The configuration for the Istio installation used in integration tests
is copied at run-time from the Istio repository by `bin/init.sh` as of
istio/istio.io#6999, but the directory is otherwise empty here. This
adds it to `.gitignore` to avoid a dirty tree after every test run.
* Refactor Secure Ingress tasks
Ingress SDS is now the default and recommended. This removes the file
mount task, which is no longer recommended and will avoid confusion, and
cleans up the task a bit. I also documented the new supported secret
formats.
* use archive
The `TestCircuitBreaker` test is very flaky. It relies on examining
the percentage of requests that succeed or fail to a service with
circuit breaking configured, and ensuring the numbers fall within a
given range. Unfortunately, the percentages tend to vary widely from
run to run, so the test fails as often as it passes.
This simplifies the test by only verifying that both successes and
failures occur instead of checking the percentage of each.
* Initial documentation on Multiple Control Planes
I suspect this will be improved as we get more user feedback and
istioctl integrations, but this is a reasonable start
* Typo
* Minor edits
* Apply suggestions from code review
Co-Authored-By: Adam Miller <1402860+adammil2000@users.noreply.github.com>
* Frank's suggestions
* lint
* Apply suggestions from code review
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Adam Miller <1402860+adammil2000@users.noreply.github.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Most of the tasks in the docs assume the installation is using the
demo profile, but the tests install Istio with the default profile.
At least one instance of an issue caused by this can be found in
istio/istio#21556. This changes the example tests to run against an
installation using the demo profile.
Fixes: https://github.com/istio/istio/issues/21634
* Add documentation on Ingress support
Istio has supported Ingress for quite a while, but its not documented.
This explains how to use it and configure it.
Note to docs reviewers: Gateway is Istio's alternative to Kubernetes'
Inrgess object, and we prefer users to use Gateway. However, for reasons
like legacy users, we also support Ingress.
* fix lint
* fix lint
* fix lint
* improvements
.
* Apply suggestions from code review
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Rename PKI to Identity Issuance
Calling Identity issuance as PKI has resulted in confusion among customers expecting to see content about CRLs, OCSP, and other frills associated with standard PKIs. The content of that section is about securely issuing identities to the workloads by embedding the identity in the X509 certificate.
* Update content/en/docs/concepts/security/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/docs/concepts/security/index.md
* Update content/en/docs/concepts/security/index.md
* Update content/en/docs/concepts/security/index.md
* Update content/en/docs/concepts/security/index.md
Co-Authored-By: Justin Pettit <jpettit@ovn.org>
* Update content/en/docs/concepts/security/index.md
* Update content/en/docs/concepts/security/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Oliver Liu <yonggangl@google.com>
Co-authored-by: Justin Pettit <jpettit@ovn.org>
The mTLS migration task in the docs was updated to use
PeerAuthentication instead of Policy and DestinationRules, but the
tests were never updated. This updates the test script to be inline
with the docs.
The `TestTCPTrafficShifting` test script relies on fetching the port
named "tcp" on the istio-ingressgateway service, but that port is not
present in the default installation profile -- only in the demo
profile. This patches the service to add the port in the setup
script, and also fixes the usage of `nc` in the test script.
* Make site linter more configurable
* change brittle github links error to warning
* turn off external link checking by default
* update makefile
* fix target lint
* remove cross language link
* better variable name
* Fix links for removal of helm installation directory
* Point to archive version of istioctl upgrade instructions
* Add Aporeto to lint ignores for now.
Brad Ison
John Howard
Eric Van Norman
Steven Dake
Frank Budinsky
Istio Automation
Jhonn Frazão
Mark Ferree
Hyungrok Kim
SataQiu
Shamsher Ansari
potterhe
Shriram Rajagopalan
Brad Ison
Nupur Garg
shinji3887
Nathan Mittler
Yangmin Zhu