istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update deprecated flags for meshConfig (#7236)

This commit is contained in:
Shamsher Ansari 2020-05-07 22:24:26 +05:30 committed by GitHub
parent 1ab5674a95
commit f58fffb5d1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
content/en/docs/ops/configuration/traffic-management/locality-load-balancing/index.md
View File

@ -23,7 +23,7 @@ the geographic location where requests are sent.
## Configuring locality load balancing ## Configuring locality load balancing
This feature is enabled by default. To disable locality load balancing, This feature is enabled by default. To disable locality load balancing,
pass the `--set global.localityLbSetting.enabled=false` flag when installing Istio. pass the `--set meshConfig.localityLbSetting.enabled=false` flag when installing Istio.
## Requirements ## Requirements
@ -73,14 +73,14 @@ Sometimes, you need to constrain the traffic fail-over to avoid sending traffic
endpoints across the globe when there are not enough healthy endpoints in the endpoints across the globe when there are not enough healthy endpoints in the
same region. This behavior is useful when sending fail-over traffic across regions same region. This behavior is useful when sending fail-over traffic across regions
would not improve service health or many other reasons including regulatory controls. would not improve service health or many other reasons including regulatory controls.
To constrain traffic to a region, configure the `values.localityLbSetting` option during install. See the To constrain traffic to a region, configure the `meshConfig.localityLbSetting` option during install. See the
[Locality load balancing reference guide](/docs/reference/config/networking/destination-rule#LocalityLoadBalancerSetting) [Locality load balancing reference guide](/docs/reference/config/networking/destination-rule#LocalityLoadBalancerSetting)
for options. for options.
An example configuration: An example configuration:
{{< text yaml >}} {{< text yaml >}}
global: meshConfig:
localityLbSetting: localityLbSetting:
enabled: true enabled: true
failover: failover:
@ -97,7 +97,7 @@ Locality-weighted load balancing distributes user-defined percentages of traffic
For example, if we want to keep 80% of traffic within our region, and send 20% of traffic out of region: For example, if we want to keep 80% of traffic within our region, and send 20% of traffic out of region:
{{< text yaml >}} {{< text yaml >}}
global: meshConfig:
localityLbSetting: localityLbSetting:
enabled: true enabled: true
distribute: distribute:

8
content/en/docs/tasks/observability/logs/access-log/index.md
View File

@ -26,7 +26,7 @@ In the example below, replace `demo` with the name of the profile you used when
{{< /tip >}} {{< /tip >}}
{{< text bash >}} {{< text bash >}}
$ istioctl manifest apply --set profile=demo --set values.global.proxy.accessLogFile="/dev/stdout" $ istioctl manifest apply --set profile=demo --set meshConfig.accessLogFile="/dev/stdout"
- Applying manifest for component Base... - Applying manifest for component Base...
✔ Finished applying manifest for component Base. ✔ Finished applying manifest for component Base.
- Applying manifest for component Pilot... - Applying manifest for component Pilot...
@ -51,9 +51,9 @@ You may also want to customize the
All three of these parameters may also be configured via [install options](https://archive.istio.io/v1.4/docs/reference/config/installation-options/): All three of these parameters may also be configured via [install options](https://archive.istio.io/v1.4/docs/reference/config/installation-options/):
{{< /tip >}} {{< /tip >}}
* `values.global.proxy.accessLogFile` * `meshConfig.accessLogFile`
* `values.global.proxy.accessLogEncoding` * `meshConfig.accessLogEncoding`
* `values.global.proxy.accessLogFormat` * `meshConfig.accessLogFormat`
## Test the access log ## Test the access log

4
content/en/docs/tasks/policy-enforcement/enabling-policy/index.md
View File

@ -24,7 +24,7 @@ This task shows you how to enable Istio policy enforcement.
## At install time ## At install time
In the default Istio installation profile, policy enforcement is disabled. To install Istio In the default Istio installation profile, policy enforcement is disabled. To install Istio
with policy enforcement on, use the `--set values.global.disablePolicyChecks=false` and `--set values.pilot.policy.enabled=true` install option. with policy enforcement on, use the `--set meshConfig.disablePolicyChecks=false` and `--set values.pilot.policy.enabled=true` install option.
Alternatively, you may [install Istio using the demo profile](/docs/setup/getting-started/), Alternatively, you may [install Istio using the demo profile](/docs/setup/getting-started/),
which enables policy checks by default. which enables policy checks by default.
@ -45,7 +45,7 @@ which enables policy checks by default.
Execute the following command from the root Istio directory: Execute the following command from the root Istio directory:
{{< text bash >}} {{< text bash >}}
$ istioctl manifest apply --set values.global.disablePolicyChecks=false --set values.pilot.policy.enabled=true $ istioctl manifest apply --set meshConfig.disablePolicyChecks=false --set values.pilot.policy.enabled=true
configuration "istio" replaced configuration "istio" replaced
{{< /text >}} {{< /text >}}

10
content/en/docs/tasks/traffic-management/egress/egress-control/index.md
View File

@ -51,8 +51,8 @@ This task shows you how to access external services in three different ways:
## Envoy passthrough to external services ## Envoy passthrough to external services
Istio has an [installation option](https://archive.istio.io/v1.4/docs/reference/config/installation-options/), Istio has an [installation option](/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig-OutboundTrafficPolicy-Mode),
`global.outboundTrafficPolicy.mode`, that configures the sidecar handling `meshConfig.outboundTrafficPolicy.mode`, that configures the sidecar handling
of external services, that is, those services that are not defined in Istio's internal service registry. of external services, that is, those services that are not defined in Istio's internal service registry.
If this option is set to `ALLOW_ANY`, the Istio proxy lets calls to unknown services pass through. If this option is set to `ALLOW_ANY`, the Istio proxy lets calls to unknown services pass through.
If the option is set to `REGISTRY_ONLY`, then the Istio proxy blocks any host without an HTTP service or If the option is set to `REGISTRY_ONLY`, then the Istio proxy blocks any host without an HTTP service or
@ -62,7 +62,7 @@ without controlling access to external services.
You can then decide to [configure access to external services](#controlled-access-to-external-services) later. You can then decide to [configure access to external services](#controlled-access-to-external-services) later.
1. To see this approach in action you need to ensure that your Istio installation is configured 1. To see this approach in action you need to ensure that your Istio installation is configured
with the `global.outboundTrafficPolicy.mode` option set to `ALLOW_ANY`. Unless you explicitly with the `meshConfig.outboundTrafficPolicy.mode` option set to `ALLOW_ANY`. Unless you explicitly
set it to `REGISTRY_ONLY` mode when you installed Istio, it is probably enabled by default. set it to `REGISTRY_ONLY` mode when you installed Istio, it is probably enabled by default.
Run the following command to confirm it is configured correctly: Run the following command to confirm it is configured correctly:
@ -109,7 +109,7 @@ from within your Istio cluster. This section shows you how to configure access t
### Change to the blocking-by-default policy ### Change to the blocking-by-default policy
To demonstrate the controlled way of enabling access to external services, you need to change the To demonstrate the controlled way of enabling access to external services, you need to change the
`global.outboundTrafficPolicy.mode` option from the `ALLOW_ANY` mode to the `REGISTRY_ONLY` mode. `meshConfig.outboundTrafficPolicy.mode` option from the `ALLOW_ANY` mode to the `REGISTRY_ONLY` mode.
{{< tip >}} {{< tip >}}
You can add controlled access to services that are already accessible in `ALLOW_ANY` mode. You can add controlled access to services that are already accessible in `ALLOW_ANY` mode.
@ -118,7 +118,7 @@ Once you've configured all of your services, you can then switch the mode to `RE
any other unintentional accesses. any other unintentional accesses.
{{< /tip >}} {{< /tip >}}
1. Run the following command to change the `global.outboundTrafficPolicy.mode` option to `REGISTRY_ONLY`: 1. Run the following command to change the `meshConfig.outboundTrafficPolicy.mode` option to `REGISTRY_ONLY`:
{{< text bash >}} {{< text bash >}}
$ kubectl get configmap istio -n istio-system -o yaml | sed 's/mode: ALLOW_ANY/mode: REGISTRY_ONLY/g' | kubectl replace -n istio-system -f - $ kubectl get configmap istio -n istio-system -o yaml | sed 's/mode: ALLOW_ANY/mode: REGISTRY_ONLY/g' | kubectl replace -n istio-system -f -