Automator: update istio.io@ reference docs (#11089)

content/en/docs/reference/commands/install-cni/index.html

@@ -1168,6 +1168,12 @@ Only applies when traffic from all groups (i.e. "*") is being redirected
 <td>Limits the number of incoming XDS requests per second. On larger machines this can be increased to handle more proxies concurrently.</td>
 </tr>
 <tr>
+<td><code>PILOT_PARTIAL_FULL_PUSHES</code></td>
+<td>Boolean</td>
+<td><code>true</code></td>
+<td>If enabled, pilot will send partial pushes in for child resources (RDS, EDS, etc) when possible. This occurs for EDS in many cases regardless of this setting.</td>
+</tr>
+<tr>
 <td><code>PILOT_PUSH_THROTTLE</code></td>
 <td>Integer</td>
 <td><code>100</code></td>
@@ -1390,6 +1396,12 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
 <td>If this is set to true, dangerous admin endpoints will be exposed on the debug interface. Not recommended for production.</td>
 </tr>
 <tr>
+<td><code>UNSAFE_PILOT_ENABLE_DELTA_TEST</code></td>
+<td>Boolean</td>
+<td><code>false</code></td>
+<td>If enabled, addition runtime tests for Delta XDS efficiency are added. These checks are extremely expensive, so this should be used only for testing, not production.</td>
+</tr>
+<tr>
 <td><code>UNSAFE_PILOT_ENABLE_RUNTIME_ASSERTIONS</code></td>
 <td>Boolean</td>
 <td><code>false</code></td>

content/en/docs/reference/commands/istioctl/index.html

@@ -7537,6 +7537,12 @@ These environment variables affect the behavior of the <code>istioctl</code> com
 <td>Limits the number of incoming XDS requests per second. On larger machines this can be increased to handle more proxies concurrently.</td>
 </tr>
 <tr>
+<td><code>PILOT_PARTIAL_FULL_PUSHES</code></td>
+<td>Boolean</td>
+<td><code>true</code></td>
+<td>If enabled, pilot will send partial pushes in for child resources (RDS, EDS, etc) when possible. This occurs for EDS in many cases regardless of this setting.</td>
+</tr>
+<tr>
 <td><code>PILOT_PUSH_THROTTLE</code></td>
 <td>Integer</td>
 <td><code>100</code></td>
@@ -7699,6 +7705,12 @@ These environment variables affect the behavior of the <code>istioctl</code> com
 <td>If this is set to true, dangerous admin endpoints will be exposed on the debug interface. Not recommended for production.</td>
 </tr>
 <tr>
+<td><code>UNSAFE_PILOT_ENABLE_DELTA_TEST</code></td>
+<td>Boolean</td>
+<td><code>false</code></td>
+<td>If enabled, addition runtime tests for Delta XDS efficiency are added. These checks are extremely expensive, so this should be used only for testing, not production.</td>
+</tr>
+<tr>
 <td><code>UNSAFE_PILOT_ENABLE_RUNTIME_ASSERTIONS</code></td>
 <td>Boolean</td>
 <td><code>false</code></td>

content/en/docs/reference/commands/operator/index.html

@@ -786,6 +786,12 @@ These environment variables affect the behavior of the <code>operator</code> com
 <td>Limits the number of incoming XDS requests per second. On larger machines this can be increased to handle more proxies concurrently.</td>
 </tr>
 <tr>
+<td><code>PILOT_PARTIAL_FULL_PUSHES</code></td>
+<td>Boolean</td>
+<td><code>true</code></td>
+<td>If enabled, pilot will send partial pushes in for child resources (RDS, EDS, etc) when possible. This occurs for EDS in many cases regardless of this setting.</td>
+</tr>
+<tr>
 <td><code>PILOT_PUSH_THROTTLE</code></td>
 <td>Integer</td>
 <td><code>100</code></td>
@@ -948,6 +954,12 @@ These environment variables affect the behavior of the <code>operator</code> com
 <td>If this is set to true, dangerous admin endpoints will be exposed on the debug interface. Not recommended for production.</td>
 </tr>
 <tr>
+<td><code>UNSAFE_PILOT_ENABLE_DELTA_TEST</code></td>
+<td>Boolean</td>
+<td><code>false</code></td>
+<td>If enabled, addition runtime tests for Delta XDS efficiency are added. These checks are extremely expensive, so this should be used only for testing, not production.</td>
+</tr>
+<tr>
 <td><code>UNSAFE_PILOT_ENABLE_RUNTIME_ASSERTIONS</code></td>
 <td>Boolean</td>
 <td><code>false</code></td>

content/en/docs/reference/commands/pilot-agent/index.html

@@ -1688,6 +1688,12 @@ Only applies when traffic from all groups (i.e. "*") is being redirected
 <td>Limits the number of incoming XDS requests per second. On larger machines this can be increased to handle more proxies concurrently.</td>
 </tr>
 <tr>
+<td><code>PILOT_PARTIAL_FULL_PUSHES</code></td>
+<td>Boolean</td>
+<td><code>true</code></td>
+<td>If enabled, pilot will send partial pushes in for child resources (RDS, EDS, etc) when possible. This occurs for EDS in many cases regardless of this setting.</td>
+</tr>
+<tr>
 <td><code>PILOT_PUSH_THROTTLE</code></td>
 <td>Integer</td>
 <td><code>100</code></td>
@@ -1910,6 +1916,12 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
 <td>If this is set to true, dangerous admin endpoints will be exposed on the debug interface. Not recommended for production.</td>
 </tr>
 <tr>
+<td><code>UNSAFE_PILOT_ENABLE_DELTA_TEST</code></td>
+<td>Boolean</td>
+<td><code>false</code></td>
+<td>If enabled, addition runtime tests for Delta XDS efficiency are added. These checks are extremely expensive, so this should be used only for testing, not production.</td>
+</tr>
+<tr>
 <td><code>UNSAFE_PILOT_ENABLE_RUNTIME_ASSERTIONS</code></td>
 <td>Boolean</td>
 <td><code>false</code></td>

content/en/docs/reference/commands/pilot-discovery/index.html

@@ -1033,6 +1033,12 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
 <td>Limits the number of incoming XDS requests per second. On larger machines this can be increased to handle more proxies concurrently.</td>
 </tr>
 <tr>
+<td><code>PILOT_PARTIAL_FULL_PUSHES</code></td>
+<td>Boolean</td>
+<td><code>true</code></td>
+<td>If enabled, pilot will send partial pushes in for child resources (RDS, EDS, etc) when possible. This occurs for EDS in many cases regardless of this setting.</td>
+</tr>
+<tr>
 <td><code>PILOT_PUSH_THROTTLE</code></td>
 <td>Integer</td>
 <td><code>100</code></td>
@@ -1213,6 +1219,12 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
 <td>If this is set to true, dangerous admin endpoints will be exposed on the debug interface. Not recommended for production.</td>
 </tr>
 <tr>
+<td><code>UNSAFE_PILOT_ENABLE_DELTA_TEST</code></td>
+<td>Boolean</td>
+<td><code>false</code></td>
+<td>If enabled, addition runtime tests for Delta XDS efficiency are added. These checks are extremely expensive, so this should be used only for testing, not production.</td>
+</tr>
+<tr>
 <td><code>UNSAFE_PILOT_ENABLE_RUNTIME_ASSERTIONS</code></td>
 <td>Boolean</td>
 <td><code>false</code></td>

content/en/docs/reference/config/istio.mesh.v1alpha1/index.html

@@ -7,7 +7,7 @@ location: https://istio.io/docs/reference/config/istio.mesh.v1alpha1.html
 layout: protoc-gen-docs
 generator: protoc-gen-docs
 weight: 20
-number_of_entries: 56
+number_of_entries: 58
 ---
 <p>Configuration affecting the service mesh as a whole.</p>
 
@@ -643,6 +643,17 @@ API.
 All settings in the retry policy except <code>perTryTimeout</code> can currently be
 configured globally via this field.</p>
 
+</td>
+<td>
+No
+</td>
+</tr>
+<tr id="MeshConfig-mesh_mTLS">
+<td><code>meshMTLS</code></td>
+<td><code><a href="#MeshConfig-TLSConfig">TLSConfig</a></code></td>
+<td>
+<p>Configuration of mTLS for traffic between workloads within the mesh.</p>
+
 </td>
 <td>
 No
@@ -1211,6 +1222,37 @@ No
 <td><code>normalization</code></td>
 <td><code><a href="#MeshConfig-ProxyPathNormalization-NormalizationType">NormalizationType</a></code></td>
 <td>
+</td>
+<td>
+No
+</td>
+</tr>
+</tbody>
+</table>
+</section>
+<h2 id="MeshConfig-TLSConfig">MeshConfig.TLSConfig</h2>
+<section>
+<table class="message-fields">
+<thead>
+<tr>
+<th>Field</th>
+<th>Type</th>
+<th>Description</th>
+<th>Required</th>
+</tr>
+</thead>
+<tbody>
+<tr id="MeshConfig-TLSConfig-min_protocol_version">
+<td><code>minProtocolVersion</code></td>
+<td><code><a href="#MeshConfig-TLSConfig-TLSProtocol">TLSProtocol</a></code></td>
+<td>
+<p>Optional: the minimum TLS protocol version. The default minimum
+TLS version will be TLS 1.2. As servers may not be Envoy and be
+set to TLS 1.2 (e.g., workloads using mTLS without sidecars), the
+minimum TLS version for clients may also be TLS 1.2.
+In the current Istio implementation, the maximum TLS protocol version
+is TLS 1.3.</p>
+
 </td>
 <td>
 No
@@ -3731,6 +3773,42 @@ For example, <code>/a//b</code> normalizes to <code>a/b</code>.</p>
 This means <code>%2F</code>, <code>%2f</code>, <code>%5C</code>, and <code>%5c</code> sequences in the request path will be rewritten to <code>/</code> or <code>\</code>.
 For example, <code>/a%2f/b</code> normalizes to <code>a/b</code>.</p>
 
+</td>
+</tr>
+</tbody>
+</table>
+</section>
+<h2 id="MeshConfig-TLSConfig-TLSProtocol">MeshConfig.TLSConfig.TLSProtocol</h2>
+<section>
+<p>TLS protocol versions.</p>
+
+<table class="enum-values">
+<thead>
+<tr>
+<th>Name</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr id="MeshConfig-TLSConfig-TLSProtocol-TLS_AUTO">
+<td><code>TLS_AUTO</code></td>
+<td>
+<p>Automatically choose the optimal TLS version.</p>
+
+</td>
+</tr>
+<tr id="MeshConfig-TLSConfig-TLSProtocol-TLSV1_2">
+<td><code>TLSV1_2</code></td>
+<td>
+<p>TLS version 1.2</p>
+
+</td>
+</tr>
+<tr id="MeshConfig-TLSConfig-TLSProtocol-TLSV1_3">
+<td><code>TLSV1_3</code></td>
+<td>
+<p>TLS version 1.3</p>
+
 </td>
 </tr>
 </tbody>

data/analysis.yaml

@@ -49,9 +49,11 @@ messages:
     code: IST0103
     level: Warning
     description: "A pod is missing the Istio proxy."
-    template: "The pod is missing the Istio proxy. This can often be resolved by restarting or redeploying the workload."
+    template: "The pod %s is missing the Istio proxy. This can often be resolved by restarting or redeploying the workload."
     url: "https://istio.io/latest/docs/reference/config/analysis/ist0103/"
     args:
+      - name: podName
+        type: string
 
   - name: "GatewayPortNotOnWorkload"
     code: IST0104