs/reference/commands/istioctl) commands, register the VM and mysql db service

 {{< text bash >}}
 $ istioctl register -n vm mysqldb <ip-address-of-vm> 3306
--- a/content/en/docs/examples/mesh-expansion/multi-network/index.md
+++ b/content/en/docs/examples/mesh-expansion/multi-network/index.md
@ -395,7 +395,7 @@ The `server: envoy` header indicates that the sidecar intercepted the traffic.
    {{< /text >}}

 1. The workloads in a Kubernetes cluster need a DNS mapping to resolve the domain names of VM services. To
-    integrate the mapping with your own DNS system, use `istioctl register` and creates a Kubernetes `selector-less`
+    integrate the mapping with your own DNS system, use [`istioctl register`](/docs/reference/commands/istioctl/#istioctl-register) and creates a Kubernetes `selector-less`
    service, for example:

    {{< text bash >}}
@ -403,7 +403,7 @@ The `server: envoy` header indicates that the sidecar intercepted the traffic.
    {{< /text >}}

    {{< tip >}}
-    Ensure you have added `istioctl` client to your `PATH` environment variable, as described in the [Download page](/docs/setup/#downloading-the-release).
+    Ensure you have added the `istioctl` client to your path, as described in the [download page](/docs/setup/#downloading-the-release).
    {{< /tip >}}

 1. Deploy a pod running the `sleep` service in the Kubernetes cluster, and wait until it is ready:
--- a/content/en/docs/examples/mesh-expansion/single-network/index.md
+++ b/content/en/docs/examples/mesh-expansion/single-network/index.md
@ -260,7 +260,7 @@ The `server: envoy` header indicates that the sidecar intercepted the traffic.
    {{< /text >}}

 1. The workloads in a Kubernetes cluster need a DNS mapping to resolve the domain names of VM services. To
-    integrate the mapping with your own DNS system, use `istioctl register` and creates a Kubernetes `selector-less`
+    integrate the mapping with your own DNS system, use [`istioctl register`](/docs/reference/commands/istioctl#istioctl-register) and creates a Kubernetes `selector-less`
    service, for example:

    {{< text bash >}}
@ -268,7 +268,7 @@ The `server: envoy` header indicates that the sidecar intercepted the traffic.
    {{< /text >}}

    {{< tip >}}
-    Make sure you have already added `istioctl` client to your `PATH` environment variable, as described in the Download page.
+    Make sure you have already added the [`istioctl`](/docs/reference/commands/istioctl) client to your path, as described in the [download page](/docs/setup/#downloading-the-release).
    {{< /tip >}}

 1. Deploy a pod running the `sleep` service in the Kubernetes cluster, and wait until it is ready:
--- a/content/en/docs/ops/telemetry/envoy-stats/index.md
+++ b/content/en/docs/ops/telemetry/envoy-stats/index.md
@ -32,7 +32,7 @@ keys are:
 - `cluster.xds-grpc`

 To see the Envoy settings for statistics data collection use
-`istioctl proxy-config bootstrap` and follow the
+[`istioctl proxy-config bootstrap`](/docs/reference/commands/istioctl/#istioctl-proxy-config-bootstrap) and follow the
 [deep dive into Envoy configuration](/docs/ops/troubleshooting/proxy-cmd/#deep-dive-into-envoy-configuration).
 Envoy only collects statistical data on items matching the `inclusion_list` within
 the `stats_matcher` JSON element.
--- a/content/en/docs/ops/troubleshooting/istioctl/index.md
+++ b/content/en/docs/ops/troubleshooting/istioctl/index.md
@ -13,14 +13,12 @@ You can gain insights into what individual components are doing by inspecting th
 or peering inside via [introspection](/docs/ops/troubleshooting/controlz/). If that's insufficient, the steps below explain
 how to get under the hood.

-The `istioctl` tool is a configuration command line utility that allows service operators to debug and diagnose their Istio service mesh deployments. The Istio project also includes two helpful scripts for `istioctl` that enable auto-completion for Bash and ZSH. Both of these scripts provide support for the currently available `istioctl` commands.
+The [`istioctl`](/docs/reference/commands/istioctl) tool is a configuration command line utility that allows service operators to debug and diagnose their Istio service mesh deployments. The Istio project also includes two helpful scripts for `istioctl` that enable auto-completion for Bash and ZSH. Both of these scripts provide support for the currently available `istioctl` commands.

 {{< tip >}}
 `istioctl` only has auto-completion enabled for non-deprecated commands.
 {{< /tip >}}

-Documentation for the complete set of supported commands can be found in [`istioctl` reference](/docs/reference/commands/istioctl/).
-
 ### Get an overview of your mesh

 You can get an overview of your mesh using the `proxy-status` command:
@ -35,7 +33,7 @@ Pilot needs to be scaled.

 ### Get proxy configuration

-`istioctl` allows you to retrieve information about proxy configuration using the `proxy-config` or `pc` command.
+[`istioctl`](/docs/reference/commands/istioctl) allows you to retrieve information about proxy configuration using the `proxy-config` or `pc` command.

 For example, to retrieve information about cluster configuration for the Envoy instance in a specific pod:

--- a/content/en/docs/ops/troubleshooting/network-issues/index.md
+++ b/content/en/docs/ops/troubleshooting/network-issues/index.md
@ -160,7 +160,7 @@ Otherwise, the mode defaults to `DISABLE` causing client proxy sidecars to make
 instead of TLS encrypted requests. Thus, the requests conflict with the server proxy because the server proxy expects
 encrypted requests.

-To confirm there is a conflict, check whether the `STATUS` field in the output of the `istioctl authn tls-check` command
+To confirm there is a conflict, check whether the `STATUS` field in the output of the [`istioctl authn tls-check`](/docs/reference/commands/istioctl/#istioctl-authn-tls-check) command
 is set to `CONFLICT` for your service. For example, a command similar to the following could be used to check
 for a conflict with the `httpbin` service:

--- a/content/en/docs/ops/troubleshooting/proxy-cmd/index.md
+++ b/content/en/docs/ops/troubleshooting/proxy-cmd/index.md
@ -114,7 +114,7 @@ To get a basic summary of clusters, listeners or routes for a given pod use the
 for listeners or routes when required):

 {{< text bash >}}
-$ istioctl proxy-config clusters -n istio-system istio-ingressgateway-7d6874b48f-qxhn5
+$ istioctl proxy-config cluster -n istio-system istio-ingressgateway-7d6874b48f-qxhn5
 SERVICE FQDN                                                                     PORT      SUBSET     DIRECTION     TYPE
 BlackHoleCluster                                                                 -         -          -             STATIC
 details.default.svc.cluster.local                                                9080      -          outbound      EDS
@ -264,7 +264,7 @@ one route that matches on everything. This route tells Envoy to send the request
 `serviceName` field as a key to look up the list of Endpoints and proxy the request to one of them.

    {{< text bash json >}}
-    $ istioctl proxy-config clusters productpage-v1-6c886ff494-7vxhs --fqdn reviews.default.svc.cluster.local -o json
+    $ istioctl proxy-config cluster productpage-v1-6c886ff494-7vxhs --fqdn reviews.default.svc.cluster.local -o json
    [
        {
            "name": "outbound|9080||reviews.default.svc.cluster.local",
--- a/content/en/docs/setup/_index.md
+++ b/content/en/docs/setup/_index.md
@ -55,17 +55,17 @@ services from all other namespaces.

    - Installation YAML files for Kubernetes in `install/kubernetes`
    - Sample applications in `samples/`
-    - The `istioctl` client binary in the `bin/` directory. `istioctl` is
+    - The [`istioctl`]((/docs/reference/commands/istioctl) client binary in the `bin/` directory. `istioctl` is
      used when manually injecting Envoy as a sidecar proxy.

-1.  Add the `istioctl` client to your `PATH` environment variable, on a macOS or
+1.  Add the `istioctl` client to your path, on a macOS or
    Linux system:

    {{< text bash >}}
    $ export PATH=$PWD/bin:$PATH
    {{< /text >}}

-1. You can enable the [auto-completion option](/docs/ops/troubleshooting/istioctl#enabling-auto-completion) when working with a bash or ZSH console.
+1. You can optionally enable the [auto-completion option](/docs/ops/troubleshooting/istioctl#enabling-auto-completion) when working with a bash or ZSH console.

 ## Installing Istio

--- a/content/en/docs/setup/additional-setup/cni/index.md
+++ b/content/en/docs/setup/additional-setup/cni/index.md
@ -132,7 +132,7 @@ The following sidecar injection methods are supported for use with the Istio CNI

 1.  [Automatic sidecar injection](/docs/setup/additional-setup/sidecar-injection/#automatic-sidecar-injection)
 1.  Manual sidecar injection with the `istio-sidecar-injector` configmap
-    1.  `istioctl kube-inject` using the configmap directly:
+    1.  [`istioctl kube-inject`](/docs/reference/commands/istioctl/#istioctl-kube-inject) using the configmap directly:

        {{< text bash >}}
        $ istioctl kube-inject -f deployment.yaml -o deployment-injected.yaml --injectConfigMapName istio-sidecar-injector
--- a/content/en/docs/setup/additional-setup/sidecar-injection/index.md
+++ b/content/en/docs/setup/additional-setup/sidecar-injection/index.md
@ -14,8 +14,8 @@ aliases:
 In order to take advantage of all of Istio's features, pods in the mesh must be running an Istio sidecar proxy.

 The following sections describe two
-ways of injecting the Istio sidecar into a pod: manually using the `istioctl`
-CLI tool or automatically using the Istio sidecar injector.
+ways of injecting the Istio sidecar into a pod: manually using the [`istioctl`](/docs/reference/commands/istioctl)
+command or automatically using the Istio sidecar injector.

 Manual injection directly modifies configuration, like deployments, and injects the proxy configuration into it.

@ -25,7 +25,7 @@ Injection occurs by applying a template defined in the `istio-sidecar-injector`

 ### Manual sidecar injection

-To manually inject a deployment, use `istioctl`:
+To manually inject a deployment, use [`istioctl kube-inject`](/docs/reference/commands/istioctl/#istioctl-kube-inject):

 {{< text bash >}}
 $ istioctl kube-inject -f @samples/sleep/sleep.yaml@ | kubectl apply -f -
--- a/content/en/docs/setup/install/multicluster/shared-vpn/index.md
+++ b/content/en/docs/setup/install/multicluster/shared-vpn/index.md
@ -326,7 +326,7 @@ $ helm delete --purge istio-remote
 The following example shows how to use the `helm template` command to generate
 the manifest for a remote cluster with the automatic sidecar injection
 disabled. Additionally, the example shows how to use the `configmaps` of the
-remote cluster with the `istioctl kube-inject` command to generate any
+remote cluster with the [`istioctl kube-inject`](/docs/reference/commands/istioctl/#istioctl-kube-inject) command to generate any
 application manifests for the remote cluster.

 Perform the following procedure against the remote cluster.
--- a/content/en/docs/setup/install/operator/index.md
+++ b/content/en/docs/setup/install/operator/index.md
@ -62,9 +62,9 @@ $ istioctl experimental manifest apply --set profile=demo
 {{< /text >}}

 In the example above, `demo` is one of the profile names from the output of
-the `istioctl profile list` command.
+the [`istioctl experimental profile list`](/docs/reference/commands/istioctl/#istioctl-experimental-profile-list) command.

-## Display the profiles list
+## Display the profile list

 You can display the names of Istio configuration profiles that are
 accessible to `istioctl` by using this command:
--- a/content/en/docs/tasks/security/https-overlay/index.md
+++ b/content/en/docs/tasks/security/https-overlay/index.md
@ -25,7 +25,7 @@ Note that default mutual TLS authentication should be **disabled** when installi
 [quick start](/docs/setup/install/kubernetes/#installation-steps).

 The demo is also assumed to be running in a namespace where automatic sidecar injection is
-disabled, and Istio sidecars are instead manually injected with `istioctl`.
+disabled, and Istio sidecars are instead manually injected with [`istioctl`](/docs/reference/commands/istioctl).

 ### Generate certificates and configmap

--- a/content/en/docs/tasks/security/mutual-tls/index.md
+++ b/content/en/docs/tasks/security/mutual-tls/index.md
@ -69,7 +69,7 @@ Please check [Istio identity](/docs/concepts/security/#istio-identity) for more

 ## Verify mutual TLS configuration

-Use the `istioctl` tool to check if the mutual TLS settings are in effect. The `istioctl` command needs the client's pod because the destination rule depends on the client's namespace.
+Use [`istioctl auhtn tls-check`](/docs/reference/commands/istioctl/#istioctl-authn-tls-check) to check if the mutual TLS settings are in effect. The `istioctl` command needs the client's pod because the destination rule depends on the client's namespace.
 You can also provide the destination service to filter the status to that service only.

 {{< tip >}}
--- a/content/en/docs/tasks/traffic-management/tcp-traffic-shifting/index.md
+++ b/content/en/docs/tasks/traffic-management/tcp-traffic-shifting/index.md
@ -35,8 +35,8 @@ weighted routing feature.
        $ kubectl apply -f <(istioctl kube-inject -f @samples/tcp-echo/tcp-echo-services.yaml@)
        {{< /text >}}

-        The `istioctl kube-inject` command is used to manually modify the `tcp-echo-services.yaml`
-        file before creating the deployments as documented [here](/docs/reference/commands/istioctl/#istioctl-kube-inject).
+        The [`istioctl kube-inject`](/docs/reference/commands/istioctl/#istioctl-kube-inject) command is used to manually modify the `tcp-echo-services.yaml`
+        file before creating the deployments.

    *   If you are using a cluster with
        [automatic sidecar injection](/docs/setup/additional-setup/sidecar-injection/#automatic-sidecar-injection)
--- a/content/en/faq/metrics-and-logs/life-of-a-request.md
+++ b/content/en/faq/metrics-and-logs/life-of-a-request.md
@ -7,7 +7,7 @@ You can enable [tracing](/docs/tasks/telemetry/distributed-tracing/) to determin

 Additionally, you can use the following commands to know more about the state of the mesh:

-* `istioctl proxy-config`: Retrieve information about proxy configuration when running in Kubernetes:
+* [`istioctl proxy-config`](/docs/reference/commands/istioctl/#istioctl-proxy-config): Retrieve information about proxy configuration when running in Kubernetes:

    {{< text plain >}}
    # Retrieve information about bootstrap configuration for the Envoy instance in the specified pod.
--- a/content/en/faq/security/check-policy.md
+++ b/content/en/faq/security/check-policy.md
@ -3,7 +3,7 @@ title: How can I check whether mutual TLS is enabled for a service?
 weight: 11
 ---

-The `istioctl` tool provides an option for this purpose. You can do:
+The [`istioctl`](/docs/reference/commands/istioctl) command provides an option for this purpose. You can do:

 {{< text bash >}}
 $ istioctl authn tls-check $CLIENT_POD httpbin.default.svc.cluster.local