mirror of https://github.com/istio/istio.io.git
Clean up keywords. (#3442)
This commit is contained in:
Martin Taillefer
GitHub
parent
de6ebce58d
commit
ad565871d6
|
|
@ -9,7 +9,7 @@ aliases:
|
|||
- /about/contribute/creating-a-pull-request
|
||||
- /about/contribute/editing
|
||||
- /about/contribute/staging-your-changes
|
||||
keywords: [contribute, community, GitHub, PR]
|
||||
keywords: [contribute,community,github,pr]
|
||||
---
|
||||
|
||||
We're excited that you're interested in contributing to improve and expand
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ publishdate: 2018-11-21
|
|||
subtitle:
|
||||
attribution: Sandeep Parikh
|
||||
twitter: crcsmnky
|
||||
keywords: [traffic-management, gateway]
|
||||
keywords: [traffic-management,gateway]
|
||||
---
|
||||
|
||||
Traffic management is one of the critical benefits provided by Istio. At the heart of Istio’s traffic management is the ability to decouple traffic flow and infrastructure scaling. This lets you control your traffic in ways that aren’t possible without a service mesh like Istio.
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ description: Describe Istio's authorization feature and how to use it in various
|
|||
publishdate: 2018-07-20
|
||||
subtitle:
|
||||
attribution: Limin Wang
|
||||
keywords: [authorization,Role Based Access Control,security]
|
||||
keywords: [authorization,rbac,security]
|
||||
---
|
||||
|
||||
Micro-segmentation is a security technique that creates secure zones in cloud deployments and allows organizations to
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ publishdate: 2019-01-31
|
|||
subtitle:
|
||||
attribution: Manish Chugtu
|
||||
twitter: chugtum
|
||||
keywords: [kubernetes, istio, sidecar injection, admission controller, mutating webhook, control plane, traffic management]
|
||||
keywords: [kubernetes,sidecar-injection, traffic-management]
|
||||
|
||||
---
|
||||
A simple overview of an Istio service-mesh architecture always starts with describing the control-plane and data-plane.
|
||||
|
|
|
|||
|
|
@ -2,5 +2,5 @@
|
|||
title: Edge Traffic Management
|
||||
description: A variety of advanced examples for managing traffic at the edge (i.e., ingress and egress traffic) of an Istio service mesh.
|
||||
weight: 61
|
||||
keywords: [ingress, egress, gateway]
|
||||
keywords: [ingress,egress,gateway]
|
||||
---
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
title: Ingress Gateway without TLS Termination
|
||||
description: Describes how to configure SNI passthrough for an ingress gateway.
|
||||
weight: 10
|
||||
keywords: [traffic-management,ingress, https]
|
||||
keywords: [traffic-management,ingress,https]
|
||||
---
|
||||
|
||||
The [Securing Gateways with HTTPS](/docs/tasks/traffic-management/secure-ingress/) task describes how to configure HTTPS
|
||||
|
|
|
|||
|
|
@ -111,7 +111,7 @@ This solution uses Istio proxy for TCP bypassing. The traffic is secured through
|
|||
{{< /text >}}
|
||||
|
||||
1. Update the mesh service deployment. See further readings on port naming rules in
|
||||
[Requirements for Pods and Services](/docs/setup/kubernetes/spec-requirements).
|
||||
[Requirements for Pods and Services](/docs/setup/kubernetes/additional-setup/requirements/).
|
||||
|
||||
1. You can verify access to the Endpoints service through secure Ingress:
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ https://docs.google.com/drawings/d/1G1592HlOVgtbsIqxJnmMzvy6ejIdhajCosxF1LbvspI/
|
|||
|
||||
* Deploy the [Bookinfo](/docs/examples/bookinfo/) sample application (in the `bookinfo` namespace).
|
||||
|
||||
* Create a VM named 'vm-1' in the same project as Istio cluster, and [Join the Mesh](/docs/setup/kubernetes/mesh-expansion/).
|
||||
* Create a VM named 'vm-1' in the same project as Istio cluster, and [Join the Mesh](/docs/setup/kubernetes/additional-setup/mesh-expansion/).
|
||||
|
||||
## Running MySQL on the VM
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,8 @@ aliases:
|
|||
- /docs/tasks/installing-istio.html
|
||||
- /docs/setup/install-kubernetes.html
|
||||
icon: kubernetes
|
||||
keywords: [kubernetes, install, quick-start, setup, installation]
|
||||
keywords: [kubernetes,install,quick-start,setup,installation]
|
||||
content_above: true
|
||||
---
|
||||
|
||||
{{< tip >}}
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ description: Instructions for integrating VMs and bare metal hosts into an Istio
|
|||
weight: 95
|
||||
keywords: [kubernetes,vms]
|
||||
aliases:
|
||||
- /docs/setup/kubernetes/mesh-expansion/
|
||||
- /docs/setup/kubernetes/additional-setup/mesh-expansion/
|
||||
---
|
||||
|
||||
This guide provides instructions for integrating VMs and bare metal hosts into
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ title: Requirements for Pods and Services
|
|||
description: Describes the requirements for Kubernetes pods and services to run Istio.
|
||||
weight: 50
|
||||
aliases:
|
||||
- /docs/setup/kubernetes/spec-requirements/
|
||||
- /docs/setup/kubernetes/additional-setup/requirements//
|
||||
keywords: [kubernetes,sidecar,sidecar-injection]
|
||||
---
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ networking functionality but without requiring Istio users to enable elevated
|
|||
Kubernetes RBAC permissions.
|
||||
|
||||
The Istio CNI plugin performs the Istio mesh pod traffic redirection in the Kubernetes pod lifecycle's network
|
||||
setup phase, thereby removing the [`NET_ADMIN` capability requirement](/docs/setup/kubernetes/spec-requirements/)
|
||||
setup phase, thereby removing the [`NET_ADMIN` capability requirement](/docs/setup/kubernetes/additional-setup/requirements//)
|
||||
for users deploying pods into the Istio mesh. The [Istio CNI plugin](https://github.com/istio/cni)
|
||||
replaces the functionality provided by the `istio-init` container.
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ plane.
|
|||
|
||||
1. Perform any necessary [platform-specific setup](/docs/setup/kubernetes/platform-setup/).
|
||||
|
||||
1. Check the [Requirements for Pods and Services](/docs/setup/kubernetes/spec-requirements/) on Pods and Services.
|
||||
1. Check the [Requirements for Pods and Services](/docs/setup/kubernetes/additional-setup/requirements//) on Pods and Services.
|
||||
|
||||
1. [Install a Helm client with a version higher than 2.10](https://github.com/helm/helm/blob/master/docs/install.md).
|
||||
|
||||
|
|
|
|||
|
|
@ -24,14 +24,14 @@ To install Istio for production follow the [Helm Installation guide](/docs/setup
|
|||
* [Alibaba Cloud](/docs/setup/kubernetes/platform-setup/alicloud/)
|
||||
* [Amazon Web Services (AWS) with Kops](/docs/setup/kubernetes/platform-setup/aws/)
|
||||
* [Azure](/docs/setup/kubernetes/platform-setup/azure/)
|
||||
* [Docker For Desktop](/docs/setup/kubernetes/platform-setup/docker-for-desktop/)
|
||||
* [Docker For Desktop](/docs/setup/kubernetes/platform-setup/docker/)
|
||||
* [Google Container Engine (GKE)](/docs/setup/kubernetes/platform-setup/gke/)
|
||||
* [IBM Cloud](/docs/setup/kubernetes/platform-setup/ibm/)
|
||||
* [Minikube](/docs/setup/kubernetes/platform-setup/minikube/)
|
||||
* [OpenShift Origin](/docs/setup/kubernetes/platform-setup/openshift/)
|
||||
* [Oracle Cloud Infrastructure (OKE)](/docs/setup/kubernetes/platform-setup/oci/)
|
||||
|
||||
1. Check the [Requirements for Pods and Services](/docs/setup/kubernetes/spec-requirements/).
|
||||
1. Check the [Requirements for Pods and Services](/docs/setup/kubernetes/additional-setup/requirements//).
|
||||
|
||||
## Installation steps
|
||||
|
||||
|
|
@ -177,7 +177,7 @@ non-existent resources because they may have been deleted hierarchically.
|
|||
$ kubectl delete -f install/kubernetes/istio-demo-auth.yaml
|
||||
{{< /text >}}
|
||||
|
||||
* If you installed Istio with Helm, follow the uninstall steps in [Istio Installation with Helm](/docs/setup/kubernetes/helm-install).
|
||||
* If you installed Istio with Helm, follow the uninstall steps in [Istio Installation with Helm](/docs/setup/kubernetes/install/helm).
|
||||
|
||||
* If desired, delete the CRDs:
|
||||
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ title: Gateway Connectivity
|
|||
description: Install an Istio mesh across multiple Kubernetes clusters using Istio Gateway to reach remote pods.
|
||||
weight: 2
|
||||
aliases:
|
||||
- /docs/setup/kubernetes/multicluster-install/
|
||||
- /docs/setup/kubernetes/multicluster-install/gateways/
|
||||
keywords: [kubernetes,multicluster,federation,gateway]
|
||||
---
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ description: Install an Istio mesh across multiple Kubernetes clusters with dire
|
|||
weight: 5
|
||||
keywords: [kubernetes,multicluster,federation,vpn]
|
||||
aliases:
|
||||
- /docs/setup/kubernetes/multicluster-install/
|
||||
- /docs/setup/kubernetes/multicluster-install/vpn/
|
||||
---
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
title: Denials and White/Black Listing
|
||||
description: Shows how to control access to a service using simple denials or white/black listing.
|
||||
weight: 20
|
||||
keywords: [policies, denial, whitelist, blacklist]
|
||||
keywords: [policies,denial,whitelist,blacklist]
|
||||
aliases:
|
||||
- /docs/tasks/basic-access-control.html
|
||||
- /docs/tasks/security/basic-access-control/index.html
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ If the file is not updated for a period, the probe will be triggered and Kubelet
|
|||
|
||||
Note: because Citadel health checking currently only monitors the health status of CSR service API,
|
||||
this feature is not needed if the production setup is not using the
|
||||
[Istio Mesh Expansion](/docs/setup/kubernetes/mesh-expansion/) (which requires the CSR service API).
|
||||
[Istio Mesh Expansion](/docs/setup/kubernetes/additional-setup/mesh-expansion/) (which requires the CSR service API).
|
||||
|
||||
## Before you begin
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
title: Jaeger
|
||||
description: Learn how to configure the proxies to send tracing requests to Jaeger.
|
||||
weight: 10
|
||||
keywords: [telemetry,tracing,jaeger,span,port forwarding]
|
||||
keywords: [telemetry,tracing,jaeger,span,port-forwarding]
|
||||
---
|
||||
|
||||
To learn how Istio handles tracing, visit this task's [overview](../overview/).
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
title: Zipkin
|
||||
description: Learn how to configure the proxies to send tracing requests to Zipkin.
|
||||
weight: 10
|
||||
keywords: [telemetry,tracing,zipkin,span,port forwarding]
|
||||
keywords: [telemetry,tracing,zipkin,span,port-forwarding]
|
||||
aliases:
|
||||
- /docs/tasks/zipkin-tracing.html
|
||||
---
|
||||
|
|
|
|||
|
|
@ -225,7 +225,7 @@ like this:
|
|||
$ helm template install/kubernetes/helm/istio <the flags you used to install Istio> --set global.proxy.includeIPRanges="10.0.0.1/24" -x templates/sidecar-injector-configmap.yaml | kubectl apply -f -
|
||||
{{< /text >}}
|
||||
|
||||
Note that you should use the same Helm command you used [to install Istio](/docs/setup/kubernetes/helm-install),
|
||||
Note that you should use the same Helm command you used [to install Istio](/docs/setup/kubernetes/install/helm),
|
||||
in particular, the same value of the `--namespace` flag. In addition to the flags you used to install Istio, add `--set global.proxy.includeIPRanges="10.0.0.1/24" -x templates/sidecar-injector-configmap.yaml`.
|
||||
|
||||
Redeploy the `sleep` application as described in the [Before you begin](#before-you-begin) section.
|
||||
|
|
|
|||
|
|
@ -206,7 +206,7 @@ to the request by the `productpage` service.
|
|||
|
||||
Note that Kubernetes services, like the Bookinfo ones used in this task, must
|
||||
adhere to certain restrictions to take advantage of Istio's L7 routing features.
|
||||
Refer to the [Requirements for Pods and Services](/docs/setup/kubernetes/spec-requirements) for details.
|
||||
Refer to the [Requirements for Pods and Services](/docs/setup/kubernetes/additional-setup/requirements/) for details.
|
||||
|
||||
In the [traffic shifting](/docs/tasks/traffic-management/traffic-shifting) task, you
|
||||
will follow the same basic pattern you learned here to configure route rules to
|
||||
|
|
|
|||
|
|
@ -3,4 +3,4 @@ title: What is the minimal Istio configuration required for distributed tracing?
|
|||
weight: 13
|
||||
---
|
||||
|
||||
The [Istio minimal profile](/docs/setup/kubernetes/minimal-install/) with tracing enabled is all that is required for Istio to integrate with Zipkin-compatible backends.
|
||||
The [Istio minimal profile](/docs/setup/kubernetes/install/minimal/) with tracing enabled is all that is required for Istio to integrate with Zipkin-compatible backends.
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
title: Debugging Authorization
|
||||
description: Demonstrates how to debug authorization.
|
||||
weight: 5
|
||||
keywords: [debug,security,authorization,RBAC]
|
||||
keywords: [debug,security,authorization,rbac]
|
||||
---
|
||||
|
||||
This page demonstrates how to debug Istio authorization.
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ but similar version routing rules have no effect on your own application, it may
|
|||
your Kubernetes services need to be changed slightly.
|
||||
Kubernetes services must adhere to certain restrictions in order to take advantage of
|
||||
Istio's L7 routing features.
|
||||
Refer to the [Requirements for Pods and Services](/docs/setup/kubernetes/spec-requirements)
|
||||
Refer to the [Requirements for Pods and Services](/docs/setup/kubernetes/additional-setup/requirements/)
|
||||
for details.
|
||||
|
||||
Another potential issue is that the route rules may simply be slow to take effect.
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
title: 没有 TLS 的 Ingress gateway
|
||||
description: 介绍如何为入口网关配置 SNI 直通。
|
||||
weight: 10
|
||||
keywords: [traffic-management,ingress, https]
|
||||
keywords: [traffic-management,ingress,https]
|
||||
---
|
||||
|
||||
[使用 HTTPS 保护网关](/zh/docs/tasks/traffic-management/secure-ingress/)任务描述了如何配置 HTTPS
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ keywords: [kubernetes,cni,sidecar,proxy,network,helm]
|
|||
|
||||
缺省情况下,Istio 会在网格中部署的 Pod 上注入一个初始化容器——`istio-init`。这个初始化容器会将 Pod 网络的流量劫持到 Istio Sidecar 上。这需要用户或者向网格中部署 Pod 的 Service Account 具有部署 [`NET_ADMIN` 容器](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-capabilities-for-a-container)的授权。对 Istio 用户的这种授权需要,对于某些组织的安全政策来说,可能是无法接受的。Istio CNI([容器网络接口](https://github.com/containernetworking/cni#cni---the-container-network-interface))插件能够代替 `istio-init` 容器完成同样的网络功能,而且无需 Istio 用户额外申请 Kubernetes RBAC 授权。
|
||||
|
||||
[Istio CNI 插件](https://github.com/istio/cni)会在 Kubernetes Pod 生命周期的网络设置阶段完成 Istio 网格中的 Pod 流量转发设置工作,用户向网格中进行 Pod 部署时,不再有对 [`NET_ADMIN` 功能的需求](/docs/setup/kubernetes/spec-requirements/)。
|
||||
[Istio CNI 插件](https://github.com/istio/cni)会在 Kubernetes Pod 生命周期的网络设置阶段完成 Istio 网格中的 Pod 流量转发设置工作,用户向网格中进行 Pod 部署时,不再有对 [`NET_ADMIN` 功能的需求](/zh/docs/setup/kubernetes/spec-requirements/)。
|
||||
|
||||
## 前提条件 {#prerequisites}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
title: Istio 最小化安装
|
||||
description: 使用 Helm 最小化安装 Istio 。
|
||||
weight: 31
|
||||
keywords: [kubernetes,helm, minimal]
|
||||
keywords: [kubernetes,helm]
|
||||
icon: helm
|
||||
---
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
title: Denier 适配器以及黑白名单
|
||||
description: 展示使用简单的 Denier 适配器或黑白名单对服务进行访问控制的方法。
|
||||
weight: 20
|
||||
keywords: [policies, denial, whitelist, blacklist]
|
||||
keywords: [policies,denial,whitelist,blacklist]
|
||||
---
|
||||
|
||||
本文任务展示了使用简单的 Denier 适配器,基于属性的黑白名单或者基于 IP 的黑白名单对服务进行访问控制的方法
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
title: Jaeger
|
||||
description: 了解如何配置代理以向 Jaeger 发送追踪请求。
|
||||
weight: 10
|
||||
keywords: [telemetry,tracing,jaeger,span,port forwarding]
|
||||
keywords: [telemetry,tracing,jaeger,span,port-forwarding]
|
||||
---
|
||||
|
||||
要了解 Istio 如何处理追踪,请查看这个任务的[概述](../overview/)。
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
title: Zipkin
|
||||
description: 了解如何配置代理以向 Zipkin 发送追踪请求。
|
||||
weight: 10
|
||||
keywords: [telemetry,tracing,zipkin,span,port forwarding]
|
||||
keywords: [telemetry,tracing,zipkin,span,port-forwarding]
|
||||
---
|
||||
|
||||
要了解 Istio 如何处理追踪,请查看这个任务的[概述](../overview/)。
|
||||
|
|
|
|||
Loading…
Reference in New Issue