* Add instructions on installing Istio for vms
* Address review comments
workaround netlify
* Fix cert management link
* Remove /var/run/secrets from document
* Address linting problems
rebase for netlify failure
* Address review comments - not quite functional
This change addresses all reviewer comments, but does not address
my personal testing. That is the next commit in this PR:)
* Address reviewier comments
* One small improvement to the make command
* Address reviewer comments.
* Address reviewer comments and lintian problems
* Fix spellING errors.
* few linting errors.
* Self review.
* Add a plugin ca cert reference to individual CSOs.
force push to work around netlify issue
* Move from setup/install/multicluster
* Rebase to pick up cert-management directory change
netlify rebase
* Address @rshriram comment by adding a banner
force rebase to force netlify to build
* Address reviewer comments.
* Address reviewer comments
* Address reviewer comments
rebase for netlify
* Address reviewer comments
* Address @frankb 's comments.
force push for netlify
* Address reviewer comments.
* Prefix WORK_DIR with $HOME instead of $WORK_DIR. :)
netliffy rebase
* Address most of @smawson's comments
* Fix linting error
* Address reviewer comments.
rebase for netlify
* Fix linting errors
* Add tip explaining that only one VM can be registered
* Fix linting errors.
* Resolve reviewer comments.
* Uninstall: add note about removal of istio-system ns
Fixes: #23189.
* Clarify the reason of not removing it
* Apply suggestions from code review
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Clarify wording for openshift installs
* Update content/en/docs/setup/additional-setup/cni/index.md
Co-Authored-By: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Add documentation for adding sidecar injector webhook annotations in 1.4
* Add proper yaml to -f argument
* Don't mix and match set and file options
* Review comments
* Add note that docs are out of date for istio 1.4 and openshift
* Fix linting errors
* Fix linting errors
* Fix code for istioctl 1.4; update comments at end
* Review comments
* Code review comments
* Update content/en/docs/setup/additional-setup/cni/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/setup/additional-setup/cni/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Retire helm documentation as we use a protobuf
The new rendered source of truth is:
https://preliminary.istio.io/docs/reference/config/istio.operator.v1alpha1/
This is rendered from the API repo protobuf which (may) need description fields
set. That protobuf is here:
https://github.com/istio/api/blob/master/operator/v1alpha1/operator.proto
* Follow the flowchart
The flowchart is not quite right and could use some improvement.
* Update content/en/blog/2019/performance-best-practices/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Initial documentation on Multiple Control Planes
I suspect this will be improved as we get more user feedback and
istioctl integrations, but this is a reasonable start
* Typo
* Minor edits
* Apply suggestions from code review
Co-Authored-By: Adam Miller <1402860+adammil2000@users.noreply.github.com>
* Frank's suggestions
* lint
* Apply suggestions from code review
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Adam Miller <1402860+adammil2000@users.noreply.github.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Fix links for removal of helm installation directory
* Point to archive version of istioctl upgrade instructions
* Add Aporeto to lint ignores for now.
* update multicluster shared control plane docs
* Merged single and multiple network instructions. They are nearly
identically except for specifying the mesh network configuration.
* Removed use of pod IPs for cross-cluster control plane. Added three
options that are more appropriate for production use.
* use `istioctl x create-remote-secret` instead of copy/paste bash
* Updated the master and remote cluster configuration examples to be
declartive instead of imperative. Users can copy/paste the examples,
edit, commit to scm, and apply to the clusters.
* Update content/en/docs/setup/install/multicluster/shared/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/setup/install/multicluster/shared/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/setup/install/multicluster/shared/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* updates
* Update content/en/docs/setup/install/multicluster/shared/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/setup/install/multicluster/shared/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* lint errors
* lint
* Update content/en/docs/setup/install/multicluster/shared/index.md
Co-Authored-By: Lin Sun <linsun@us.ibm.com>
* update networks and add selfSigned
* Apply suggestions from code review
Co-Authored-By: Lin Sun <linsun@us.ibm.com>
* Update content/en/docs/setup/install/multicluster/shared/index.md
Co-Authored-By: Lin Sun <linsun@us.ibm.com>
* fix config and remove option 3
* fix formatting and grammer
* move additional considerations after the sample services
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Lin Sun <linsun@us.ibm.com>
* More base release 1.6 stuff
* Add 1.6.x to spelling
* Fix some broken links with sidecar/tls-check being removed
* Fix links pointing to install/kubernetes/helm/...
* Incorporate #6783 - Fix bug requiring placeholder release notes
* Restore some links to archive
* Fix one remainging link to archive
* Someone still pointing to current release upgrade notes. Remove.
* update operator ref doc
* fix broken link
* Update url to archive link
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* wip: setup observability tasks for v2
Signed-off-by: Douglas Reid <dougreid@google.com>
* continue work
Signed-off-by: Douglas Reid <dougreid@google.com>
* lint fix
Signed-off-by: Douglas Reid <dougreid@google.com>
* remove mixer ref from what-is-istio
Signed-off-by: Douglas Reid <dougreid@google.com>
* further cleanup
Signed-off-by: Douglas Reid <dougreid@google.com>
* lint fix
Signed-off-by: Douglas Reid <dougreid@google.com>
* when will the linting stop?
Signed-off-by: Douglas Reid <dougreid@google.com>
* Update content/en/docs/tasks/observability/mixer/_index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
found during community testing:
- The version of API was incorrect.
- The first step of the doc did not have the namespace creation (it was
in a 2nd step in the English version)
* Add option to setup Istio on KIND
* Rename KIND to kind, fix few typos
* Arrange in a easy to follow steps
* Few more updates to make sentence better
* Small tweaks
* last few improvments
* Define and link SDS on first mention
* Added fix for minikube
* Fix bad link to SPIFFE
* Revert "Fix bad link to SPIFFE"
This reverts commit 7efcc80958.
* Clarifying automatic sidecar injection
Customers are having errors related to missing sidecars much too often, likely due to our confusing name "automatic sidecar injection" and our confusing language implying this is enabled by default. We have to make it more clear that automatic sidecar injection requires someone to turn it on first.
* Typo fix
* Update content/en/docs/setup/additional-setup/sidecar-injection/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/setup/additional-setup/sidecar-injection/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/setup/additional-setup/sidecar-injection/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Removed redundant phrase
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
The banner now points to the current release's announcement page, which is really
the 'dashboard' for a new release, and has all the right links for the user.
`istioctl manifest apply --set profile=demo --set cni.enabled=true --set values.cni.cniBinDir=/home/kubernetes/bin` by default put the `istio-cni-node` daemonset in istio-system namespace. The cni pod fails to create.
According to the helm command here 3fc0e65d94/README.md (usage) `istio manifest` should set cni.namespace to kube-system on gke
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
These fix problems encountered when switching to the new Hugo which has
a completely different markdown engine. I went through diffs of the generated
HTML and made required adjustments.
- We don't need cookies for istio.io, the few settings we do have should be
managed with browser-local storage instead. This is a better privacy posture,
and avoids sending needless data to the server for every request.
- Move some info to front-matter in the different security bulletins
such that it can be used when building the security bulleting index page.
- Update the security bulletin index page to show affected relesses and
impact score.
- Make it so table headers are vertically centered, which looks a lot nicer
when there are a combination of single-line and multi-line headers in the
same table.
- Add a few checks to correctly hide draft mode documents from sight
in more cases.
- Remove a stale document that's been in draft mode since first being
created in 2017.
- Clean up a bit of text in some release notes.
* Added the Best Practices section with general principles.
This is the beginning of the new Best Practices section.
Our goal is to provide a section for all the best practices and recommendations
for Istio deployments. The best practices are based on the identified and
recommended deployment models.
Signed-off-by: rcaballeromx <grca@google.com>
* Change headings for clarity.
Adds clarity to some passages based on feedback.
Removes a list of recommendations that was causing some confusion.
Adds a glossary entry for failure domains and how they relate to a
platform's availability zones.
Signed-off-by: rcaballeromx <grca@google.com>
* Move Best Practices to Ops Guide
Signed-off-by: rcaballeromx <grca@google.com>
* Moved Deployment Best Practices to a new "Prepare Your Deployment" section.
Moved all deployment preparation content into a new section under "Setup".
For now the content includes the following sections:
- Deployment models
- Deployment best practices
- Pod requirements
Merged the two existing pages containing pod requirements into one single page.
Signed-off-by: rcaballeromx <grca@google.com>
* Replace example with better guidance around namespace tenancy.
Signed-off-by: Rigs Caballero <grca@google.com>
* Add links and language pointing to the Prepare section
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix minor typos and broken links.
Signed-off-by: Rigs Caballero <grca@google.com>
* Move from Setup to Operations
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix broken links
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix rebasing issues.
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix multicluster install link.
Signed-off-by: Rigs Caballero <grca@google.com>
* Update multicluster shared-vpn doc
Update docs for the multicluster installation for Shared control plane (single-network) to make it work with `istioctl manifest`.
* Update index.md
* Apply suggestions from code review
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Let's make additional changes in a followup PR.
* Replace "Mesh Expansion" with "VM Support" and related edits.
To avoid confusion and improve the visibility of the VM-related content, these
changes align with terminology used by our users.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix descriptions, titles and link texts.
Addressed the feedback given around the link text still containing "mesh
expansion". Also addressed the feedback around the accuracy of the
titles and descriptions used.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix bullets and descriptions.
Signed-off-by: rcaballeromx <grca@google.com>
* Return content to examples.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix broken links.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix title for accuracy.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix links for ZH content.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix language for clarity.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix broken link to SDS task.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix merge conflicts.
Signed-off-by: Rigs Caballero <grca@google.com>
- Improved look of the call to action buttons
- Removed redundant attributions on all news items, those were
leftovers from when the relesse notes were in the blog section.
- Used consistent subtitles and descriptions for all news items.
* Fix auth installation and its references.
* Apply suggestions from code review
Fix according to the feedback.
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
- Fix a bunch of heading capitalization.
- Remove words that shouldn't be in the dictionary
and update the text accordingly.
- Added a few @@ sequences to reference content files from text blocks.
- Used a few {{< source_branch_name >}} sequences to refer to the proper
branch in GitHub rather than master.
* remove completed pods
as they aren't shown any more, not seeing them in the generated manifest via `istioctl manifest generate --set profile=demo`
* remove sidecars
We also recently removed sidecars for policy telemetry and pilot for demo profile.
* Draft of upgrade docs
* Fixed PR comments
* More PR review comments addressed
* Added note about -f and --set flag support
* Further PR comments
* shortcode added for istioctl
* rebase and typo fixes
* Typo fixes
* modify watch namespace to only Istio-operator
also start the eval with demo profile first.
* use demo as the first starting point
* update grab script
* add watch ns
* fix lint
Currently we are asking users to get a count of their CRDs. This is hard
because the docs fall out of sync very frequently, they may have CRDs
for the operator or something, etc. In generally its really hard to be
right here, and it involves the users manually running this command over
and over until it works.
Instead, we can just wait for the jobs to complete. This has the benefit
of working regardless of their environment, and won't fall out of date.
* migrate Deployment apiVersion from extensions/v1beta1 to apps/v1 to support k8s 1.16
* migrate Deployment, PodSecurityPolicy apiVersion to support k8s 1.16
* A compromise PR of a long original work
See PR: https://github.com/istio/istio.io/pull/5142
Pretty much everything about this PR is compromised...
* Apply reviewer comments.
* Update for new istioctl value requirement
* Update Sidecar Injection docs
Part of this is fixing inaccurate information, and part is trying to
simplify it a bit. If I did a bad job simplifying I'll just revert most
of this and send just the essential fixes.
* Fix typos
* Update content/en/docs/setup/additional-setup/sidecar-injection/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Remove port name requirement
We now do protocol sniffing.
Note - this is definitely not safe to merge. We still need docs explaining protocol sniffing, and how to select a port type explicitly (required for things other than tcp/http, and more performant if you know its tcp/http). Not sure the path forward for this
* Add protocol selection doc
* Fix lint
* Add FAQ
* Added operator install guide
Added draft of operator install doc
Added entries to dict and fixed typo
Fixed tip syntax error
Moved install docs to new en folder structure
Toned-down intro, bash command fixes, reordered subsections
* PR review feedback, link from feature status page
* Fixed install verification example
I don't think we need to document every obscure edge case, especially in the very first page a user will look at. If the user follows our docs, this will never happen. If they *don't* follow the docs, they still will probably never hit this.
* Remove unneeded info in Setup page
* You really don't need an "detailed understanding of sidecar injection"... Istio should just work out of the box.
* We already link to pod requirements at the top of the page
* Re-add sidecar injection
* Update doc for sds
* Update SDS doc for trustworthy jwt feature
* Drop legacy jwt support
* Add SDS announcement
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/docs/setup/platform-setup/_index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update index.md
* Update .spelling
* Update content/en/docs/setup/install/helm/index.md
Co-Authored-By: Romain Lenglet <romain.lenglet@berabera.info>
* Update index.md
* Update _index.md
* Update index.md
* Address comments
* Refine doc again
* Bump the support version of k8s to 1.13
* Update vendors
* Update docs
* Apply suggestions from code review
Co-Authored-By: Rigs Caballero <grca@google.com>
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Rigs Caballero <grca@google.com>
* Add Istio Deployment Models concept.
This concept replaces the old multi-cluster concept.
Includes new diagrams that comply with the diagram creation guidelines.
Updates the Chinese content to use a local copy of the previous diagrams.
Fixes all internal links to the previous version of the doc.
Signed-off-by: rcaballeromx <grca@google.com>
* Add glossary entries for needed terms.
The terms involved are:
- Cluster
- Identity
- Trust domain
Signed-off-by: rcaballeromx <grca@google.com>
* Define cluster in a platform agnostic way.
Also adds links between `identity` and `trust domain`.
Signed-off-by: rcaballeromx <grca@google.com>
* Add missing `(` in links.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix links to sections and reduce image sizes.
Signed-off-by: rcaballeromx <grca@google.com>
* Simplify the definition of `trust domain`
Signed-off-by: rcaballeromx <grca@google.com>
* Move old images to the ZH content.
Signed-off-by: rcaballeromx <grca@google.com>
* Add reworked control plane content.
Also addresses the comments left on the PR including those regarding the
diagrams.
Signed-off-by: rcaballeromx <grca@google.com>
* Add fail over example and glossary entries.
This update also reworks the control plane models section to fit the example.
Additional adjustments were made to the diagrams too.
Signed-off-by: rcaballeromx <grca@google.com>
* Move mesh models section.
Also minor fixes and edits.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix glossary entries and links.
Signed-off-by: rcaballeromx <grca@google.com>
Shamsher Ansari
Istio Automation
Steven Dake
Martin Ostrowski
Nico Aragon
Gregory Hanson
lei-tang
Eric Van Norman
Ram Vennam
John Howard
Oliver Liu
Gijs van Dulmen
Jonh Wendell
Mitch Connors
mandarjog
Lin Sun
jacob-delgado
Steven Dake
Istio Automation
Frank Budinsky
Xinnan Wen
Jason Young
Shawn O'Dell
shibataka000
John Pape
Brian Avery
Jonathan Meyers
Adam Miller
Tao HE
Romain Lenglet
Douglas Reid
stewartbutler
Diem Vu
Taylor Reece
Francois Pesce
imgbot[bot]
pengfei
LiuDui
Johannes Scheuermann
cewuandy
fox
Martin Taillefer
Yuchen Dai
Rigs Caballero
Arun Fung
leo
Dirk Jablonski
Neeraj Poddar
John Mazzitelli
Morven Cao
Chunlin Yang
Naoki Oketani
Zhonghu Xu
Greg Taylor
Ed Snible
Darius Jazayeri
Sam Naser
Martin Devlin
Phillip Quy Le
ammarn911
Eric Van Norman
Romain Lenglet