From eb46b2af6e28665d7eefbe5aaf55810891e3b29a Mon Sep 17 00:00:00 2001 From: mtail Date: Wed, 25 Jul 2018 19:39:20 -0700 Subject: [PATCH] Fix OpenShift code blocks. Improve grammar while I was in the neighborhood. --- .../kubernetes/platform-setup/aws/index.md | 2 +- .../kubernetes/platform-setup/azure/index.md | 6 +-- .../kubernetes/platform-setup/gke/index.md | 2 +- .../kubernetes/platform-setup/ibm/index.md | 4 +- .../platform-setup/minikube/index.md | 2 +- .../platform-setup/openshift/index.md | 39 +++++++++---------- 6 files changed, 26 insertions(+), 29 deletions(-) diff --git a/content/docs/setup/kubernetes/platform-setup/aws/index.md b/content/docs/setup/kubernetes/platform-setup/aws/index.md index 4df0730a62..de74fba983 100644 --- a/content/docs/setup/kubernetes/platform-setup/aws/index.md +++ b/content/docs/setup/kubernetes/platform-setup/aws/index.md @@ -5,7 +5,7 @@ weight: 3 keywords: [platform-setup,aws] --- -To setup the AWS with Kops cluster for Istio, follow these instructions: +Follow these instructions to prepare an AWS cluster with Kops for Istio. When you install a new cluster with Kubernetes version 1.9, the prerequisite to enable `admissionregistration.k8s.io/v1beta1` is covered. diff --git a/content/docs/setup/kubernetes/platform-setup/azure/index.md b/content/docs/setup/kubernetes/platform-setup/azure/index.md index 3cc18b93e1..2770bd9d34 100644 --- a/content/docs/setup/kubernetes/platform-setup/azure/index.md +++ b/content/docs/setup/kubernetes/platform-setup/azure/index.md @@ -5,11 +5,11 @@ weight: 6 keywords: [platform-setup,azure] --- -To setup the Azure cluster for Istio, follow these instructions: +Follow these instructions to prepare an Azure cluster for Istio. You can deploy a Kubernetes cluster to Azure via [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) or [ACS-Engine](https://github.com/azure/acs-engine) which fully supports Istio. -## Instructions for AKS +## AKS You can create an AKS cluster via [the az cli](https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough) or [the Azure portal](https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal). @@ -48,7 +48,7 @@ For the `az` cli option, complete `az login` authentication OR use cloud shell, $ az aks get-credentials --resource-group myResourceGroup --name myAKSCluster {{< /text >}} -## Instructions for ACS-Engine +## ACS-Engine 1. [Follow the instructions](https://github.com/Azure/acs-engine/blob/master/docs/acsengine.md#install) to get and install the `acs-engine` binary. diff --git a/content/docs/setup/kubernetes/platform-setup/gke/index.md b/content/docs/setup/kubernetes/platform-setup/gke/index.md index f2f464cc89..ae43c49cf4 100644 --- a/content/docs/setup/kubernetes/platform-setup/gke/index.md +++ b/content/docs/setup/kubernetes/platform-setup/gke/index.md @@ -5,7 +5,7 @@ weight: 9 keywords: [platform-setup,kubernetes,gke,google] --- -To setup the Google Kubernetes Engine cluster for Istio, follow these instructions: +Follow these instructions to prepare an GKE cluster for Istio. 1. Create a new cluster. diff --git a/content/docs/setup/kubernetes/platform-setup/ibm/index.md b/content/docs/setup/kubernetes/platform-setup/ibm/index.md index 4042c2d250..33fe3e042d 100644 --- a/content/docs/setup/kubernetes/platform-setup/ibm/index.md +++ b/content/docs/setup/kubernetes/platform-setup/ibm/index.md @@ -5,9 +5,7 @@ weight: 12 keywords: [platform-setup,ibm,iks] --- -To setup the IBM Cloud Kubernetes Service (IKS) cluster for Istio, follow these instructions: - -## IBM Cloud Kubernetes Service (IKS) +Follow these instructions to prepare an IBM IKS cluster for Istio. 1. Create a new lite cluster. diff --git a/content/docs/setup/kubernetes/platform-setup/minikube/index.md b/content/docs/setup/kubernetes/platform-setup/minikube/index.md index ed0dcbe0a4..1420cbb207 100644 --- a/content/docs/setup/kubernetes/platform-setup/minikube/index.md +++ b/content/docs/setup/kubernetes/platform-setup/minikube/index.md @@ -5,7 +5,7 @@ weight: 15 keywords: [platform-setup,kubernetes,minikube] --- -To setup the Kubernetes cluster for Istio with Minikube, follow these instructions: +Follow these instructions to prepare Minikube for Istio. 1. To run Istio locally, install the latest version of [Minikube](https://kubernetes.io/docs/setup/minikube/), version **0.28.0 or diff --git a/content/docs/setup/kubernetes/platform-setup/openshift/index.md b/content/docs/setup/kubernetes/platform-setup/openshift/index.md index 3da5a47cd9..6129d514c4 100644 --- a/content/docs/setup/kubernetes/platform-setup/openshift/index.md +++ b/content/docs/setup/kubernetes/platform-setup/openshift/index.md @@ -5,26 +5,25 @@ weight: 18 keywords: [platform-setup,openshift] --- -To setup an OpenShift cluster for Istio, follow these instructions: +Follow these instructions to prepare an OpenShift cluster for Istio. By default, OpenShift doesn't allow containers running with user ID 0. +You must enable containers running with UID 0 for Istio's service accounts: -Enable containers running with UID 0 for Istio's service accounts: - - {{< text bash >}} - $ oc adm policy add-scc-to-user anyuid -z istio-ingress-service-account -n istio-system - $ oc adm policy add-scc-to-user anyuid -z default -n istio-system - $ oc adm policy add-scc-to-user anyuid -z prometheus -n istio-system - $ oc adm policy add-scc-to-user anyuid -z istio-egressgateway-service-account -n istio-system - $ oc adm policy add-scc-to-user anyuid -z istio-citadel-service-account -n istio-system - $ oc adm policy add-scc-to-user anyuid -z istio-ingressgateway-service-account -n istio-system - $ oc adm policy add-scc-to-user anyuid -z istio-cleanup-old-ca-service-account -n istio-system - $ oc adm policy add-scc-to-user anyuid -z istio-mixer-post-install-account -n istio-system - $ oc adm policy add-scc-to-user anyuid -z istio-mixer-service-account -n istio-system - $ oc adm policy add-scc-to-user anyuid -z istio-pilot-service-account -n istio-system - $ oc adm policy add-scc-to-user anyuid -z istio-sidecar-injector-service-account -n istio-system - $ oc adm policy add-scc-to-user anyuid -z istio-galley-service-account -n istio-system - {{< /text >}} +{{< text bash >}} +$ oc adm policy add-scc-to-user anyuid -z istio-ingress-service-account -n istio-system +$ oc adm policy add-scc-to-user anyuid -z default -n istio-system +$ oc adm policy add-scc-to-user anyuid -z prometheus -n istio-system +$ oc adm policy add-scc-to-user anyuid -z istio-egressgateway-service-account -n istio-system +$ oc adm policy add-scc-to-user anyuid -z istio-citadel-service-account -n istio-system +$ oc adm policy add-scc-to-user anyuid -z istio-ingressgateway-service-account -n istio-system +$ oc adm policy add-scc-to-user anyuid -z istio-cleanup-old-ca-service-account -n istio-system +$ oc adm policy add-scc-to-user anyuid -z istio-mixer-post-install-account -n istio-system +$ oc adm policy add-scc-to-user anyuid -z istio-mixer-service-account -n istio-system +$ oc adm policy add-scc-to-user anyuid -z istio-pilot-service-account -n istio-system +$ oc adm policy add-scc-to-user anyuid -z istio-sidecar-injector-service-account -n istio-system +$ oc adm policy add-scc-to-user anyuid -z istio-galley-service-account -n istio-system +{{< /text >}} The list above accounts for the default Istio service accounts. If you enabled other Istio services, like _Grafana_ for example, you need to enable its @@ -33,9 +32,9 @@ service account with a similar command. A service account that runs application pods needs privileged security context constraints as part of sidecar injection. - {{< text bash >}} - $ oc adm policy add-scc-to-user privileged -z default -n - {{< /text >}} +{{< text bash >}} +$ oc adm policy add-scc-to-user privileged -z default -n +{{< /text >}} > Check for `SELINUX` in this [discussion](https://github.com/istio/issues/issues/34) > with respect to Istio in case you see issues bringing up the Envoy.