From a61fae859c9a5d0a05a7c45b358b3650b810350c Mon Sep 17 00:00:00 2001 From: Martin Taillefer Date: Tue, 12 Mar 2019 07:09:47 -0700 Subject: [PATCH] Update reference docs. (#3650) --- .../istio.rbac.v1alpha1/index.html | 6 +++--- .../istio.authentication.v1alpha1/index.html | 2 +- .../config/istio.mesh.v1alpha1/index.html | 12 +++++------ .../networking/v1alpha3/gateway/index.html | 16 +++++++------- .../v1alpha3/service-entry/index.html | 21 +++++++++---------- .../networking/v1alpha3/sidecar/index.html | 8 +++---- .../v1alpha3/virtual-service/index.html | 8 +++---- .../istio.policy.v1beta1/index.html | 8 +++---- 8 files changed, 39 insertions(+), 42 deletions(-) diff --git a/content/docs/reference/config/authorization/istio.rbac.v1alpha1/index.html b/content/docs/reference/config/authorization/istio.rbac.v1alpha1/index.html index fc5541a0ee..496e1fea72 100644 --- a/content/docs/reference/config/authorization/istio.rbac.v1alpha1/index.html +++ b/content/docs/reference/config/authorization/istio.rbac.v1alpha1/index.html @@ -175,11 +175,11 @@ or “v1” (prefix match), or “alpha2” (suffix mat

RbacConfig defines the global config to control Istio RBAC behavior. This Custom Resource is a singleton where only one Custom Resource should be created globally in -the mesh and the namespace should be the same to other Istio components, which usually is istio-system. -Note: This is enforced in both istioctl and server side, new Custom Resource will be rejected if found any +the mesh and the namespace should be the same to other Istio components, which usually is istio-system. +Note: This is enforced in both istioctl and server side, new Custom Resource will be rejected if found any existing one, the user should either delete the existing one or change the existing one directly.

-

Below is an example of RbacConfig object “istio-rbac-config” which enables Istio RBAC for all +

Below is an example of an RbacConfig resource called istio-rbac-config which enables Istio RBAC for all services in the default namespace.

apiVersion: "rbac.istio.io/v1alpha1"
diff --git a/content/docs/reference/config/istio.authentication.v1alpha1/index.html b/content/docs/reference/config/istio.authentication.v1alpha1/index.html
index e412415639..ce4d8ca992 100644
--- a/content/docs/reference/config/istio.authentication.v1alpha1/index.html
+++ b/content/docs/reference/config/istio.authentication.v1alpha1/index.html
@@ -120,7 +120,7 @@ Discovery of
 the issuer or (b) inferred from the email domain of the issuer (e.g. a
 Google service account).

 
-
Example: https://www.googleapis.com/oauth2/v1/certs

+
Example: https://www.googleapis.com/oauth2/v1/certs

 
 
 
diff --git a/content/docs/reference/config/istio.mesh.v1alpha1/index.html b/content/docs/reference/config/istio.mesh.v1alpha1/index.html
index fba3d3c89c..b446ad5b6a 100644
--- a/content/docs/reference/config/istio.mesh.v1alpha1/index.html
+++ b/content/docs/reference/config/istio.mesh.v1alpha1/index.html
@@ -79,9 +79,9 @@ Use fs:/// to specify a file-based backend with absolute path to the directory.<
 tlsSettings
 istio.networking.v1alpha3.TLSSettings
 
-
Use the tlssettings to specify the tls mode to use. If the MCP server
+
Use the tls_settings to specify the tls mode to use. If the MCP server
 uses Istio mutual TLS and shares the root CA with Pilot, specify the TLS
-mode as ISTIOMUTUAL.

+mode as ISTIO_MUTUAL.

 
 
 
@@ -152,7 +152,7 @@ and similarly us-west should failover to us-east.

 
 
Optional: only one of distribute or failover can be set.
 Explicitly specify loadbalancing weight across different zones and geographical locations.
-Refer to Locality weighted load balancing
+Refer to Locality weighted load balancing
 If empty, the locality weight is set according to the endpoints number within it.

 
 
@@ -757,7 +757,7 @@ the following rules:

 
  • Implicitly: If the registry explicitly provides information about
 the network to which the endpoint belongs to. In some cases, its
 possible to indicate the network associated with the endpoint by
-adding ISTIOMETANETWORK environment variable to the sidecar.
    • 
+adding the ISTIO_META_NETWORK environment variable to the sidecar.
    
 
 
  • Explicitly:
    • 
 
@@ -796,7 +796,7 @@ ranges for endpoints from different networks must not overlap.
    
 
 
    Add all endpoints from the specified registry into this network.
 The names of the registries should correspond to the secret name
-that was used to configure the registry (kubernetes multicluster) or
+that was used to configure the registry (Kubernetes multicluster) or
 supplied by MCP server.
    
 
 
@@ -911,7 +911,7 @@ DEPRECATED: Use tracing instead.
    
 string
 
 
    Address of the Envoy Metrics Service implementation (e.g. metrics-service:15000).
-See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto
+See Metric Service
 for details about Envoy’s Metrics Service API.
    
 
 
diff --git a/content/docs/reference/config/networking/v1alpha3/gateway/index.html b/content/docs/reference/config/networking/v1alpha3/gateway/index.html
index bd7872976e..268936f4a0 100644
--- a/content/docs/reference/config/networking/v1alpha3/gateway/index.html
+++ b/content/docs/reference/config/networking/v1alpha3/gateway/index.html
@@ -58,7 +58,7 @@ spec:
     - "bookinfo-namespace/*.bookinfo.com"
     tls:
       mode: SIMPLE # enables HTTPS on this port
-      credentialName: bookinfo-secret # fetches certs from kubernetes secret
+      credentialName: bookinfo-secret # fetches certs from Kubernetes secret
   - port:
       number: 9080
       name: http-wildcard
@@ -78,15 +78,15 @@ balancer. A VirtualService can then be bound to a gateway to contro
 the forwarding of traffic arriving at a particular host or gateway port.
    
 
 
    For example, the following VirtualService splits traffic for
-“https://uk.bookinfo.com/reviews”, “https://eu.bookinfo.com/reviews”,
-“http://uk.bookinfo.com:9080/reviews”,
-“http://eu.bookinfo.com:9080/reviews” into two versions (prod and qa) of
+https://uk.bookinfo.com/reviews, https://eu.bookinfo.com/reviews,
+http://uk.bookinfo.com:9080/reviews,
+http://eu.bookinfo.com:9080/reviews into two versions (prod and qa) of
 an internal reviews service on port 9080. In addition, requests
 containing the cookie “user: dev-123” will be sent to special port 7777
 in the qa version. The same rule is also applicable inside the mesh for
 requests to the “reviews.prod.svc.cluster.local” service. This rule is
-applicable across ports 443, 9080. Note that “http://uk.bookinfo.com”
-gets redirected to “https://uk.bookinfo.com” (i.e. 80 redirects to 443).
    
+applicable across ports 443, 9080. Note that http://uk.bookinfo.com
+gets redirected to https://uk.bookinfo.com (i.e. 80 redirects to 443).
    
 
 
    apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
@@ -339,7 +339,7 @@ connections.
    
 While typically applicable to
 HTTP services, it can also be used for TCP services using TLS with SNI.
 A host is specified as a dnsName with an optional namespace/ prefix.
-The dnsName should be specified using FQDN format, opionally including
+The dnsName should be specified using FQDN format, optionally including
 a wildcard character in the left-most component (e.g., prod/*.example.com).
 Set the dnsName to * to select all VirtualService hosts from the
 specified namespace (e.g.,prod/*). If no namespace/ is specified,
@@ -452,7 +452,7 @@ to identify the serverCertificate and the privateKey. The
 credentialName appended with suffix “-cacert” is used to identify
 the CaCertificates associated with this server. Gateway workloads
 capable of fetching credentials from a remote credential store such
-as kubernetes secrets, will be configured to retrieve the
+as Kubernetes secrets, will be configured to retrieve the
 serverCertificate and the privateKey using credentialName, instead
 of using the file system paths specified above. If using mutual TLS,
 gateway workloads will retrieve the CaCertificates using
diff --git a/content/docs/reference/config/networking/v1alpha3/service-entry/index.html b/content/docs/reference/config/networking/v1alpha3/service-entry/index.html
index a8cc4ff3c1..57e8925b07 100644
--- a/content/docs/reference/config/networking/v1alpha3/service-entry/index.html
+++ b/content/docs/reference/config/networking/v1alpha3/service-entry/index.html
@@ -167,8 +167,8 @@ spec:
    - "*"
 
    
 
-
    And the associated VirtualService to route from the sidecar to the
-gateway service (istio-egressgateway.istio-system.svc.cluster.local), as
+
    And the associated VirtualService to route from the sidecar to the
+gateway service (istio-egressgateway.istio-system.svc.cluster.local), as
 well as route from the gateway to the external service. Note that the
 virtual service is exported to all namespaces enabling them to route traffic
 through the gateway to the external service. Forcing traffic to go through
@@ -226,7 +226,7 @@ spec:
 
 
    The following example demonstrates a service that is available via a
 Unix Domain Socket on the host of the client. The resolution must be
-set to STATIC to use unix address endpoints.
    
+set to STATIC to use Unix address endpoints.
    
 
 
    apiVersion: networking.istio.io/v1alpha3
 kind: ServiceEntry
@@ -245,10 +245,10 @@ spec:
   - address: unix:///var/run/example/socket
 
    
 
-
    For HTTP-based services, it is possible to create a VirtualService
+
    For HTTP-based services, it is possible to create a VirtualService
 backed by multiple DNS addressable endpoints. In such a scenario, the
-application can use the HTTP_PROXY environment variable to transparently
-reroute API calls for the VirtualService to a chosen backend. For
+application can use the HTTP_PROXY environment variable to transparently
+reroute API calls for the VirtualService to a chosen backend. For
 example, the following configuration creates a non-existent external
 service called foo.bar.com backed by three domains: us.foo.bar.com:8080,
 uk.foo.bar.com:9080, and in.foo.bar.com:7080
    
@@ -283,10 +283,9 @@ spec:
 specified above. In other words, a call to http://foo.bar.com/baz would
 be translated to http://uk.foo.bar.com/baz.
    
 
-
    The following example illustrates the usage of a ServiceEntry
+
    The following example illustrates the usage of a ServiceEntry
 containing a subject alternate name
-whose format conforms to the SPIFEE standard
-https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md:
    
+whose format conforms to the SPIFEE standard:
    
 
 
    apiVersion: networking.istio.io/v1alpha3
 kind: ServiceEntry
@@ -466,7 +465,7 @@ unix:///absolute/path/to/socket for Unix domain socket endpoints.
    
 
 
    Set of ports associated with the endpoint. The ports must be
 associated with a port name that was declared as part of the
-service. Do not use for unix:// addresses.
    
+service. Do not use for unix:// addresses.
    
 
 
 
@@ -615,7 +614,7 @@ during request processing. If no endpoints are specified, the proxy
 will resolve the DNS address specified in the hosts field, if
 wildcards are not used. If endpoints are specified, the DNS
 addresses specified in the endpoints will be resolved to determine
-the destination IP address.  DNS resolution cannot be used with unix
+the destination IP address.  DNS resolution cannot be used with Unix
 domain socket endpoints.
    
 
 
diff --git a/content/docs/reference/config/networking/v1alpha3/sidecar/index.html b/content/docs/reference/config/networking/v1alpha3/sidecar/index.html
index 4d48d8d48b..a70bd52b48 100644
--- a/content/docs/reference/config/networking/v1alpha3/sidecar/index.html
+++ b/content/docs/reference/config/networking/v1alpha3/sidecar/index.html
@@ -89,7 +89,7 @@ attached to the workload. The following example declares a Sidecar
 resource in the prod-us1 namespace for all pods with labels “app:
 productpage” belonging to the productpage.prod-us1 service. Assuming
 that these pods are deployed without IPtable rules (i.e. the Istio init
-container) and the proxy metadata ISTIOMETAINTERCEPTION_MODE is set to
+container) and the proxy metadata ISTIO_META_INTERCEPTION_MODE is set to
 NONE, the specification below allows such pods to receive HTTP traffic
 on port 9080 and forward it to the application listening on
 127.0.0.1:8080. It also allows the application to communicate with a
@@ -149,7 +149,7 @@ additional network interface on 172.16.0.0/16 subnet for inbound
 traffic. The following Sidecar configuration allows the VM to expose a
 listener on 172.16.1.32:80 (the VM’s IP) for traffic arriving from the
 172.16.0.0/16 subnet. Note that in this scenario, the
-ISTIOMETAINTERCEPTION_MODE metadata on the proxy in the VM should
+ISTIO_META_INTERCEPTION_MODE metadata on the proxy in the VM should
 contain “REDIRECT” or “TPROXY” as its value, implying that IP tables
 based traffic capture is active.
    
 
@@ -287,7 +287,7 @@ The corresponding service can be a service in the service registry
 using a ServiceEntry or VirtualService configuration. Any
 associated DestinationRule in the same namespace will also be used.
    
 
-
    The dnsName should be specified using FQDN format, opionally including
+
    The dnsName should be specified using FQDN format, optionally including
 a wildcard character in the left-most component (e.g., prod/*.example.com).
 Set the dnsName to * to select all services from the specified namespace
 (e.g.,prod/*). The namespace can also be set to * to select a particular
@@ -358,7 +358,7 @@ captureMode must be DEFAULT or NONE for Unix domain socket binds.
    
 traffic should be forwarded to. This configuration can be used to
 redirect traffic arriving at the bind point on the sidecar to a port
 or Unix domain socket where the application workload is listening for
-connections. Format should be 127.0.0.1:PORT or unix:///path/to/socket
    
+connections. Format should be 127.0.0.1:PORT or unix:///path/to/socket
    
 
 
 
diff --git a/content/docs/reference/config/networking/v1alpha3/virtual-service/index.html b/content/docs/reference/config/networking/v1alpha3/virtual-service/index.html
index 1555774c93..0350307e07 100644
--- a/content/docs/reference/config/networking/v1alpha3/virtual-service/index.html
+++ b/content/docs/reference/config/networking/v1alpha3/virtual-service/index.html
@@ -97,8 +97,7 @@ spec:
 
    CorsPolicy
    
 
    
 
    Describes the Cross-Origin Resource Sharing (CORS) policy, for a given
-service. Refer to
-https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
+service. Refer to CORS
 for further details about cross origin resource sharing. For example,
 the following rule restricts cross origin requests to those originating
 from example.com domain using HTTP POST/GET, and sets the
@@ -831,9 +830,8 @@ number of retries attempted depends on the httpReqTimeout.
    
 
 
    Specifies the conditions under which retry takes place.
 One or more policies can be specified using a ‘,’ delimited list.
-The supported policies can be found in
-https://www.envoyproxy.io/docs/envoy/latest/configuration/http_filters/router_filter#x-envoy-retry-on
-and https://www.envoyproxy.io/docs/envoy/latest/configuration/http_filters/router_filter#x-envoy-retry-grpc-on
    
+See the supported policies
+and here for more details.
    
 
 
 
diff --git a/content/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1/index.html b/content/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1/index.html
index caebaa8952..260830f815 100644
--- a/content/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1/index.html
+++ b/content/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1/index.html
@@ -89,7 +89,7 @@ of an Istio deployment.
    
 string
 
 
    Required. Name of the component producing these attributes. This can be
-the proxy (with the canonical name “istio-proxy”) or the name of an
+the proxy (with the canonical name istio-proxy) or the name of an
 attributes kind adapter in Mixer.
    
 
 
@@ -109,9 +109,9 @@ which is how attributes are referred to in aspect configuration, must conform to
 match the regular expression [\.-].
    
 
 
    Attribute names must be unique within a single Istio deployment. The set of canonical
-attributes are described at https://istio.io/docs/reference/attribute-vocabulary.html.
+attributes are described at here.
 Attributes not in that list should be named with a component-specific suffix such as
-request.count-my.component.
    
+request.count-my.component.
    
 
 
 
@@ -1084,7 +1084,7 @@ TLS for connection to the backend.
    
 
    A Rule is a selector and a set of intentions to be executed when the
 selector is true
    
 
-
    The following example instructs Mixer to invoke ‘prometheus-handler’ handler for all services and pass it the
+
    The following example instructs Mixer to invoke prometheus-handler handler for all services and pass it the
 instance constructed using the ‘RequestCountByService’ instance.
    
 
 
    - match: match(destination.service.host, "*")