Add new Traffic management concept as a single page (#4545)

* Add new Traffic management concept.

Improved based on review comments.

Signed-off-by: rcaballeromx <grca@google.com>

Fix Hugo front matter.

Signed-off-by: rcaballeromx <grca@google.com>

Fix false positives in links test.

Signed-off-by: rcaballeromx <grca@google.com>

Remove terms from exceptions file.

Signed-off-by: rcaballeromx <grca@google.com>

corrections

review comments

* Move old traffic-management SVGs to the Zh content.

Signed-off-by: rcaballeromx <grca@google.com>

* Apply final copy-edit.

Signed-off-by: rcaballeromx <grca@google.com>

* Flatten content structure.

Signed-off-by: rcaballeromx <grca@google.com>

* Fix links and blank lines.

Signed-off-by: rcaballeromx <grca@google.com>

.spelling

@@ -315,6 +315,7 @@ microservices
 middleboxes
 middleware
 minikube
+misconfigurations
 misconfigured
 misordered
 MongoDB

content/blog/2017/0.1-canary/index.md

@@ -34,7 +34,7 @@ Whether we use one deployment or two, canary management using deployment feature
 
 With Istio, traffic routing and replica deployment are two completely independent functions. The number of pods implementing services are free to scale up and down based on traffic load, completely orthogonal to the control of version traffic routing. This makes managing a canary version in the presence of autoscaling a much simpler problem. Autoscalers may, in fact, respond to load variations resulting from traffic routing changes, but they are nevertheless functioning independently and no differently than when loads change for other reasons.
 
-Istio’s [routing rules](/docs/concepts/traffic-management/#rule-configuration) also provide other important advantages; you can easily control
+Istio’s [routing rules](/docs/concepts/traffic-management/#routing-rules) also provide other important advantages; you can easily control
 fine-grained traffic percentages (e.g., route 1% of traffic without requiring 100 pods) and you can control traffic using other criteria (e.g., route traffic for specific users to the canary version). To illustrate, let’s look at deploying the **helloworld** service and see how simple the problem becomes.
 
 We begin by defining the **helloworld** Service, just like any other Kubernetes service, something like this:

content/blog/2019/announcing-1.1/index.md

@@ -25,7 +25,7 @@ As people moved into production with larger clusters running more services at
 higher volume, they hit some scaling and performance issues. The
 [sidecars](/docs/concepts/traffic-management/#sidecars) took too many resources
 and added too much latency. The control plane (especially
-[Pilot](/docs/concepts/traffic-management/#pilot-and-envoy)) was overly
+[Pilot](/docs/concepts/traffic-management/#pilot)) was overly
 resource hungry.
 
 We’ve done a lot of work to make both the data plane and the control plane more

content/docs/concepts/traffic-management/pilot-arch.svg

@@ -0,0 +1,513 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   viewBox="0 0 529.1339 432.4"
+   version="1.1"
+   id="svg192"
+   sodipodi:docname="pilot-arch.svg"
+   width="140mm"
+   height="114.40583mm"
+   inkscape:version="0.92.3 (2405546, 2018-03-11)">
+  <metadata
+     id="metadata196">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title>overview</dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <sodipodi:namedview
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1"
+     objecttolerance="10"
+     gridtolerance="10"
+     guidetolerance="10"
+     inkscape:pageopacity="0"
+     inkscape:pageshadow="2"
+     inkscape:window-width="2560"
+     inkscape:window-height="1379"
+     id="namedview194"
+     showgrid="false"
+     inkscape:document-units="mm"
+     units="mm"
+     inkscape:zoom="2.1831638"
+     inkscape:cx="377.51931"
+     inkscape:cy="221.92563"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="svg192" />
+  <defs
+     id="defs7">
+    <style
+       id="style2">.a1febd32-a602-439d-90cb-fe3b9e5e9e6e,.a2de6f6a-543b-49bf-abe1-4190f694075c,.b4def6a1-ecd7-4a13-a337-12e6f33f4584,.f842173c-4137-41bd-a45e-eb43b29bb415{fill:none;}.aa42245d-ad5b-4e67-9608-1290cdf026c9{fill:#e5e5e4;}.ef4e5b1c-b333-40de-91f2-d67d81b0e205{fill:#fff;}.a450d0db-15ca-4a08-835b-f23856a99cc6,.aef7c180-a9aa-4037-aeb7-1c23582a6a0c,.b1c3f615-51b7-4acc-81ac-56998d7fb69d,.ec350dc4-b3fe-4a66-86b2-3ced8af6dc99,.f4ed8a36-2cc1-49ce-b1ae-e206532e6b0c,.fa0a4e9c-bae9-42a8-bea9-34ee9122e43f{isolation:isolate;}.b1c3f615-51b7-4acc-81ac-56998d7fb69d{font-size:35.5px;}.b1c3f615-51b7-4acc-81ac-56998d7fb69d,.f4ed8a36-2cc1-49ce-b1ae-e206532e6b0c{font-family:GoogleSans-Regular, Google Sans;}.f6b590fb-5d2a-4d55-b37b-8665e046487f{letter-spacing:0em;}.b0de8536-14ff-42a0-8e88-8302ec9a6519{letter-spacing:-0.01em;}.a6a6604f-cec9-421e-b62a-47e7c088578a{clip-path:url(#b8ba444c-ee38-4f79-8b77-c1a5ff62ba08);}.e5b942fc-5abb-46fc-b726-75c457c7b7b7{fill:#466bb0;}.af9a84e1-beb6-428a-a037-5a52fb0451b5{fill:#476baf;}.b805c6ed-2f12-4f9f-bfd4-2d445f303f70{fill:#486baf;}.a768cd4c-9aac-4065-93f3-520b3335e459,.ec350dc4-b3fe-4a66-86b2-3ced8af6dc99,.fa0a4e9c-bae9-42a8-bea9-34ee9122e43f{fill:#818181;}.aef7c180-a9aa-4037-aeb7-1c23582a6a0c{font-size:16px;fill:#ededed;}.aef7c180-a9aa-4037-aeb7-1c23582a6a0c,.ec350dc4-b3fe-4a66-86b2-3ced8af6dc99{font-family:ArialMT, Arial;}.f4ed8a36-2cc1-49ce-b1ae-e206532e6b0c{font-size:8px;}.b9af017a-15d4-4441-8c1c-971f52e6838b{letter-spacing:0.02em;}.f8f110c7-ca2a-43f4-8cd3-2f8654df1409{letter-spacing:-0.01em;}.b23fbc3a-c18a-4022-ad7f-9e138f12d3d5{letter-spacing:0.01em;}.ac231792-f514-43ad-afed-d54a9eab17c5{letter-spacing:-0.02em;}.a4eddb54-8ba1-4e45-9f87-08896a8dd1eb{letter-spacing:0.02em;}.b9600945-879b-457a-964e-2ce18be22b1d{letter-spacing:-0.02em;}.e2792af2-a91c-44c1-afaf-0ba5b4043a83{letter-spacing:-0.01em;}.e419dce9-66ed-4aed-ab67-d3bf826292b7{letter-spacing:0em;}.b533e1e4-734c-4a41-bacf-56205a40baac{letter-spacing:0.01em;}.a1febd32-a602-439d-90cb-fe3b9e5e9e6e{stroke:#486baf;}.a1febd32-a602-439d-90cb-fe3b9e5e9e6e,.f842173c-4137-41bd-a45e-eb43b29bb415{stroke-linecap:round;stroke-width:4px;}.a1febd32-a602-439d-90cb-fe3b9e5e9e6e,.a2de6f6a-543b-49bf-abe1-4190f694075c,.f842173c-4137-41bd-a45e-eb43b29bb415{stroke-linejoin:round;}.fa0a4e9c-bae9-42a8-bea9-34ee9122e43f{font-size:26px;font-family:FontAwesome5FreeSolid, &quot;Font Awesome 5 Free&quot;;}.f842173c-4137-41bd-a45e-eb43b29bb415{stroke:#818181;}.eac389b2-f847-4bee-8623-5c3be09bcbfd{letter-spacing:-0.06em;}.a2de6f6a-543b-49bf-abe1-4190f694075c{stroke:#b14d9d;stroke-width:3px;}.ec350dc4-b3fe-4a66-86b2-3ced8af6dc99{font-size:12px;}</style>
+    <clipPath
+       id="b8ba444c-ee38-4f79-8b77-c1a5ff62ba08">
+      <rect
+         class="b4def6a1-ecd7-4a13-a337-12e6f33f4584"
+         x="22.700001"
+         y="72.900002"
+         width="39.900002"
+         height="39.900002"
+         id="rect4"
+         style="fill:none" />
+    </clipPath>
+  </defs>
+  <title
+     id="title9">overview</title>
+  <g
+     data-name="Pilot container"
+     id="e3542c96-65ae-4923-886c-3c9f5393e193"
+     transform="translate(0,2.1488219e-6)">
+    <path
+       style="fill:#e5e5e4"
+       inkscape:connector-curvature="0"
+       id="path11"
+       d="M 339,287.2 H 3 a 3,3 0 0 1 -3,-3 v -241 a 3,3 0 0 1 3,-3 h 336 a 3,3 0 0 1 3,3 v 241 a 3,3 0 0 1 -3,3 z"
+       class="aa42245d-ad5b-4e67-9608-1290cdf026c9" />
+    <path
+       style="fill:#ffffff"
+       inkscape:connector-curvature="0"
+       id="path13"
+       d="M 316.3,274.2 H 25.6 a 3.08,3.08 0 0 1 -3,-3 V 58.8 a 3,3 0 0 1 3,-3 h 290.7 a 3,3 0 0 1 3,3 v 212.4 a 3,3 0 0 1 -3,3 z"
+       class="ef4e5b1c-b333-40de-91f2-d67d81b0e205" />
+    <text
+       style="font-size:35.5px;font-family:GoogleSans-Regular, 'Google Sans';isolation:isolate"
+       id="text21"
+       transform="translate(61.52,103.55)"
+       class="b1c3f615-51b7-4acc-81ac-56998d7fb69d">Pi<tspan
+   style="letter-spacing:0em"
+   id="tspan15"
+   y="0"
+   x="28.469999"
+   class="f6b590fb-5d2a-4d55-b37b-8665e046487f">l</tspan>
+<tspan
+   style="letter-spacing:-0.01em"
+   id="tspan17"
+   y="0"
+   x="35.779999"
+   class="b0de8536-14ff-42a0-8e88-8302ec9a6519">o</tspan>
+<tspan
+   id="tspan19"
+   y="0"
+   x="56.41">t</tspan>
+</text>
+    <g
+       data-name="Istio-logo-blue"
+       id="aad9b6b4-89bb-449c-990c-7e6dbae92f40">
+      <g
+         id="g25"
+         clip-path="url(#b8ba444c-ee38-4f79-8b77-c1a5ff62ba08)"
+         class="a6a6604f-cec9-421e-b62a-47e7c088578a">
+        <polygon
+           style="fill:#466bb0"
+           id="polygon23"
+           points="40.1,107.8 32.7,104 52.6,104 "
+           class="e5b942fc-5abb-46fc-b726-75c457c7b7b7" />
+      </g>
+      <g
+         id="g29"
+         clip-path="url(#b8ba444c-ee38-4f79-8b77-c1a5ff62ba08)"
+         class="a6a6604f-cec9-421e-b62a-47e7c088578a">
+        <polygon
+           style="fill:#466bb0"
+           id="polygon27"
+           points="40.1,87.8 32.7,102.8 40.1,101.5 "
+           class="e5b942fc-5abb-46fc-b726-75c457c7b7b7" />
+      </g>
+      <g
+         id="g33"
+         clip-path="url(#b8ba444c-ee38-4f79-8b77-c1a5ff62ba08)"
+         class="a6a6604f-cec9-421e-b62a-47e7c088578a">
+        <polygon
+           style="fill:#476baf"
+           id="polygon31"
+           points="41.4,77.9 41.4,101.5 52.6,102.8 "
+           class="af9a84e1-beb6-428a-a037-5a52fb0451b5" />
+      </g>
+    </g>
+  </g>
+  <path
+     style="fill:#486baf"
+     inkscape:connector-curvature="0"
+     id="path37"
+     d="M 304.7,153.00001 H 183.3 a 3.08,3.08 0 0 1 -3,-3 v -19.8 a 3,3 0 0 1 3,-3 h 121.4 a 3,3 0 0 1 3,3 v 19.8 a 3.08,3.08 0 0 1 -3,3 z"
+     class="b805c6ed-2f12-4f9f-bfd4-2d445f303f70" />
+  <path
+     style="fill:#818181"
+     inkscape:connector-curvature="0"
+     id="path39"
+     d="M 207.6,3.0000022 V 124.40001 a 3,3 0 0 1 -3,3 h -19.8 a 3.08,3.08 0 0 1 -3,-3 V 3.0000022 a 3.08,3.08 0 0 1 3,-3.0000000511781 h 19.8 A 3.08,3.08 0 0 1 207.6,3.0000022 Z"
+     class="a768cd4c-9aac-4065-93f3-520b3335e459" />
+  <path
+     style="fill:#818181"
+     inkscape:connector-curvature="0"
+     id="path41"
+     d="M 240.9,3.0000022 V 124.40001 a 3,3 0 0 1 -3,3 h -19.8 a 3,3 0 0 1 -3,-3 V 3.0000022 a 3,3 0 0 1 3,-3.0000000511781 h 19.8 A 3,3 0 0 1 240.9,3.0000022 Z"
+     class="a768cd4c-9aac-4065-93f3-520b3335e459" />
+  <path
+     style="fill:#818181"
+     inkscape:connector-curvature="0"
+     id="path43"
+     d="M 274.3,3.0000022 V 124.40001 a 3,3 0 0 1 -3,3 h -19.8 a 3.08,3.08 0 0 1 -3,-3 V 3.0000022 a 3.08,3.08 0 0 1 3,-3.0000000511781 h 19.8 A 3,3 0 0 1 274.3,3.0000022 Z"
+     class="a768cd4c-9aac-4065-93f3-520b3335e459" />
+  <path
+     style="fill:#818181"
+     inkscape:connector-curvature="0"
+     id="path45"
+     d="M 307.7,3.0000022 V 124.40001 a 3.08,3.08 0 0 1 -3,3 h -19.8 a 3,3 0 0 1 -3,-3 V 3.0000022 a 3,3 0 0 1 3,-3.0000000511781 h 19.8 A 3.08,3.08 0 0 1 307.7,3.0000022 Z"
+     class="a768cd4c-9aac-4065-93f3-520b3335e459" />
+  <text
+     style="font-size:16px;font-family:ArialMT, Arial;isolation:isolate;fill:#ededed"
+     id="text47"
+     class="aef7c180-a9aa-4037-aeb7-1c23582a6a0c"
+     x="184.42"
+     y="144.77">Platform adapters</text>
+  <path
+     style="fill:#486baf"
+     inkscape:connector-curvature="0"
+     id="path49"
+     d="M 155.4,226.30001 H 34 a 3,3 0 0 1 -3,-3 v -93.2 a 3,3 0 0 1 3,-3 h 121.4 a 3,3 0 0 1 3,3 v 93.2 a 3,3 0 0 1 -3,3 z"
+     class="b805c6ed-2f12-4f9f-bfd4-2d445f303f70" />
+  <g
+     style="isolation:isolate"
+     id="g55"
+     class="a450d0db-15ca-4a08-835b-f23856a99cc6"
+     transform="translate(0,2.1488219e-6)">
+    <text
+       style="font-size:16px;font-family:ArialMT, Arial;isolation:isolate;fill:#ededed"
+       id="text51"
+       transform="translate(66.76,171.86)"
+       class="aef7c180-a9aa-4037-aeb7-1c23582a6a0c">Abstract</text>
+    <text
+       style="font-size:16px;font-family:ArialMT, Arial;isolation:isolate;fill:#ededed"
+       id="text53"
+       transform="translate(73.26,191.06)"
+       class="aef7c180-a9aa-4037-aeb7-1c23582a6a0c">model</text>
+  </g>
+  <text
+     style="font-size:16px;font-family:ArialMT, Arial;isolation:isolate;fill:#ededed"
+     id="text57"
+     transform="rotate(-90)"
+     class="aef7c180-a9aa-4037-aeb7-1c23582a6a0c"
+     x="-101.87001"
+     y="199.36">Kubernetes</text>
+  <text
+     style="font-size:16px;font-family:ArialMT, Arial;isolation:isolate;fill:#ededed"
+     id="text59"
+     transform="rotate(-90)"
+     class="aef7c180-a9aa-4037-aeb7-1c23582a6a0c"
+     x="-84.850006"
+     y="232.73">Mesos</text>
+  <text
+     style="font-size:16px;font-family:ArialMT, Arial;isolation:isolate;fill:#ededed"
+     id="text61"
+     transform="rotate(-90)"
+     class="aef7c180-a9aa-4037-aeb7-1c23582a6a0c"
+     x="-111.55001"
+     y="266.10001">CloudFoundry</text>
+  <text
+     style="font-size:16px;font-family:ArialMT, Arial;isolation:isolate;fill:#ededed"
+     id="text63"
+     transform="rotate(-90)"
+     class="aef7c180-a9aa-4037-aeb7-1c23582a6a0c"
+     x="-68.650009"
+     y="299.48001">...</text>
+  <text
+     style="font-size:8px;font-family:GoogleSans-Regular, 'Google Sans';isolation:isolate"
+     id="text99"
+     class="f4ed8a36-2cc1-49ce-b1ae-e206532e6b0c"
+     x="423.39481"
+     y="298.04926" />
+  <line
+     style="fill:none;stroke:#486baf;stroke-width:2.73773241px;stroke-linecap:round;stroke-linejoin:round"
+     id="line101"
+     y2="65.832626"
+     x2="445.49368"
+     y1="65.832626"
+     x1="386.46915"
+     class="a1febd32-a602-439d-90cb-fe3b9e5e9e6e" />
+  <polyline
+     style="fill:none;stroke:#486baf;stroke-width:4px;stroke-linecap:round;stroke-linejoin:round"
+     id="polyline103"
+     points="171 261.2 171 318.4 36.3 318.4 36.3 343.6"
+     class="a1febd32-a602-439d-90cb-fe3b9e5e9e6e"
+     transform="translate(0,2.1488219e-6)" />
+  <line
+     style="fill:none;stroke:#486baf;stroke-width:4px;stroke-linecap:round;stroke-linejoin:round"
+     id="line105"
+     y2="318.39999"
+     x2="126.2"
+     y1="343.60001"
+     x1="126.2"
+     class="a1febd32-a602-439d-90cb-fe3b9e5e9e6e" />
+  <polyline
+     style="fill:none;stroke:#486baf;stroke-width:4px;stroke-linecap:round;stroke-linejoin:round"
+     id="polyline107"
+     points="216.1 343.6 216.1 318.4 171 318.4"
+     class="a1febd32-a602-439d-90cb-fe3b9e5e9e6e"
+     transform="translate(0,2.1488219e-6)" />
+  <polyline
+     style="fill:none;stroke:#486baf;stroke-width:4px;stroke-linecap:round;stroke-linejoin:round"
+     id="polyline109"
+     points="306 343.6 306 318.4 216.1 318.4"
+     class="a1febd32-a602-439d-90cb-fe3b9e5e9e6e"
+     transform="translate(0,2.1488219e-6)" />
+  <text
+     style="font-size:26px;font-family:FontAwesome5FreeSolid, 'Font Awesome 5 Free';isolation:isolate;fill:#818181"
+     id="text111"
+     class="fa0a4e9c-bae9-42a8-bea9-34ee9122e43f"
+     x="401.73999"
+     y="204.24001">user</text>
+  <polyline
+     style="fill:none;stroke:#818181;stroke-width:4px;stroke-linecap:round;stroke-linejoin:round"
+     id="polyline113"
+     points="307.7 175.4 372.8 175.4 372.8 194 372.8 212.7"
+     class="f842173c-4137-41bd-a45e-eb43b29bb415"
+     transform="translate(0,2.1488219e-6)" />
+  <line
+     style="fill:none;stroke:#818181;stroke-width:4px;stroke-linecap:round;stroke-linejoin:round"
+     id="line115"
+     y2="212.7"
+     x2="307.70001"
+     y1="212.7"
+     x1="372.79999"
+     class="f842173c-4137-41bd-a45e-eb43b29bb415" />
+  <line
+     style="fill:none;stroke:#818181;stroke-width:4px;stroke-linecap:round;stroke-linejoin:round"
+     id="line117"
+     y2="194"
+     x2="372.79999"
+     y1="194"
+     x1="400.60001"
+     class="f842173c-4137-41bd-a45e-eb43b29bb415" />
+  <path
+     style="fill:#486baf"
+     inkscape:connector-curvature="0"
+     id="path119"
+     d="M 308,261.20001 H 34.1 a 3,3 0 0 1 -3,-3 v -19.8 a 3,3 0 0 1 3,-3 H 308 a 3,3 0 0 1 3,3 v 19.8 a 3.08,3.08 0 0 1 -3,3 z"
+     class="b805c6ed-2f12-4f9f-bfd4-2d445f303f70" />
+  <text
+     style="font-size:16px;font-family:ArialMT, Arial;isolation:isolate;fill:#ededed"
+     id="text125"
+     class="aef7c180-a9aa-4037-aeb7-1c23582a6a0c"
+     x="135.36"
+     y="252.14">Envoy<tspan
+   style="letter-spacing:-0.06em"
+   id="tspan121"
+   y="252.14"
+   x="179.83"
+   class="eac389b2-f847-4bee-8623-5c3be09bcbfd" />
+<tspan
+   id="tspan123"
+   y="252.14"
+   x="183.39">API</tspan>
+</text>
+  <path
+     style="fill:#e5e5e4"
+     inkscape:connector-curvature="0"
+     id="path127"
+     d="m 339,432.40001 h -66 a 3,3 0 0 1 -3,-3 v -82.8 a 3,3 0 0 1 3,-3 h 66 a 3,3 0 0 1 3,3 v 82.8 a 3,3 0 0 1 -3,3 z"
+     class="aa42245d-ad5b-4e67-9608-1290cdf026c9" />
+  <path
+     style="fill:#ffffff"
+     inkscape:connector-curvature="0"
+     id="path129"
+     d="m 330,423.20001 h -48 a 3,3 0 0 1 -3,-3 v -64.3 a 3,3 0 0 1 3,-3 h 48 a 3,3 0 0 1 3,3 v 64.3 a 3,3 0 0 1 -3,3 z"
+     class="ef4e5b1c-b333-40de-91f2-d67d81b0e205" />
+  <polygon
+     style="fill:none;stroke:#b14d9d;stroke-width:3px;stroke-linejoin:round"
+     id="polygon131"
+     points="306,387.1 319.3,379.5 319.3,364.2 306,356.5 292.8,364.2 292.8,379.5 "
+     class="a2de6f6a-543b-49bf-abe1-4190f694075c"
+     transform="translate(0,2.1488219e-6)" />
+  <g
+     style="isolation:isolate"
+     id="g137"
+     class="a450d0db-15ca-4a08-835b-f23856a99cc6"
+     transform="translate(0,2.1488219e-6)">
+    <text
+       style="font-size:12px;font-family:ArialMT, Arial;isolation:isolate;fill:#818181"
+       id="text133"
+       transform="translate(290.75,403.24)"
+       class="ec350dc4-b3fe-4a66-86b2-3ced8af6dc99">Envoy</text>
+    <text
+       style="font-size:12px;font-family:ArialMT, Arial;isolation:isolate;fill:#818181"
+       id="text135"
+       transform="translate(291.75,417.64)"
+       class="ec350dc4-b3fe-4a66-86b2-3ced8af6dc99">proxy</text>
+  </g>
+  <path
+     style="fill:#e5e5e4"
+     inkscape:connector-curvature="0"
+     id="path139"
+     d="m 249.1,432.40001 h -66 a 3.08,3.08 0 0 1 -3,-3 v -82.8 a 3.08,3.08 0 0 1 3,-3 h 66 a 3,3 0 0 1 3,3 v 82.8 a 3,3 0 0 1 -3,3 z"
+     class="aa42245d-ad5b-4e67-9608-1290cdf026c9" />
+  <path
+     style="fill:#ffffff"
+     inkscape:connector-curvature="0"
+     id="path141"
+     d="m 240.1,423.20001 h -48 a 3.08,3.08 0 0 1 -3,-3 v -64.3 a 3.08,3.08 0 0 1 3,-3 h 48 a 3,3 0 0 1 3,3 v 64.3 a 3,3 0 0 1 -3,3 z"
+     class="ef4e5b1c-b333-40de-91f2-d67d81b0e205" />
+  <polygon
+     style="fill:none;stroke:#b14d9d;stroke-width:3px;stroke-linejoin:round"
+     id="polygon143"
+     points="216.1,387.1 229.4,379.5 229.4,364.2 216.1,356.5 202.9,364.2 202.9,379.5 "
+     class="a2de6f6a-543b-49bf-abe1-4190f694075c"
+     transform="translate(0,2.1488219e-6)" />
+  <g
+     style="isolation:isolate"
+     id="g149"
+     class="a450d0db-15ca-4a08-835b-f23856a99cc6"
+     transform="translate(0,2.1488219e-6)">
+    <text
+       style="font-size:12px;font-family:ArialMT, Arial;isolation:isolate;fill:#818181"
+       id="text145"
+       transform="translate(200.83,403.24)"
+       class="ec350dc4-b3fe-4a66-86b2-3ced8af6dc99">Envoy</text>
+    <text
+       style="font-size:12px;font-family:ArialMT, Arial;isolation:isolate;fill:#818181"
+       id="text147"
+       transform="translate(201.83,417.64)"
+       class="ec350dc4-b3fe-4a66-86b2-3ced8af6dc99">proxy</text>
+  </g>
+  <path
+     style="fill:#e5e5e4"
+     inkscape:connector-curvature="0"
+     id="path151"
+     d="m 159.2,432.40001 h -66 a 3,3 0 0 1 -3,-3 v -82.8 a 3,3 0 0 1 3,-3 h 66 a 3,3 0 0 1 3,3 v 82.8 a 3.08,3.08 0 0 1 -3,3 z"
+     class="aa42245d-ad5b-4e67-9608-1290cdf026c9" />
+  <path
+     style="fill:#ffffff"
+     inkscape:connector-curvature="0"
+     id="path153"
+     d="m 150.2,423.20001 h -48 a 3,3 0 0 1 -3,-3 v -64.3 a 3,3 0 0 1 3,-3 h 48 a 3,3 0 0 1 3,3 v 64.3 a 3.08,3.08 0 0 1 -3,3 z"
+     class="ef4e5b1c-b333-40de-91f2-d67d81b0e205" />
+  <polygon
+     style="fill:none;stroke:#b14d9d;stroke-width:3px;stroke-linejoin:round"
+     id="polygon155"
+     points="126.2,387.1 139.4,379.5 139.4,364.2 126.2,356.5 112.9,364.2 112.9,379.5 "
+     class="a2de6f6a-543b-49bf-abe1-4190f694075c"
+     transform="translate(0,2.1488219e-6)" />
+  <g
+     style="isolation:isolate"
+     id="g161"
+     class="a450d0db-15ca-4a08-835b-f23856a99cc6"
+     transform="translate(0,2.1488219e-6)">
+    <text
+       style="font-size:12px;font-family:ArialMT, Arial;isolation:isolate;fill:#818181"
+       id="text157"
+       transform="translate(110.9,403.24)"
+       class="ec350dc4-b3fe-4a66-86b2-3ced8af6dc99">Envoy</text>
+    <text
+       style="font-size:12px;font-family:ArialMT, Arial;isolation:isolate;fill:#818181"
+       id="text159"
+       transform="translate(111.9,417.64)"
+       class="ec350dc4-b3fe-4a66-86b2-3ced8af6dc99">proxy</text>
+  </g>
+  <path
+     style="fill:#e5e5e4"
+     inkscape:connector-curvature="0"
+     id="path163"
+     d="m 69.3,432.40001 h -66 a 3,3 0 0 1 -3,-3 v -82.8 a 3,3 0 0 1 3,-3 h 66 a 3.08,3.08 0 0 1 3,3 v 82.8 a 3.08,3.08 0 0 1 -3,3 z"
+     class="aa42245d-ad5b-4e67-9608-1290cdf026c9" />
+  <path
+     style="fill:#ffffff"
+     inkscape:connector-curvature="0"
+     id="path165"
+     d="m 60.3,423.20001 h -48 a 3,3 0 0 1 -3,-3 v -64.3 a 3,3 0 0 1 3,-3 h 48 a 3.08,3.08 0 0 1 3,3 v 64.3 a 3.08,3.08 0 0 1 -3,3 z"
+     class="ef4e5b1c-b333-40de-91f2-d67d81b0e205" />
+  <polygon
+     style="fill:none;stroke:#b14d9d;stroke-width:3px;stroke-linejoin:round"
+     id="polygon167"
+     points="36.3,387.1 49.5,379.5 49.5,364.2 36.3,356.5 23,364.2 23,379.5 "
+     class="a2de6f6a-543b-49bf-abe1-4190f694075c"
+     transform="translate(0,2.1488219e-6)" />
+  <g
+     style="isolation:isolate"
+     id="g173"
+     class="a450d0db-15ca-4a08-835b-f23856a99cc6"
+     transform="translate(0,2.1488219e-6)">
+    <text
+       style="font-size:12px;font-family:ArialMT, Arial;isolation:isolate;fill:#818181"
+       id="text169"
+       transform="translate(20.98,403.24)"
+       class="ec350dc4-b3fe-4a66-86b2-3ced8af6dc99">Envoy</text>
+    <text
+       style="font-size:12px;font-family:ArialMT, Arial;isolation:isolate;fill:#818181"
+       id="text171"
+       transform="translate(21.98,417.64)"
+       class="ec350dc4-b3fe-4a66-86b2-3ced8af6dc99">proxy</text>
+  </g>
+  <path
+     style="fill:#486baf"
+     inkscape:connector-curvature="0"
+     id="path175"
+     d="M 304.7,189.00001 H 183.3 a 3,3 0 0 1 -3,-3 v -19.8 a 3.08,3.08 0 0 1 3,-3 h 121.4 a 3.08,3.08 0 0 1 3,3 v 19.8 a 3,3 0 0 1 -3,3 z"
+     class="b805c6ed-2f12-4f9f-bfd4-2d445f303f70" />
+  <text
+     style="font-size:16px;font-family:ArialMT, Arial;isolation:isolate;fill:#ededed"
+     id="text181"
+     class="aef7c180-a9aa-4037-aeb7-1c23582a6a0c"
+     x="213.46001"
+     y="181.84">Rules<tspan
+   style="letter-spacing:-0.06em"
+   id="tspan177"
+   y="181.84"
+   x="254.37"
+   class="eac389b2-f847-4bee-8623-5c3be09bcbfd" />
+<tspan
+   id="tspan179"
+   y="181.84"
+   x="257.92999">API</tspan>
+</text>
+  <path
+     style="fill:#486baf"
+     inkscape:connector-curvature="0"
+     id="path183"
+     d="M 304.7,225.10001 H 183.3 a 3.08,3.08 0 0 1 -3,-3 v -19.8 a 3,3 0 0 1 3,-3 h 121.4 a 3,3 0 0 1 3,3 v 19.8 a 3,3 0 0 1 -3,3 z"
+     class="b805c6ed-2f12-4f9f-bfd4-2d445f303f70" />
+  <text
+     style="font-size:16px;font-family:ArialMT, Arial;isolation:isolate;fill:#ededed"
+     id="text189"
+     class="aef7c180-a9aa-4037-aeb7-1c23582a6a0c"
+     x="202.67"
+     y="217.91">Network<tspan
+   style="letter-spacing:-0.06em"
+   id="tspan185"
+   y="217.91"
+   x="261.35001"
+   class="eac389b2-f847-4bee-8623-5c3be09bcbfd" />
+<tspan
+   id="tspan187"
+   y="217.91"
+   x="264.91">API</tspan>
+</text>
+  <text
+     xml:space="preserve"
+     style="font-style:normal;font-weight:normal;font-size:13.33333302px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none"
+     x="447.51569"
+     y="59.546623"
+     id="text1107"><tspan
+       sodipodi:role="line"
+       id="tspan1105"
+       x="447.51569"
+       y="59.546623"
+       style="font-size:8px">Service discovery</tspan><tspan
+       sodipodi:role="line"
+       x="447.51569"
+       y="76.213287"
+       style="font-size:8px"
+       id="tspan1109">and traffic rules</tspan></text>
+</svg>

content/docs/concepts/what-is-istio/index.md

@@ -170,7 +170,7 @@ abstracts the Envoy proxy and Istio-managed services from these details.
 
 ### Pilot
 
-[Pilot](/docs/concepts/traffic-management/#pilot-and-envoy) provides
+[Pilot](/docs/concepts/traffic-management/#pilot) provides
 service discovery for the Envoy sidecars, traffic management capabilities
 for intelligent routing (e.g., A/B tests, canary rollouts, etc.),
 and resiliency (timeouts, retries, circuit breakers, etc.).

content/docs/reference/config/networking/_index.md

@@ -4,5 +4,5 @@ description: Describes how to configure HTTP/TCP routing features.
 weight: 11
 aliases:
     - /docs/reference/config/istio.routing.v1alpha1/
-    - /docs/reference/config/istio.networking.v1alpha3/
+    - /docs/reference/config/networking/v1alpha3/
 ---

content/docs/setup/kubernetes/additional-setup/mesh-expansion/index.md

@@ -78,7 +78,7 @@ cluster for mesh expansion, run the following commands on a machine with cluster
     $ export SERVICE_NAMESPACE="default"
     {{< /text >}}
 
-1. Determine and store the IP address of the Istio ingress gateway since the mesh expansion machines access [Citadel](/docs/concepts/security/) and [Pilot](/docs/concepts/traffic-management/#pilot-and-envoy) through this IP address.
+1. Determine and store the IP address of the Istio ingress gateway since the mesh expansion machines access [Citadel](/docs/concepts/security/) and [Pilot](/docs/concepts/traffic-management/#pilot) through this IP address.
 
     {{< text bash >}}
     $ export GWIP=$(kubectl get -n istio-system service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')

content/docs/setup/kubernetes/upgrade/steps/index.md

@@ -145,3 +145,150 @@ $ kubectl apply -f <(istioctl kube-inject \
      --injectConfigFile inject-config.yaml \
      --filename $ORIGINAL_DEPLOYMENT_YAML)
 {{< /text >}}
+
+## Migrating per-service mutual TLS enablement via annotations to authentication policy
+
+If you use service annotations to override global mutual TLS enablement for a service, you need to replace it with
+[authentication policy](/docs/concepts/security/#authentication-policies) and [destination rules](/docs/concepts/traffic-management/#destination-rules).
+
+For example, if you install Istio with mutual TLS enabled, and disable it for service `foo` using a service annotation like below:
+
+{{< text yaml >}}
+kind: Service
+metadata:
+  name: foo
+  namespace: bar
+  annotations:
+    auth.istio.io/8000: NONE
+{{< /text >}}
+
+You need to replace this with this authentication policy and destination rule (deleting the old annotation is optional)
+
+{{< text yaml >}}
+apiVersion: "authentication.istio.io/v1alpha1"
+kind: "Policy"
+metadata:
+  name: "disable-mTLS-foo"
+  namespace: bar
+spec:
+  targets:
+  - name: foo
+    ports:
+    - number: 8000
+  peers:
+---
+apiVersion: "networking.istio.io/v1alpha3"
+kind: "DestinationRule"
+metadata:
+  name: "disable-mTLS-foo"
+  namespace: "bar"
+spec:
+  host: "foo"
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+    portLevelSettings:
+    - port:
+        number: 8000
+      tls:
+        mode: DISABLE
+{{< /text >}}
+
+If you already have destination rules for `foo`, you must edit that rule instead of creating a new one.
+When create a new destination rule, make sure to include other settings, i.e `load balancer`, `connection pool` and `outlier detection` if necessary.
+Finally, If `foo` doesn't have sidecar, you can skip authentication policy, but still need to add destination rule.
+
+If 8000 is the only port that service `foo` provides (or you want to disable mutual TLS for all ports), the policies can be simplified as:
+
+{{< text yaml >}}
+apiVersion: "authentication.istio.io/v1alpha1"
+kind: "Policy"
+metadata:
+  name: "disable-mTLS-foo"
+    namespace: bar
+  spec:
+    targets:
+    - name: foo
+    peers:
+---
+apiVersion: "networking.istio.io/v1alpha3"
+kind: "DestinationRule"
+metadata:
+  name: "disable-mTLS-foo"
+  namespace: "bar"
+spec:
+  host: "foo"
+trafficPolicy:
+  tls:
+    mode: DISABLE
+{{< /text >}}
+
+## Migrating the `mtls_excluded_services` configuration to destination rules
+
+If you installed Istio with mutual TLS enabled, and used the mesh configuration option `mtls_excluded_services` to
+disable mutual TLS when connecting to these services (e.g Kubernetes API server), you need to replace this by adding a destination rule. For example:
+
+{{< text yaml >}}
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  name: "kubernetes-master"
+  namespace: "default"
+spec:
+  host: "kubernetes.default.svc.cluster.local"
+  trafficPolicy:
+    tls:
+      mode: DISABLE
+{{< /text >}}
+
+## Migrating from `RbacConfig` to `ClusterRbacConfig`
+
+The `RbacConfig` is deprecated due to a [bug](https://github.com/istio/istio/issues/8825). You must
+migrate to `ClusterRbacConfig` if you are currently using `RbacConfig`. The bug reduces the scope of
+the object to be namespace-scoped in some cases. The `ClusterRbacConfig` follows the exact same
+specification as the `RbacConfig` but with the correct cluster scope implementation.
+
+To automate the migration, we developed the `convert_RbacConfig_to_ClusterRbacConfig.sh` script.
+The script is included in the [Istio installation package](/docs/setup/kubernetes/#downloading-the-release).
+
+Download and run the script with the following command:
+
+{{< text bash >}}
+$ curl -L {{< github_file >}}/tools/convert_RbacConfig_to_ClusterRbacConfig.sh | sh -
+{{< /text >}}
+
+The script automates the following operations:
+
+1. The script creates the cluster RBAC configuration with same specification as the existing RBAC configuration
+   because Kubernetes doesn't allow the value of `kind:` in a custom resource to change after it's created.
+
+    For example, if you have the following RBAC configuration:
+
+    {{< text yaml >}}
+    apiVersion: "rbac.istio.io/v1alpha1"
+    kind: RbacConfig
+    metadata:
+      name: default
+    spec:
+      mode: 'ON_WITH_INCLUSION'
+      inclusion:
+        namespaces: ["default"]
+    {{< /text >}}
+
+    The script creates the following cluster RBAC configuration:
+
+    {{< text yaml >}}
+    apiVersion: "rbac.istio.io/v1alpha1"
+    kind: ClusterRbacConfig
+    metadata:
+      name: default
+    spec:
+      mode: 'ON_WITH_INCLUSION'
+      inclusion:
+        namespaces: ["default"]
+    {{< /text >}}
+
+1. The script applies the configuration and waits for a few seconds to let the configuration to take effect.
+
+1. The script deletes the previous RBAC configuration custom resource after applying the cluster RBAC
+   configuration successfully.

content/docs/tasks/security/authn-policy/index.md

@@ -124,7 +124,7 @@ sleep.bar to httpbin.foo: 503
 sleep.bar to httpbin.bar: 503
 {{< /text >}}
 
-To configure the client side, you need to set [destination rules](/docs/concepts/traffic-management/#rule-destinations) to use mutual TLS. It's possible to use
+To configure the client side, you need to set [destination rules](/docs/concepts/traffic-management/#destination-rules) to use mutual TLS. It's possible to use
 multiple destination rules, one for each applicable service (or namespace). However, it's more convenient to use a rule with the `*` wildcard to match all
 services so that it is on par with the mesh-wide authentication policy.
 

content/docs/tasks/traffic-management/egress/egress-control/index.md

@@ -263,7 +263,7 @@ any other unintentional accesses.
 ### Manage traffic to external services
 
 Similar to inter-cluster requests, Istio
-[routing rules](/docs/concepts/traffic-management/#rule-configuration)
+[routing rules](/docs/concepts/traffic-management/#routing-rules)
 can also be set for external services that are accessed using `ServiceEntry` configurations.
 In this example, you set a timeout rule on calls to the `httpbin.org` service.
 
@@ -328,7 +328,7 @@ $ kubectl delete virtualservice httpbin-ext --ignore-not-found=true
 
 If you want to completely bypass Istio for a specific IP range,
 you can configure the Envoy sidecars to prevent them from
-[intercepting](/docs/concepts/traffic-management/#communication-between-services)
+[intercepting](/docs/concepts/traffic-management/#traffic-routing-and-configuration)
 external requests. To set up the bypass, change either the `global.proxy.includeIPRanges`
 or the `global.proxy.excludeIPRanges` [configuration option](/docs/reference/config/installation-options/) and
 update the `istio-sidecar-injector` configuration map using the `kubectl apply` command.

content/docs/tasks/traffic-management/request-timeouts/index.md

@@ -125,7 +125,7 @@ microservice also has its own application-level timeout (3 seconds) for calls to
 Notice that in this task you used an Istio route rule to set the timeout to half a second.
 Had you instead set the timeout to something greater than 3 seconds (such as 4 seconds) the timeout
 would have had no effect since the more restrictive of the two takes precedence.
-More details can be found [here](/docs/concepts/traffic-management/#failure-handling-faq).
+More details can be found [here](/docs/concepts/traffic-management/#network-resilience-and-testing).
 
 One more thing to note about timeouts in Istio is that in addition to overriding them in route rules,
 as you did in this task, they can also be overridden on a per-request basis if the application adds

content_zh/docs/concepts/traffic-management/index.md

@@ -10,7 +10,7 @@ keywords: [traffic-management]
 使用 Istio 的流量管理模型，本质上是将流量与基础设施扩容解耦，让运维人员可以通过 Pilot 指定流量遵循什么规则，而不是指定哪些 pod/VM 应该接收流量——Pilot 和智能 Envoy 代理会帮我们搞定。因此，例如，您可以通过 Pilot 指定特定服务的 5％ 流量可以转到金丝雀版本，而不必考虑金丝雀部署的大小，或根据请求的内容将流量发送到特定版本。
 
 {{< image width="85%"
-    link="TrafficManagementOverview.svg"
+    link="./TrafficManagementOverview.svg"
     caption=" Istio 流量管理"
     >}}
 
@@ -29,7 +29,7 @@ Istio 流量管理的核心组件是 [Pilot](#pilot-和-envoy)，它管理和配
 Pilot 负责管理通过 Istio 服务网格发布的 Envoy 实例的生命周期。
 
 {{< image width="60%"
-    link="PilotAdapters.svg"
+    link="./PilotAdapters.svg"
     caption="Pilot 架构"
     >}}
 
@@ -48,7 +48,7 @@ Istio 引入了服务版本的概念，可以通过版本（`v1`、`v2`）或环
 ### 服务之间的通讯
 
 {{< image width="60%"
-    link="ServiceModel_Versions.svg"
+    link="./ServiceModel_Versions.svg"
     alt="服务版本的处理。"
     caption="服务版本"
     >}}
@@ -66,7 +66,7 @@ Istio 不提供 DNS。应用程序可以尝试使用底层平台（`kube-dns`、
 Istio 假定进入和离开服务网络的所有流量都会通过 Envoy 代理进行传输。通过将 Envoy 代理部署在服务之前，运维人员可以针对面向用户的服务进行 A/B 测试、部署金丝雀服务等。类似地，通过使用 Envoy 将流量路由到外部 Web 服务（例如，访问 Maps API 或视频服务 API）的方式，运维人员可以为这些服务添加超时控制、重试、断路器等功能，同时还能从服务连接中获取各种细节指标。
 
 {{< image width="85%"
-    link="ServiceModel_RequestFlow.svg"
+    link="./ServiceModel_RequestFlow.svg"
     alt="通过 Envoy 的 Ingress 和 Egress。"
     caption="请求流"
     >}}
@@ -80,7 +80,7 @@ Istio 假定存在服务注册表，以追踪应用程序中服务的 pod/VM。
 Pilot 使用来自服务注册的信息，并提供与平台无关的服务发现接口。网格中的 Envoy 实例执行服务发现，并相应地动态更新其负载均衡池。
 
 {{< image width="55%"
-    link="LoadBalancing.svg"
+    link="./LoadBalancing.svg"
     caption="发现与负载均衡">}}
 
 如上图所示，网格中的服务使用其 DNS 名称访问彼此。服务的所有 HTTP 流量都会通过 Envoy 自动重新路由。Envoy 在负载均衡池中的实例之间分发流量。虽然 Envoy 支持多种[复杂的负载均衡算法](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancing)，但 Istio 目前仅允许三种负载均衡模式：轮询、随机和带权重的最少请求。