- Support snippets that specify the body syntax and output
syntax of the snippet.
- Snippets with bash syntax triggered an incorrect error message.
- No error message was produced for a misnamed snippet
- Convert a security task to use snippets to populate its
many preformatted blocks.
* modify watch namespace to only Istio-operator
also start the eval with demo profile first.
* use demo as the first starting point
* update grab script
* add watch ns
* fix lint
In release this is changed to below:
```yaml
global:
# Default hub for Istio images.
# Releases are published to docker hub under 'istio' project.
# Daily builds from prow are on gcr.io
hub: docker.io/istio
# Default tag for Istio images.
tag: 1.3.2
```
Not sure how to fix, but having the dev defaults here may be misleading.
* Fix FAQ for UDP is supported
* Update content/en/faq/traffic-management/naming-port-convention.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
Currently we are asking users to get a count of their CRDs. This is hard
because the docs fall out of sync very frequently, they may have CRDs
for the operator or something, etc. In generally its really hard to be
right here, and it involves the users manually running this command over
and over until it works.
Instead, we can just wait for the jobs to complete. This has the benefit
of working regardless of their environment, and won't fall out of date.
* Add intro, fix broken links/titles, set 80 columns
* Clarified, expanded wording and made it consistent
* Fixed curl case
* Removed tutorial node and moved to examples node
* Fixed PR comments
* migrate Deployment apiVersion from extensions/v1beta1 to apps/v1 to support k8s 1.16
* migrate Deployment, PodSecurityPolicy apiVersion to support k8s 1.16
* A compromise PR of a long original work
See PR: https://github.com/istio/istio.io/pull/5142
Pretty much everything about this PR is compromised...
* Apply reviewer comments.
* initial implementation
* add HTTP gateway for httpbin.org
* rewrite the introduction
* extend the exmample by blocking traffic from the mesh
* use www.google.com instead of *
* fix a typo in httpbin.org
* rename 'front proxy' to 'proxy', rewrite the first paragraph
* add a step for enabling Envoy's access logging
* Gateway -> ingress gateway, server -> servers, Note -> ensure
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* httpbin/google -> the httpbin/google services
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Configure -> create, is used -> you will need it
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* expand the sentence why the reader will need the localhost service entry
* expand the sentence about configuring routing
* rewrite the sentence about accessing httpbin.org
* Check the logs of the gateway -> print the gateway's log
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* You should see a line -> search the log for an entry
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Check the Mixer log -> print the Mixer log
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* You should see a line -> search the log for an entry
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Access `www.google.com` through your ingress -> Access the `www.google.com` service through your ingress gateway
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Check the Mixer log -> print the Mixer log
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* You should see a line -> search the log for an entry
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* You should see a line -> search the log for an entry
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Check the Mixer log -> print the Mixer log
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* fix indentation
* fix the first step
* split a long line
* expand about the mesh gateway
* remove leftovers from previous commits
* print the log with: -> print the log with the following command:
* remove printing Mixer log since in 1.1 it does not have to be enabled by default
* use TLS instead of HTTPS
to prevent confusion with the TLS termination cases
* front-proxy -> proxy
* fix the cleanup
* fix links
* use cnn instead of google
since the webpage of google is less clear to grep
* move to examples
* rewrite the example as a blog post
* example -> blog post
* add the first version of Egress with Kubernetes Services
* add explicit disabling of TLS in destination rules
* rewrite the motivation for Kubernetes service entries
motivation: location transparency
* remove pre-Istio from .spelling
* add "The external services are not part of an Istio service mesh..."
so they cannot perform the mutual TLS of Istio.
* split a long line
* expand the explanations about disabling Istio's mutual TLS
* add explanation about disabling TLS mode in the HTTP case
* add explanation about disabling Istio mutual TLS for HTTPS case
* unencoded -> unencrypted
* fix a link
* fix the location of the task to be in content/en
* Add doc page for 'istioctl analyze'
* Address lint comments
* Fix spelling errors
* Use github_blob in link
* Changes based on PR feedback
* Fix lint issues
* More changes based on PR feedback
* Fix couple typos
* Remove one word
* Shorten title and use bulletted list
* Clarify relationship between pods and workloads
* Update content/en/docs/reference/glossary/pod.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* Task describing new experimental 'describe pod' sub-command
* Move document to troubleshooting and address comments
* Restructured so that commands and command responses are in the same text block
* Rewrite the `istioctl describe` task.
This rewrite fixes the style, tone, and language of the content. Additionally,
it adds links to relevant pages and glossary entries. Lastly, it adds and
improves the markup used.
Signed-off-by: rcaballeromx <grca@google.com>
* Add @frankbu's syntax correction for bash block
* initial version
* add structure and certificate generation
* remove redundant article
* create the reviews service and later delete it
required for pods to start
* kubernetes -> kubectl
* complete creating the egress gateway section
* add deployment of an ingress gateway
* use LoadBalancer type for the private ingress gateway
* expand the cleanup section
* add "Expose reviews v2" section
* use hostnames in CN so it can be verified by curl
* use a single slash in HTTPRewrite uri field
* fix the virtual service and the curl call
* add a troubleshooting section
* use port 80 in the egress gateway's deployment
* implement the consume section for reviews v2
* expand the troubleshooting section
* split a virtual service, use port 443
* unite two virtual services for reviews
* add namespace to the gateway reference
* complete the cleaning instructions
* fix prefix match and rewrite in consuming reviews v2
* rename the gateway, destination rule, rewrite authority in ingress cluster2
* split the virtual service in cluster1 into two parts
* set access log format to print both the path and the rewritten path
* extend the cleanup section
* add load balancing between the local and remote versions of reviews
* remove usi
* change consume/expose details to ratings
* add diagrams
* canary release the remote version
* fix the subtitle and the publish date
* add subset v1 to the routing to the local version
* use local name (reviews) for a virtual service in the default namespace
* add the 'Deploy reviews v2 locally and retire reviews v1' section
* a Gateway -> an ingress Gateway
* virtualservice myreviews-bookinfo-v2 -> virtualservice privately-exposed-services
* add the "Expose ratings and reviews v3" section
* add printing response code to curl commands
* add a step to delete the consumption of the remote service from `cluster2`
* add a section "Consume ratings and reviews v3"
* add a section about Istio RBAC
* rewrite certificate creation - add spiffe SAN
* add a section about RBAC on ingress gateway
* remove redundant quote
* add extended key usage and critical to subjectAltName
* add generation of certificate and key for cluster3
* rewrite ingress RBAC in cluster2 to use EnvoyFilter for RBAC
Istio RBAC currently does not support getting principal for
MUTUAL TLS, only for ISTIO_MUTUAL
* fix MeshFederation5, the local version of reviews must be v2
* fix a typo
* add the "Cancel exposure of ratings" section
* add checking Istio configuration artifacts
* rewrite the introduction, add requirements and the proposed implementation section
* to base implementation -> to base the implementation
* split a long line
* web page -> webpage
* fix indentation
* of deploying -> after deploying
* add an explanation about openssl
* extend the explanation about `cluster3`
* add an explanation about deploying gateways
* create the certificates -> create the certificates and keys
* remove "the" from "to generate the certificates and the keys"
* minor changes in gateway deployment
* mount volumes from secrets -> mount secrets as data volumes
* add explanation about private gateways
* cluster1 and cluster2 -> both clusters
* add an explanation about exposure/consumption
* add an explanation about c1,c2,c3.example.com hostnames
* real URL -> existing hostname
* port 80 -> port 443 (the egress gateway)
* remove the non-mTLS options
* VirtualService -> virtual service
* fix indentation
* remove back ticks from reviews v1 and v2
* in remote cluster -> is in remote cluster
* add explanation about expose-nothing behavior by default
* add a separating empty line
* port 80 -> port 443
* VirtualService -> virtual service, part 2
* your Kubernetes cluster -> your second cluster
* add "in case you have a load balancer"
* add "in case you have a load balancer... otherwise..."
* fix the pod of reviews-v2 in the first cluster
mention the new pod
* web page -> webpage
* cluster1 -> the first cluster
* make multiple tests a sublist
* rewrite the sentence "Let's change the RBAC policy"
remove let's
remote passive voice
* rewrite the series of the tests to check RBAC
* issues requests -> sends requests
* Let's consider -> consider
* split a long line
* add "locally" to has access to ratings
* the ratings -> ratings
* use first/second cluster instead of cluster1/cluster2 in headings
* add a subsection to remove certificate and key files
* extend the sentence about role binding
* extend the sentence about enabling Istio RBAC on bookinfo
* rewrite the sentence about accessing the webpage of the bookinfo app
* add an explanation about the EnvoyFilter
* other 50% -> the other 50%
* 50% of time -> 50% of the time
* at cluster -> in cluster
* rewrite the sentence about cleaning Istio RBAC
* add summary
* in the subtitle: traffic control -> strict access control
* for the many different reasons -> for different reasons
* special certificates -> dedicated certificates, add dots
* add a sentence about defense in depth and PCI compliance
* fix typos
* through their gateways -> through corresponding gateways
* _v1_ -> `v1`
* ad-hoc -> ad hoc
* put EnvoyFilter and the name of the Envoy's filter in backticks
* instructions for NodePort Ingress -> instructions for using node port for ingress
* add "hoc" to .spelling, for "ad hoc" expression
* fix a link
* remove unneeded single bullet
* fix a link for Defense-in-depth
* rewrite the list of reasons for split applications between multiple clusters
* add a clause about boundary protection
* expand on non-uniform naming
* rewrite the bullet about boundary protection
* expand on the lack of common trust
* fix division into paragraphs in the introduction
* different as -> different than
* in different namespaces in a cluster -> in the clusters
* to the ratings -> to the ratings service
* rewrite the explanation about DNS and routing
* add a comma after "destined to ratings"
* split a long line
* replace PCI DSS with boundary protection
* remove an unneeded empty line
* split long lines in the summary
* simplify the sentence in the summary about explicit exposure of the clusters
* put "paired" in italics
* split a long line
* change the publish date to 12-th of August
* split a long line
* add the "Isolation of system components and boundary protection" subsection
* rephrase a sentence to remove passive voice
* add cyber and subnetworks to .spelling
used by NIST Special Publication 800-53, Revision 4, Security and Privacy
Controls for Federal Information Systems and Organizations:
This type of enhanced protection limits the potential harm from cyber attacks...
... routers, gateways, and firewalls separating system components into physically separate networks or
subnetworks
* rephrase and reformat the section about boundary protection and isolation
* rewrite the section about isolation and boundary protection
* Kubernetes community -> the Kubernetes community
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* three patterns -> three documented patterns
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* three patterns differ -> the differences between the patterns
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* add "where none of the multi cluster patterns apply" to "there are cases when you want to"
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* didn't establish -> have not established
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* rewrite the sentence about the best solution and the goal
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Payment Card Industry Data Security Standard -> the ..
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* move "in my opinion" to the beginning of the sentence
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* move "in my opinion" to the beginning of the sentence, part 2
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Add "the" to PCI DSS
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* add "approach" after "the proposed mesh federation"
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* add "the" before NIST
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* uniform identical naming -> uniform naming
* common indentity and common trust -> common identity and trust
* mesh-federation -> isolated-clusters
* rewrite the blog post, removing mesh federation and multicluster mesh mentioning
* add the "Testing the certificates in the chain of calls" section
* Revert "add the "Testing the certificates in the chain of calls" section"
This reverts commit 6ada5903e5.
* remove redundant parenthesis around the first link to PCI DSS
* fix a typo (though -> through)
* remove the last '/' which seems to confuse lint
* remove namespace qualifier for gateways in virtual services
since the virtual services are in the same namespace
* extend the explanation about RBAC
* try another link for gdpr
* add ` ` to try to make lint happy
* Revert "add ` ` to try to make lint happy"
This reverts commit 552806883f.
* rewrite the list of standards as a table, add links to the paragraph below
* put full service name in backticks
* fix a typo (localtion -> location)
* fix the level of the first section
* rename the ca-example-com-certs secrets into c1/c2-trusted-certs secrets
to enable running commands in a single cluster
* use kubectl apply to create a namespace in case it already exists
for the single cluster scenario
* add deleting of the ratings service in the first cluster
during the initial setting
* change the error in case ratings is not found
* remove istio-private-gateways from the list of RBAC-included namespaces
* add '--ignore-not-found=true' to the kubectl delete commands
to support the case of a single cluster
* credit card -> payment card
* add running the blog post in a single cluster
* add unsetting environment variables to the cleanup section
* fix internal links
* The approach I propose - The approach I use
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* features of the proposed approach -> features of the approach
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* I propose -> I use
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* I propose to base connecting clusters on -> I connect clusters based on
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* add "some of the process could clearly benefit from automation..."
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* similar the pattern -> similar to the pattern
* the proposed implementation -> the implementation pattern
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* added a comment that my approach is different from multicluster meshes
* fix a link
* add a multi-mesh section to examples
* move the blog post about cluster isolation to examples
* rewrite the blog post as example
* add a missing period in the description
* Revert "add a missing period in the description"
This reverts commit 14f656280f.
* Revert "rewrite the blog post as example"
This reverts commit 875a4f55f0.
* Revert "move the blog post about cluster isolation to examples"
This reverts commit 17b20a1cb5.
* Revert "add a multi-mesh section to examples"
This reverts commit 9d9365eee7.
* rewrite the blog post to not contain the same service (reviews) in two meshes
per comments of Sven Mawson
using ratings and httpbin to show exposure of two services
* fix the link to Envoy's RBAC filter
* fix an internal link
* fix spelling
* remove redundant empty line
* remove "no common trust" from the single cluster
* initial version after moving the example to istio-ecosystem
* fix list formatting
* additional touches
replace cluster with mesh everywhere
add monitoring at the boundary
* describe -> outline, report
* put all mesh-federation and multi-mesh instances into the glossary markup
* update the publish date
* call "service location transparency" an optional feature
* rewrote "Service location transparency is important" to "Service location transparency is useful in the cases when you want"
* the istio-ecosystem repository -> Istio ecosystem
* rewrite subtitle
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Rewrite the title
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* rewrite the sentence about isolation
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* rewrite the sentence about separate service meshes on separate networks
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Remove "Istio to connect applications in the meshes with different compliance requirements"
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* remove the glossary item from mesh federation and add "support and automation work under way"
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* remove glossary reference
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* remove glossary reference, 2
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* add comparison with multi-cluster (single mesh)
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* remove glossary reference, 3
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* remove glossary reference, 4
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* remove glossary reference, 5
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* remove glossary reference, 5
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* remove glossary reference, 6
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* remove glossary reference, 7
* report -> touch on
* update the date of the blog
* Added blog for monitoring external service traffic
In release 1.3 we added support for monitoring traffic to external services
which are allowed or get blocked. This blog explains how to use these metrics to
get the host names/IP addresses for these external services.
* Address review comments
* Removed extra heading
* Re-align headers
* Update index.md
* Remove usages of curl inside istio-proxy
Distroless builds of Istio do not contain curl, so we should not tell
users to use it. Pilot-agent handles this functionality for us
* Fix lint error
* 1.1 release notes
* Cleaned up wording and formatting to match other point release
* Updated to remove UTF-8 from spelling as well as link to the last issue
* Moved release announcement to news
* Fixed capitalization and removed aliases for 1.3.1 release notes
* Removed references to pull requests rather than issues and added reference for metadata exchange and stats
* Added WebAssembly to the dictionary and removed duplicate of webhook
* Fixed date
* Add FAQ entry for running Cassandra
Addresses issue istio/istio#10053
* Making clear why default config does not work
* Removing numbering of subsections
* Removed one unnecessary line
* Addressing editorial corrections and removing a section
* Adding FAQ entry for elastic search
Creating a new category of FAQs for application specific configuration
and adding the first entry for Elasticsearch
Addresses https://github.com/istio/istio/issues/14743
* Making changes to address comments
- Clarifying the text
- Removing unnecessary info
- Adding info on using MTLS
- Adding StatefulSet to .spelling
* Updating the MTLS limit for Release 1.3
* Addressing reviews
Removing spelling entry
Removing Alias for faq file
* Shortened as requested by reviewer
* Added App Identity and Access blog
* Updates after review
Reviewed by @adammil2000 and gtaylor
* Fixed linting
* Updated date, description
* Fixed spelling, added new words to .spelling
* Mention mirror_percent field in mirroring task
* Apply suggestions from code review
Co-Authored-By: Adam Miller <1402860+adammil2000@users.noreply.github.com>
* Update for new istioctl value requirement
* Update Sidecar Injection docs
Part of this is fixing inaccurate information, and part is trying to
simplify it a bit. If I did a bad job simplifying I'll just revert most
of this and send just the essential fixes.
* Fix typos
* Update content/en/docs/setup/additional-setup/sidecar-injection/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Remove port name requirement
We now do protocol sniffing.
Note - this is definitely not safe to merge. We still need docs explaining protocol sniffing, and how to select a port type explicitly (required for things other than tcp/http, and more performant if you know its tcp/http). Not sure the path forward for this
* Add protocol selection doc
* Fix lint
* Add FAQ
I don't think there is a need to insert this edge case about certmanager
here. Lets just look for Istio CRDs, which we know will always be 23,
and not confuse 99% of users for an advanced feature.
* Added operator install guide
Added draft of operator install doc
Added entries to dict and fixed typo
Fixed tip syntax error
Moved install docs to new en folder structure
Toned-down intro, bash command fixes, reordered subsections
* PR review feedback, link from feature status page
* Fixed install verification example
I don't think we need to document every obscure edge case, especially in the very first page a user will look at. If the user follows our docs, this will never happen. If they *don't* follow the docs, they still will probably never hit this.
* Temporarily disable the user guide of Istio Vault integration for release 1.3
Istio release 1.3 uses new k8s JWT (https://github.com/istio/istio/pull/16147),
which breaks the user guide of Istio Vault CA integration for release 1.3.
This PR temporarily disables the user guide of Istio Vault CA integration for release 1.3.
* Remove unneeded info in Setup page
* You really don't need an "detailed understanding of sidecar injection"... Istio should just work out of the box.
* We already link to pod requirements at the top of the page
* Re-add sidecar injection
* Update doc for sds
* Update SDS doc for trustworthy jwt feature
* Drop legacy jwt support
* Add SDS announcement
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/docs/setup/platform-setup/_index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update index.md
* Update .spelling
* Update content/en/docs/setup/install/helm/index.md
Co-Authored-By: Romain Lenglet <romain.lenglet@berabera.info>
* Update index.md
* Update _index.md
* Update index.md
* Address comments
* Refine doc again
* Bump the support version of k8s to 1.13
* Update vendors
* Update docs
* Apply suggestions from code review
Co-Authored-By: Rigs Caballero <grca@google.com>
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Rigs Caballero <grca@google.com>
* Add Istio Deployment Models concept.
This concept replaces the old multi-cluster concept.
Includes new diagrams that comply with the diagram creation guidelines.
Updates the Chinese content to use a local copy of the previous diagrams.
Fixes all internal links to the previous version of the doc.
Signed-off-by: rcaballeromx <grca@google.com>
* Add glossary entries for needed terms.
The terms involved are:
- Cluster
- Identity
- Trust domain
Signed-off-by: rcaballeromx <grca@google.com>
* Define cluster in a platform agnostic way.
Also adds links between `identity` and `trust domain`.
Signed-off-by: rcaballeromx <grca@google.com>
* Add missing `(` in links.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix links to sections and reduce image sizes.
Signed-off-by: rcaballeromx <grca@google.com>
* Simplify the definition of `trust domain`
Signed-off-by: rcaballeromx <grca@google.com>
* Move old images to the ZH content.
Signed-off-by: rcaballeromx <grca@google.com>
* Add reworked control plane content.
Also addresses the comments left on the PR including those regarding the
diagrams.
Signed-off-by: rcaballeromx <grca@google.com>
* Add fail over example and glossary entries.
This update also reworks the control plane models section to fit the example.
Additional adjustments were made to the diagrams too.
Signed-off-by: rcaballeromx <grca@google.com>
* Move mesh models section.
Also minor fixes and edits.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix glossary entries and links.
Signed-off-by: rcaballeromx <grca@google.com>
When policy is set to an unrecognized value, the sidecar injector
defaults to [not injecting the pod, regardless of any other factors](https://github.com/istio/istio/blob/master/pkg/kube/inject/inject.go#L478)
This is different to the behvaior of `policy: disabled`, so the docs
should make that clear.
Signed-off-by: Maximilian Bischoff <maximilian.bischoff@inovex.de>
- This required fixing the script that grabs the reference docs, it had degenerated in the last
few weeks. While I was there, I made the script work using the build-tools container, and fixed
a bunch of shell script linting warnings.
Martin Taillefer
Eric Van Norman
Rigs Caballero
Brian Avery
Jimmy Chen
Chris Wilson
Jason Wang
Diem Vu
Francois Pesce
Frank Budinsky
John Howard
Yanghui Weng
Johannes Scheuermann
Joshua Blatt
Neeraj Poddar
Naoki Oketani
Gary Brown
Shriram Rajagopalan
Lin Sun
Jesse Lumme
craigbox
Zhonghu Xu
Martin Ostrowski
Yangmin Zhu
Istio Automation
Joe Selman
Pengyuan Bian
Chunlin Yang
Martin Taillefer
imgbot[bot]
Adam Miller
Steven Dake
Vadim Eisenberg
David Ebbo
Ram Vennam
LisaFC
Ed Snible
Venil Noronha
Ryan Michela
banix
Xinnan Wen
Jason Young
Kebe
aal80
Douglas Reid
Jonh Wendell
Idan Zach
Greg Taylor
Darius Jazayeri
Sam Naser
carolynhu
Romain Lenglet
Martin Devlin
Phillip Quy Le
Morven Cao
Richard Li
Mariam John
lei-tang
Eric Van Norman
ammarn911
Maximilian Bischoff
Romain Lenglet
navinger