Commit Graph

63 Commits

Author SHA1 Message Date
lei-tang 8f55ddbc67
Update the SDS documentation on Node Agent for Istio 1.5 (#6518)
* Update the SDS documentation on Node Agent

* Revise based on review comments
2020-02-21 07:44:33 -08:00
Chunlin Yang 472d732804
Correct typo (#6463)
Signed-off-by: clyang82 <clyang@cn.ibm.com>
2020-02-18 00:33:27 -08:00
John Howard 7f218afb1b
Remove galley docs (#6361)
* Cleanup validation docs

* Clean up some Galley references for istiod

* fix syntax
2020-01-31 09:15:51 -08:00
SerenaFeng 73b9088172 certificate decode error when decoding from bash pipe by openssl (#6259) 2020-01-07 16:31:57 -05:00
Oliver Liu 7e225624b8 Improve the MTLS migration task. (#6255)
* Improve the MTLS migration task.

* Small fix.

* More improvements.

* Small fix.

* Small fix.

* Small fix.

* Small fix.

* Small fix.

* Lint fix.

* Copy edits

* Apply suggestions from code review

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

Co-authored-by: Adam Miller <1402860+adammil2000@users.noreply.github.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
2020-01-06 08:58:25 -08:00
Yangmin Zhu 362a64cf95 add notes for enabling mTLS for authz (#6280) 2020-01-06 08:09:25 -08:00
Lin Sun 7d2c7d1e21 use the new install link (#6199) 2019-12-31 08:27:22 -08:00
Lin Sun 86f642902b remove controlPlaneSecurityEnabled (#6200)
* remove controlPlaneSecurityEnabled

as it is enabled by default now

* more update

* more updates

* more updates

* more update
2019-12-31 08:14:30 -08:00
Lin Sun c285372359 update with correct output (#6186)
* update with correct output

shows source and destination service

* Update index.md
2019-12-31 08:14:22 -08:00
Lin Sun 4601017961 remove bin reference to istioctl (#6154)
* remove bin reference to istioctl

as all of our other tasks assume istioctl is on the path already.  Having it cause me an alert on my mac:

“istioctl” can’t be opened because Apple cannot check it for malicious software.

* fix istioctl path
2019-12-19 13:55:05 -08:00
Lin Sun 9bf0d55b26 update the cmd to retrieve token correctly (#6128)
* update the cmd to retrieve token correctly

* update to remove empty char only

* remove tab also

* Update content/en/docs/tasks/security/authentication/authn-policy/index.md

Co-Authored-By: Eric Van Norman <ericvn@us.ibm.com>
2019-12-18 06:24:23 -08:00
Jianfei Hu f2e87724f3 remove optional wording in title (#6089) 2019-12-16 09:20:05 -05:00
Shamsher Ansari 5c269c0340 Improve Mutual TLS migration example (#6035)
As with version v1.4.0, Experimental multi-cluster setup has been added to istioctl

The following command also provides istio-multicluster-destinationrule and host information

kubectl get destinationrule --all-namespaces
2019-12-10 13:06:43 -08:00
Shamsher Ansari 6da47574b2 Fix broken link for Configure Citadel Service Account Secret Generation (#6042) 2019-12-10 08:11:08 -08:00
Shamsher Ansari ae81fe9cec Fix setting up Automatic mutual TLS example (#6010) 2019-12-06 07:12:48 -08:00
Martin Taillefer 6165cb9821
Replace cookies with local storage. (#5949)
- We don't need cookies for istio.io, the few settings we do have should be
managed with browser-local storage instead. This is a better privacy posture,
and avoids sending needless data to the server for every request.
2019-12-02 13:02:51 -08:00
Frank Budinsky 16b11a22e1 Clarify SDS is not default (#5882) 2019-11-26 10:00:42 -08:00
Frank Budinsky 60f73570f0 Another ops guide incremental improvement (#5830)
* Another ops guide incremental improvement

* fix broken links

* more lint errors

* one more lint

* fix aliases
2019-11-25 11:58:39 -08:00
Phillip Quy Le bc16c4c4a7 Create trust domain migration task for authz (#5486)
* Create trust domain migration task for authz

* Revise content and address comments

* Remove httpbin and sleep from example
2019-11-15 10:14:46 -08:00
John Zheng 3d7011c31b Improve index.md (#5646)
Suggest to add this commit, to improve user experience.

Already be merged into release-1.3, FYI
https://github.com/istio/istio.io/pull/5489/commits
2019-11-14 05:49:31 -08:00
Frank Budinsky f5ce9feb70
Consolidate getting started instructions (#5642)
* Consolidate getting started instructions

* review comments

* fix broken links

* add istioctl link

* Fix spelling

* more broken links

* one more
2019-11-12 23:04:33 -05:00
Jimmy Chen 08a92bb255 fix workload-SDS user guide (#5612) 2019-11-12 07:16:54 -08:00
Diem Vu 822701661d Fix tls-check output example (#5608)
* Fix tls-check output example

* Fix spacing
2019-11-11 15:54:54 -08:00
lei-tang 62453fc38e Add an explanation that Chiron is linked with Pilot (#5609) 2019-11-11 15:42:53 -08:00
Rigs Caballero 047785da6a Replace "Mesh Expansion" with "VM Support" and related edits. (#5215)
Let's make additional changes in a followup PR.


* Replace "Mesh Expansion" with "VM Support" and related edits.

To avoid confusion and improve the visibility of the VM-related content, these
changes align with terminology used by our users.

Signed-off-by: rcaballeromx <grca@google.com>

* Fix descriptions, titles and link texts.

Addressed the feedback given around the link text still containing "mesh
expansion". Also addressed the feedback around the accuracy of the
titles and descriptions used.

Signed-off-by: rcaballeromx <grca@google.com>

* Fix bullets and descriptions.

Signed-off-by: rcaballeromx <grca@google.com>

* Return content to examples.

Signed-off-by: rcaballeromx <grca@google.com>

* Fix broken links.

Signed-off-by: rcaballeromx <grca@google.com>

* Fix title for accuracy.

Signed-off-by: rcaballeromx <grca@google.com>

* Fix links for ZH content.

Signed-off-by: rcaballeromx <grca@google.com>

* Fix language for clarity.

Signed-off-by: rcaballeromx <grca@google.com>

* Fix broken link to SDS task.

Signed-off-by: rcaballeromx <grca@google.com>

* Fix merge conflicts.

Signed-off-by: Rigs Caballero <grca@google.com>
2019-11-11 18:28:05 -05:00
Frank Budinsky 823e85b69a
Reorganize reference docs (#5595)
* Reorganize reference docs

* aliases

* corrections

* fix broken links

* fix broken link

* another broken link

* another broken link
2019-11-11 17:46:27 -05:00
lei-tang 7f85876be6 Check no prior webhook configs and clean up webhook configs (#5597) 2019-11-11 12:36:54 -08:00
Oliver Liu 98ce605cb8 Fix several istio.io tasks. (#5539) 2019-11-09 06:32:00 -08:00
Jianfei Hu 16d07b0483 Update the egrep and service accounts. (#5523)
* Update the egrep and service accounts.

* fix the lint.
2019-11-09 06:20:52 -08:00
lei-tang 026bb329d4 Change the config names to be consistent with istioctl installation (#5529) 2019-11-08 16:33:52 -08:00
Oliver Liu ef1ffd4cfd Fix auth installation and its references. (#5482)
* Fix auth installation and its references.

* Apply suggestions from code review

Fix according to the feedback.

Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
2019-11-08 16:51:19 -05:00
lei-tang 1d2c74a629 Fix bug istioctl manifest command does not read from standard input (#5521) 2019-11-08 10:36:52 -08:00
lei-tang b0cdd6f222 User guide for istioctl managing webhooks (#5162)
* User guide for istioctl managing webhooks

* Generate the webhook configurations

* Skip long config

* Move the task to be under setup/install directory

* Add jq as a prerequisite

* Decouple installation from the user guide

* Add explanations to config

* Change the weight

* Revisions on cleanup

* Revise headings

* Revise the search instructions

* Revise the wordings

* Revise install instructions and location

* Skip --validation

* Use istioctl to generate webhook configurations

* Use istioctl to install

* Revise the commands

* Revise the wording

* Remove two comment lines
2019-11-08 07:59:51 -08:00
lei-tang acd3269915 User guide for Istio DNS certificates (#5152)
* User guide for Istio DNS certificates

A guide of how to provision and manage DNS certificates in Istio.

* Explain why uses this feature

* Use the boilerplate command

* Unindent a text block

* Add jq as a prerequisite

* Decouple installation step from the user guide

* Wording revisions

* Wording revisions and change weight

* Follow the same installation approach of CNI

* Revise the writing

* Merge the javascript functions

* Fix the lint error

- ./public/docs/tasks/security/dns-cert/index.html
  *  linking to /docs/setup/install/helm/#dnscerts, but dnscerts does not exist (line 58176)
     <a href="/docs/setup/install/helm/#dnscerts">Customizable Install with Helm</a>
htmlproofer 3.12.0 | Error:  HTML-Proofer found 1 failure!

* Use istioctl to install Istio

* Revisions according to review comments

* Add an explanation

* Revise based on review comments

* Remove the referrence to a file
2019-11-08 07:47:51 -08:00
Frank Budinsky a6a5769f12
Organize security tasks (#5474)
* Organize security tasks

* lint errors

* fixes

* more fixes
2019-11-07 15:54:27 -05:00
Yangmin Zhu cbcea241ad update authz group task for 1.4 (#5435)
* update authz group page for 1.4

* address comments
2019-11-07 06:24:51 -08:00
Jianfei Hu d0dae3fb18 Auto mTLS user guide doc on istio.io (#5313)
* first rewrite of the DR removal till global mTLS section.

* remove all destinationrule for authn policy doc.

* lint fix

* add separate page for automtls

* restore the original authn policy

* new page with auto mtls separately.

* fix the lint

* fix lint and using istioctl manifest.

* complete the instructions for auto mlts

* finish and verify with install

* more delta before and after in strict

* header with certificate identity.

* no more helm

* apply the suggestion.
2019-11-06 15:20:15 -08:00
Neeraj Poddar db10e052ff Fix directory structure/heading for istioctl install (#5390) 2019-11-05 12:37:19 -08:00
Martin Taillefer 4d4e6ae28e
General cleanup items. (#5325)
- Fix a bunch of heading capitalization.

- Remove words that shouldn't be in the dictionary
and update the text accordingly.

- Added a few @@ sequences to reference content files from text blocks.

- Used a few {{< source_branch_name >}} sequences to refer to the proper
branch in GitHub rather than master.
2019-11-04 06:41:54 -08:00
Yangmin Zhu 9532bc0dda update authorization for HTTP task for v1beta1 policy (#5185)
* update authorization for HTTP task for v1beta1 policy

* fix

* small update

* resolve comments

* address comments

* minor

* more fix

* address comments

* address comments

* remove namespace-level

* more fix

* remove duplicate
2019-11-01 15:54:22 -07:00
Frank Budinsky 4bf2fb2e5e Remove uses of istio-demo.yaml (#5311)
* Remove uses of istio-demo.yaml

* broken link
2019-10-31 13:38:03 -07:00
Yangmin Zhu facbed0482 update authorization for TCP task for v1beta1 policy (#5196)
* update authorization for TCP task for v1beta1 policy

* address comments

* address comment

* address comments

* more fix

* resolve comments

* fix
2019-10-31 09:37:35 -04:00
Frank Budinsky f220f655a7 Deprecate helm install (#5270)
* Deprecate helm install

* fix lint

* address review comments

* correction
2019-10-29 06:37:34 -07:00
Jimmy Chen 3fec0dd43f update user guide (#5233) 2019-10-24 10:07:43 -07:00
Diem Vu 272a55b88b Update istioctl auth tls-check example to reflect https://github.com/istio/istio/pull/17720 (#5219)
* content/en/docs/tasks/security/mutual-tls/index.md

* Correct destination rule name in tls-check example

* UPdate check-policy.md
2019-10-23 12:19:42 -07:00
John Howard 962c9ac0aa Remove one last mention of demo-auth (#5236) 2019-10-23 08:59:11 -07:00
Martin Taillefer e8f8b4feb8
Improve snippet logic. (#5205)
- Support snippets that specify the body syntax and output
syntax of the snippet.

- Snippets with bash syntax triggered an incorrect error message.

- No error message was produced for a misnamed snippet

- Convert a security task to use snippets to populate its
many preformatted blocks.
2019-10-20 16:27:51 -07:00
Yangmin Zhu adc0b9c44a remove deprecated authz permissive task (#5191)
* remove deprecated authz permissive task

* update alias
2019-10-18 13:49:56 -07:00
Chunlin Yang 38f252fb68 Get rid of demo-auth (#5024)
* Get rid of demo-auth

Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com>

* remove strict mtls mode

* address comments

* fix linter error

* Add instruction for mtls

* add back demo-auth in configuration profile

* Update content/zh/docs/setup/kubernetes/install/kubernetes/index.md

Co-Authored-By: SataQiu <1527062125@qq.com>

* Update content/zh/docs/tasks/security/health-check/index.md

Co-Authored-By: SataQiu <1527062125@qq.com>

* Update content/zh/docs/tasks/security/https-overlay/index.md

Co-Authored-By: SataQiu <1527062125@qq.com>

* Update content/zh/docs/tasks/security/https-overlay/index.md

Co-Authored-By: SataQiu <1527062125@qq.com>

* Update content/zh/docs/tasks/security/plugin-ca-cert/index.md

Co-Authored-By: SataQiu <1527062125@qq.com>

* Update content/zh/docs/tasks/security/plugin-ca-cert/index.md

Co-Authored-By: SataQiu <1527062125@qq.com>

* Update content/zh/docs/tasks/security/health-check/index.md

Co-Authored-By: SataQiu <1527062125@qq.com>
2019-10-18 09:55:29 -04:00
Martin Taillefer d6445fc726
Update reference docs. (#5173)
preliminary.istio.io will now display reference material for the release-1.4 branches
of istio/istio, istio/api, and istio/operator.
2019-10-17 11:09:11 -07:00