* Update architecture diagram to show istiod.
Signed-off-by: Rigs Caballero <grca@google.com>
* Include the old components within Istiod in the diagram.
Signed-off-by: Rigs Caballero <grca@google.com>
* make update_ref_docs against release_1.5
* Put back the file deleted by the script: istio.operator.v1alpha1/index.html
* Remove extraneous file (missing cherry pick from master)
* Fix pilot -> istiod for config validation docs
* Update content/en/docs/ops/common-problems/validation/index.md
Co-Authored-By: Eric Van Norman <ericvn@us.ibm.com>
* Update index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* fix(architecture): remove mixer mentions from architecture doc
Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com>
* remove outdated link
Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com>
* Blog post to be cherrypicked and published immediately with 1.4
* still working on linting
* removed colon from title
* fixed lint errors.
* fixed broken link error
* updated diagrams, final lint fixes, addressing ericvn comments
* removed target release
* Spelling and add a tip to using-istio-dashboard
* Update content/en/docs/tasks/observability/metrics/using-istio-dashboard/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/observability/metrics/using-istio-dashboard/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* authz: add task for IP whitelist/blacklist on ingress gateway
* allow list and deny list
* Small grammar adjustments
* address comments
* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Adam Miller <1402860+adammil2000@users.noreply.github.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* update operator ref doc
* fix broken link
* Update url to archive link
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* wip: setup observability tasks for v2
Signed-off-by: Douglas Reid <dougreid@google.com>
* continue work
Signed-off-by: Douglas Reid <dougreid@google.com>
* lint fix
Signed-off-by: Douglas Reid <dougreid@google.com>
* remove mixer ref from what-is-istio
Signed-off-by: Douglas Reid <dougreid@google.com>
* further cleanup
Signed-off-by: Douglas Reid <dougreid@google.com>
* lint fix
Signed-off-by: Douglas Reid <dougreid@google.com>
* when will the linting stop?
Signed-off-by: Douglas Reid <dougreid@google.com>
* Update content/en/docs/tasks/observability/mixer/_index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Add note about JWT policies
This will be linked to from the istioctl apply output, which currently
has a warning if 1p jwt tokens are used.
* fix lint
* rewrite Secure Gateways (SDS) to use openssl for generating certs/keys
additional improvements:
1. Generate and use client certificate/private key for mutual TLS
2. Do not use quotes in YAMLs where not required
* add removing csr files and client.example.com files
* delete the directories with the certificates -> delete the certificates and the keys
found during community testing:
- The version of API was incorrect.
- The first step of the doc did not have the namespace creation (it was
in a 2nd step in the English version)
* remove deprecated platform specific examples
This examples were deprecated in the 1.4 release with
https://github.com/istio/istio.io/pull/5663. They were scheduled to be
removed in the next release (1.5).
* undo zh changes
* Add option to setup Istio on KIND
* Rename KIND to kind, fix few typos
* Arrange in a easy to follow steps
* Few more updates to make sentence better
* Small tweaks
* last few improvments
* Rewrite contribution guides to empower reviewers
This rewrite includes the following changes:
- Implement the new reviewer role.
- Restructure the contribution guides into multiple smaller pages to make
them easier to reference.
- Added separate pages for adding new content and reviewing content.
- Added clarifying text for the implemented shortcodes and processes.
- Updated all links.
- Added color-coded flow chart of the review process.
Signed-off-by: rcaballeromx <grca@google.com>
* Add content to help identify audience needs.
Addressed typos, consistency improvements, and other small fixes.
Added a mention and link to our code of conduct to the review process.
Signed-off-by: rcaballeromx <grca@google.com>
* adding layer5 adapter to the repos
* - including the generated adapter html file
Signed-off-by: Girish Ranganathan <girish.rranganathan@gmail.com>
* - updated title
* Define and link SDS on first mention
* Added fix for minikube
* Fix bad link to SPIFFE
* Revert "Fix bad link to SPIFFE"
This reverts commit 7efcc80958.
* update documentation for TCP traffic shifting: use a dedicated namespace instead of using default [istio-18285]
* fixed lint error in tcp-traffic-shifting/index.md in creating new namespace section (istio#18285)
* fix ordered list numbering to conform to MD029 configured to 'one' (istio.io/istio#18285)
* Fix problem links
Some of these changes need to go into the API repo as well.
* Update content/pt-br/news/releases/0.x/announcing-0.1/index.md
Co-Authored-By: Jhon Mike <jhon.msdev@gmail.com>
Co-authored-by: Jhon Mike <jhon.msdev@gmail.com>
* Add GRPC-WEB to supported protocol for Gateway
This patch adds GRPC-WEB to supported protocl for gateway.
Please refer to https://github.com/istio/istio/pull/20537/.
* Revert non-English page
* Clarifying automatic sidecar injection
Customers are having errors related to missing sidecars much too often, likely due to our confusing name "automatic sidecar injection" and our confusing language implying this is enabled by default. We have to make it more clear that automatic sidecar injection requires someone to turn it on first.
* Typo fix
* Update content/en/docs/setup/additional-setup/sidecar-injection/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/setup/additional-setup/sidecar-injection/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/setup/additional-setup/sidecar-injection/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Removed redundant phrase
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Document suppression arguments for istioctl analyze
* Use correct syntax/plain rather than bash
* Quote MisplacedAnnotation to avoid spelling error
* Proper spacing between block elements
* Fixed bash snippet rendering problems
Co-authored-by: Adam Miller <1402860+adammil2000@users.noreply.github.com>
* remove "on the code" from "note the following elements"
* move "from a different terminal session" to the previous curl command
use terminal window instead of terminal session, since window is more clear
* rewrite the last sentence of the "Run raitings in Docker" module
* rewrite the sentence about the final version in the Bookinfo example
* remove setting NAMESPACE and KUBECONFIG since they were set in "setup local computer"
* environmental variable -> environment variable
see https://en.wikipedia.org/wiki/Environment_variable
* the Bookinfo example page -> the Bookinfo example
* in the page -> on the page
* remove "on the tutorial namespace"
all the operations are performed on the tutorial namespace anyway
* remove "Such clients are known as mesh-external clients"
there is no mesh introduced yet, and this sentence does add much information
* use kubectl patch instead of editing yaml
for GKE, to change productpage's type to LoadBalancer
* sudo is required to edit /etc/hosts, not to run the echo command
* add /static to Kubernetes Ingress Gateway
if the user passed istio_cni it will trigger this error `error: bad path=value (values.istio_cni.enabled=true): unknown field "istio_cni" in v1alpha1.Values`
the right value is here: https://istio.io/docs/setup/additional-setup/cni/#installation which is supposed to be "cni.enabled=true"
* Adds an entry for Redis in the FAQ
Addresses: issue https://github.com/istio/istio/issues/16078
* Copy edits
Co-authored-by: Adam Miller <1402860+adammil2000@users.noreply.github.com>
* Improve the MTLS migration task.
* Small fix.
* More improvements.
* Small fix.
* Small fix.
* Small fix.
* Small fix.
* Small fix.
* Lint fix.
* Copy edits
* Apply suggestions from code review
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Adam Miller <1402860+adammil2000@users.noreply.github.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* add "for" in description: ... configure Istio for Kubernetes External Services
* add "in the default namespace" to "create a Kubernetes ExternalName Service"
* mention the Kubernetes DNS format for services
* bugfix: V1/2_POD_IP set error when there are multiple pods labelled version=v1/2
* certificate decode error when decoding from bash pipe by openssl
* revert certificate decode error when decoding from bash pipe by openssl
* no need to "connect to your cluster" in order to create an environment variable
* no need for mutual TLS in Istio installation
* fix the Jaeger port
should be 9411 instead of previous 80
* split the sentence about sending the configuration files to each participant
* you configured the cluster for the tutorial (single)
in this tutorial, the tutorial is used in single. The tutorial is composed of multiple modules.
* when setting local computer, do not export the namespace
the namespace name is selected in the previous steps by the instructors or
by the participant who owns a cluster
* Istio multi-cluster with local control planes automation
* Grammatical fixes from review comments.
* Fix lint error.
* Fix lint error.
* Fix more lint errors.
* Add pictures and fix language for code blocks.
* Update images.
* Update descriptions
* Fix more lint errors.
* Add istio-ingressgateway to spelling.
* Change istio io links to relative paths.
* Some reworking and add content on dependeny CR to the doc.
* Move to year 2020
* Update weight for right display.
* Copy edits, clarified language
* Typo fix
Co-authored-by: Adam Miller <1402860+adammil2000@users.noreply.github.com>
* remove bin reference to istioctl
as all of our other tasks assume istioctl is on the path already. Having it cause me an alert on my mac:
“istioctl” can’t be opened because Apple cannot check it for malicious software.
* fix istioctl path
* update the cmd to retrieve token correctly
* update to remove empty char only
* remove tab also
* Update content/en/docs/tasks/security/authentication/authn-policy/index.md
Co-Authored-By: Eric Van Norman <ericvn@us.ibm.com>
* Set Kiali username and password on separate prompt
* Fix linting errors
* Revert zsh prompt to single copiable box
* Fix review comment suggestions
* Remove spacing
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
As with version v1.4.0, Experimental multi-cluster setup has been added to istioctl
The following command also provides istio-multicluster-destinationrule and host information
kubectl get destinationrule --all-namespaces
The banner now points to the current release's announcement page, which is really
the 'dashboard' for a new release, and has all the right links for the user.
`istioctl manifest apply --set profile=demo --set cni.enabled=true --set values.cni.cniBinDir=/home/kubernetes/bin` by default put the `istio-cni-node` daemonset in istio-system namespace. The cni pod fails to create.
According to the helm command here 3fc0e65d94/README.md (usage) `istio manifest` should set cni.namespace to kube-system on gke
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
These fix problems encountered when switching to the new Hugo which has
a completely different markdown engine. I went through diffs of the generated
HTML and made required adjustments.
* 1.4.1 Release Notes
* Remove alias
* Fix spelling error
* Update content/en/news/releases/1.4.x/announcing-1.4.1/index.md
Co-Authored-By: Eric Van Norman <ericvn@us.ibm.com>
Events are used for special announcements. There are stickers and banners that can be
displayed to the user. These can be used to announce an imminent release with a
sticker and countdown clock, or can be used to invite users to a future
conference, or can be used to announce that a new release is available for download.
See the authoring guide for instructions on how to use these announcements.
- We don't need cookies for istio.io, the few settings we do have should be
managed with browser-local storage instead. This is a better privacy posture,
and avoids sending needless data to the server for every request.
- Move some info to front-matter in the different security bulletins
such that it can be used when building the security bulleting index page.
- Update the security bulletin index page to show affected relesses and
impact score.
- Make it so table headers are vertically centered, which looks a lot nicer
when there are a combination of single-line and multi-line headers in the
same table.
- Add a few checks to correctly hide draft mode documents from sight
in more cases.
- Remove a stale document that's been in draft mode since first being
created in 2017.
- Clean up a bit of text in some release notes.
* Add note about annotations to control traffic
Fixes https://github.com/istio/istio/issues/19258
* Update content/en/docs/tasks/traffic-management/egress/egress-control/index.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
- If a returning user comes to the site, if there are unread
blog posts or news articles less than 15 quadrllion nanosecond
old will be treated as being unread. When there are unred articles,
the News or Blog link in the title bar will get a green dot indicating
articles are available. When clicking on News, then you'll get the
news categories with a pill showing how many articles are unread for
each category.
First-time visitors to the site will not get any dots or pills for
existing articles. These will only appear in subsequent visits for
new articles.
Due to the default behavior for new users, if you just look at the
preview, you will not see any pills or dots. To see what this actually
looks like, load up the preview, then go to the Chrome Developer Tools,
click on the Application tab, then on Local Storage, and then find the
visitedPages entry. Right click on the entry, select Edit Value,
and set the value to {}. Then refresh the page and you
should see some dots show up next to the Blog and News links in
the header.
* use a subset in the destination rule for TLS origination
this way the TLS origination will only be applied for the traffic directed by the
virtual service for TLS origination. TLS origination will not be applied for the original TLS traffic
* add a check that the original TLS traffic works as before
- Security bulletins now have a cleaner style, with a common table
at the top capturing common info.
- Generate a custom table when showing the list of bulletins.
- Remove some stray characters at the top of the page.
- Fix scrolling behavior such that the selected letter stays on the
screen. This broke due to a bug fix on the istioctl page which had
an unexpected side effect,
- Remove extraneous alias that could lead to infinite redirect loops.
* update istioctl download instruction
```
$ curl -L https://istio.io/downloadIstioctl | ISTIO_VERSION=1.4.0 sh -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 101 100 101 0 0 261 0 --:--:-- --:--:-- --:--:-- 260
100 2339 100 2339 0 0 4524 0 --:--:-- --:--:-- --:--:-- 4524
Downloading istioctl-1.4.0-osx.tar.gz from https://github.com/istio/istio/releases/download/1.4.0/istioctl-1.4.0-osx.tar.gz ...
istioctl-1.4.0-osx.tar.gz download complete!
Add the istioctl to your path with:
export PATH=$PATH:$HOME/.istioctl/bin
Begin the Istio pre-installation verification check by running:
istioctl verify-install
Need more information? Visit https://istio.io/docs/reference/commands/istioctl/
```
* Update content/en/docs/ops/diagnostic-tools/istioctl/index.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* [kiali] add viewing and editing Istio configuration YAML to the task
* The linter is failing this because it considered "Config" a spelling error. However, the actual GUI menu item is literally called "Istio Config".
Because of this, I cannot format "Istio Config" in simply bold letters (which is the Istio doc standard for denoting GUI elements).
Thus, even though its a GUI element, I have to surround with backticks to avoid this being considered a spelling error.
* Incorporate review suggestion.
Fix some other things I noticed.
* Added the Best Practices section with general principles.
This is the beginning of the new Best Practices section.
Our goal is to provide a section for all the best practices and recommendations
for Istio deployments. The best practices are based on the identified and
recommended deployment models.
Signed-off-by: rcaballeromx <grca@google.com>
* Change headings for clarity.
Adds clarity to some passages based on feedback.
Removes a list of recommendations that was causing some confusion.
Adds a glossary entry for failure domains and how they relate to a
platform's availability zones.
Signed-off-by: rcaballeromx <grca@google.com>
* Move Best Practices to Ops Guide
Signed-off-by: rcaballeromx <grca@google.com>
* Moved Deployment Best Practices to a new "Prepare Your Deployment" section.
Moved all deployment preparation content into a new section under "Setup".
For now the content includes the following sections:
- Deployment models
- Deployment best practices
- Pod requirements
Merged the two existing pages containing pod requirements into one single page.
Signed-off-by: rcaballeromx <grca@google.com>
* Replace example with better guidance around namespace tenancy.
Signed-off-by: Rigs Caballero <grca@google.com>
* Add links and language pointing to the Prepare section
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix minor typos and broken links.
Signed-off-by: Rigs Caballero <grca@google.com>
* Move from Setup to Operations
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix broken links
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix rebasing issues.
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix multicluster install link.
Signed-off-by: Rigs Caballero <grca@google.com>
* [kiali] add a new section that creates a weighted route to show kiali is more than just a pretty graph.
* spell checker failed, I assume "dropdown" and "checkbox" and "popup" must not be compound words.
(I can't get the linter to run locally on my box, so I have to commit this and see what travis says)
* address suggestions.
* Alot of the Istio community does not know that Kiali is more than just a graph.
We want to get that across. This Task can't cover it all, so this commit
adds a link to the "Features" page of the kiali website
which lists the non-graph features as well so people can at least
learn about those other features.
* add a task to show kiali validation
* Explicitly identify missing ingress spans could be due to experimental outbound protocol detection
* Addressed comment
* Update content/en/faq/distributed-tracing/no-tracing.md
Was added to address a comment by @douglas-reid - but I'm fine with leaving it out.
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* Update multicluster shared-vpn doc
Update docs for the multicluster installation for Shared control plane (single-network) to make it work with `istioctl manifest`.
* Update index.md
* Apply suggestions from code review
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* split deploying ratings-v2 and updating the environment variable
* move the explanation about mutual TLS in the introduction of TCP egress traffic control
* fix helm template to add a port for TCP
the deployment must be changed in addition to the service definition
* add Policy to enable/disable mTLS at the egress gateway
* update the last_update field
* Added Verify Istio CNI to observability-issues.md
If using the Istio CNI to avoid granting `NET_ADMIN` to pods, the CNI
node pods must be running for metrics to be collected. The helm charts
don't include a PodSecurityPolicy, so the documentation guides users to
a non-working setup if the cluster has PodSecurityPolicy enabled.
* Markup changes to PodSecurityPolicy and NET_ADMIN
* Added backticks to `PodSecurityPolicy`
* Added backticks and link to NET_ADMIN capability requirement
* Removed trailing whitespace on line 39
* Added backticks to `istio-init`
* Use 'istioctl dashboard' instead of port-forward
* bold references to UI elements
* Cleanup dashboards
* Address comments
* Mention control-c, which is easier way to stop dashboard
Istio Automation
Lin Sun
Adam Miller
Yangmin Zhu
Tao HE
John Howard
Jimmy Chen
Eric Van Norman
Diem Vu
John Pape
Brian Avery
Romain Lenglet
Jonh Wendell
Bryant Hagadorn
Martin Ostrowski
Jason Young
Xinnan Wen
Jianfei Hu
Douglas Reid
stewartbutler
carolynhu
Kebe
lei-tang
Steven Dake
Vadim Eisenberg
Jason Wang
Taylor Reece
Francois Pesce
imgbot[bot]
Chunlin Yang
pengfei
Justin Pettit
Martin Taillefer
mandarjog
JacktheLee
LiuDui
Shamsher Ansari
Theofilos Papapanagiotou
jacob-delgado
Johannes Scheuermann
Rigs Caballero
girishranganathan
Suchith J N
Steven Dake
Kenjiro Nakayama
Joe Selman
cewuandy
Pete Bohman
fox
Xavier Canal i Masjuan
sjmiller609
Lee Calcote
Ashis Kumar Singh
Frank Budinsky
SerenaFeng
Pengyuan Bian
LokeshAggarwal1997
Osama Nabil
banix
Ignasi Barrera
Oliver Liu
2BFL
aattuluri
Chris Wilson
Yan Xue
youmoo
chentanjun
Kuat
mtail
Yuchen Dai
jbounds83
Jonas Lomholdt
Hongzhi
Venil Noronha
Steve Manuel
Caleb Wang
David Ebbo
chentanjun
Neeraj Poddar
Phillip Quy Le
Iris
Limin Wang
John Mazzitelli
John Zheng
Arun Fung
Kevin Kunkel
carolynhu
Ed Snible
Eric Buehl
Jason Parraga