* Specify EXTERNAL_CA env under .Values.pilot.env
Signed-off-by: Faseela K <faseela.k@est.tech>
* make snips
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add docs test for custom CA k8s
Signed-off-by: Faseela K <faseela.k@est.tech>
* wait for secrets to be created
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix tests
Signed-off-by: Faseela K <faseela.k@est.tech>
* address review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix minor nits on the security tasks page Plugin CA Certificate
Partially fixes: #12695
* Fix minor nits on the security tasks page for certificate management
* Update custom ca integration with k8s CSR demo to include foo and
bar namespace creation and remove an unnecessary tab from the
sleep pod command.
Signed-off-by: jaellio <jaellio@microsoft.com>
* Fix lint error
Signed-off-by: jaellio <jaellio@microsoft.com>
---------
Signed-off-by: jaellio <jaellio@microsoft.com>
* SHA-1 signatures will not work with Golang 1.18
Support for SHA-1 signatures is disabled by default in Go 1.18 or newer. When generating the certificates please use OpenSSL on MacOS to make sure the certificates will work with istio.
* Lint fixes
* Lint fix
Co-authored-by: Saverio Proto <saverioproto@microsoft.com>
Co-authored-by: craigbox <craigbox@google.com>
* Remove doc on "Istio DNS Certificate Management"
This document gives harmful advice. This feature was intended to be used
for signing control plane certificates, and actually doesn't work for
other cases (cross namespace or any modern Kubernetes version are
completely broken).
* use archive link
* name trick
* Flag experimental pages with dagger
* Use dagger symbol in title
* Dagger in navigation titles for experimental status
* Experimental asterisk note
* Asterisk with space
* Spacing between title and asterisk
* Flag experimental and alpha status
* Improve the plug-in cert task.
* Small fix.
* Update content/en/docs/tasks/security/cert-management/plugin-ca-cert/index.md
Co-authored-by: Sven Mawson <sven@google.com>
* Describe the recommendation of using hierarchical CA.
* Small fix.
* Apply suggestions from code review
Co-authored-by: Sven Mawson <sven@google.com>
* Apply suggestions from code review
Co-authored-by: Sven Mawson <sven@google.com>
Co-authored-by: Sven Mawson <sven@google.com>
* Use experimental as feature stage
Pre-alpha/Development are deprecated in favor of Experimental (see
https://github.com/istio/community/pull/495). Update docs to reference
this phase.
* Add DNS proxying to experimental phase
* Do not mix alpha and experimental
* DNS Proxying is Alpha in 1.9; add to feature status page
* Fix virtual machine install doc based on review
* Fix linting issue
This required some other changes WRT verification:
- Change __cmp_like to allow for not accepting <pending> for an IP address.
- Change __verify_with_retry to use a timeout rathan than number of retries. This is a more intuitive interface and aligns with the way we do retries in istio/istio. I also got rid of exponential backoff and allow both the timeout and delay between retries to be configured.
* Update test reference
* Test framework changes
* Another required change
* Update Tag to 1.8
* Pick istio/istio commit that actually exists
* Disable ISTIO_META_DNS_CAPTURE
* Add --skip-confirmation to istioctl installl commands
* Increase test timeout. First pass at fixes.
* Update to later istio/istio that fixes DNS and minor fixes
* test fixes
* Pick up go.mod `replace` changes from #8118
* Fix istioctl-analayze and mirror
* Fix mtls-migration test
* Update istio to include commit to fix egress
* Re-enable verify with fix
* Update istio/istio ref for egress fix
* Fix tasks/security/authorization/authz-td-migration - remove ns
* Shorten wait timeout so tests complete in under an hr
* Let tests continue after wait timeout
* Fix --skip-confirmation to -y and use yes | in tests
* revert yes | to echo y |
* Additional echo y fix
* Code review comments
* Change verify from same to contains as k8s 1.19 has extra warning lines.
* Update istio/istio ref and reenable tests
* Update istio/istio reference
* Update istioctl build to have version for images
* Fix lint and pull a newer istio/istio
* Disable egress tests
* add an example task to test
* main test function: save progress
* a working example: routing request
* improve log info and error handling
* introduce makefile
* run each test as a subtest; remove common setup from test.sh
* add another test.sh: fault-injection
* improve error handling
* check test environment
* add two more test.sh files
* fix make command for istio setup
* update two test.sh files from upstream
* add comments and update README.md
* update test.sh files from upstream
* support multiple test names
* update README
* update README.md for new framework
* remove documentation of migration steps
* undo format changes
* change separation line to '# @cleanup'
* move go code and makefile from content/ to tests/
* change package name
* make for loop more readable
* change the set of auto-sourced scripts
* add docs for all functions
* approach to deal with folders with the same name
* minor fixes to ensure everything still runs
* fix make gen error
* add a TIMEOUT argument
* make sure util/debug.sh works with new framework
* make lint-go happy
* [BIG CHANGE] allow different istio setup configs
* make linters happy
* make linters happier
* changed wording and function orders
* make error return as the 2nd argument
* add TODOs
* Update content/en/docs/tasks/traffic-management/traffic-shifting/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* only test english docs
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* allow test.sh as suffix
* move adding setup configs to tests/setup
* recommend full paths
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* require full test paths
* converting old tests to new tests: traffic-management and misc
* converting old tests to new tests: security
* remove old tests
* Update content/en/docs/tasks/security/cert-management/dns-cert/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* simplify setup configs
* Update content/en/docs/tasks/security/authentication/authn-policy/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authentication/mtls-migration/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authorization/authz-http/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* do not let istioctl prompt y/n
* Update content/en/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/traffic-management/ingress/secure-ingress/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/cert-management/plugin-ca-cert/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* simplify stuff
* rename dns-cert test.sh to test_broken.sh
* fix dns-cert doc and test
* remove egress=disabled
* fix test
* Update content/en/docs/tasks/observability/logs/access-log/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authentication/authn-policy/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Frank Budinsky
Michael
Faseela K
majeshps
Michael
Jackie Elliott
Eric Van Norman
Chen Xintong
Iris
Istio Automation
John Howard
craigbox
Steve Zhang
ChristinaMak
Shamsher Ansari
Oliver Liu
jacob-delgado
Lin Sun
shankgan
Nathan Mittler
imgbot[bot]
Hongyi Zhang
Navraj Singh Chhina