* recommit #1590 to release-0.8
With the following changes:
1. Title: Securing Gateways with HTTPS
2. Added a step for redeploying istio-ingressgateway in Istio-0.8.0
1. For Istio 0.8.0, redeploy `istio-ingressgateway` with a volume to contain the
[CA](https://en.wikipedia.org/wiki/Certificate_authority) certificate that the server will use to verify its clients.
```command
$ kubectl apply -f <(helm template install/kubernetes/helm/istio --name istio --namespace istio-system -x charts/ingressgateway/templates/deployment.yaml --set ingressgateway.deployment.secretVolumes[0].name=ingressgateway-certs,ingressgateway.deployment.secretVolumes[0].secretName=istio-ingressgateway-certs,ingressgateway.deployment.secretVolumes[0].mountPath=/etc/istio/ingressgateway-certs,ingressgateway.deployment.secretVolumes[1].name=ingressgateway-ca-certs,ingressgateway.deployment.secretVolumes[1].secretName=istio-ingressgateway-ca-certs,ingressgateway.deployment.secretVolumes[1].mountPath=/etc/istio/ingressgateway-ca-certs)
deployment "istio-ingressgateway" configured
```
1. Create a Kubernetes `Secret` to hold the [CA](https://en.wikipedia.org/wiki/Certificate_authority) certificate,
namely `istio-ingressgateway-ca-certs` in namespace `istio-system`. The Istio gateway will automatically load the secret.
* add LibreSSL and macOS to .spelling
* rephrase the reference to the ingress task
* remove redundant trailing space
* fix the ingress links and the ingress port in endpoints guide
* fix a link to VirtualService gateways
* update links in FAQ about secure ingress
* add egress-tls-origination task
* add cnn.com, edition.cnn.com an "programmatically" to .spelling
* lint fixes
* remove a page alias
* add What's next section
* HTTP2 -> HTTP in port definition
* put the output of commands as part of the "command" block
* rewrote the cleaning after HTTP ServiceEntry without TLS origination
* clarify the configuration items for TLS origination
* when talking to edition.cnn.com -> when accessing edition.cnn.com
* wild card -> wildcard
* an Service Entry -> a Service Entry
* use curl -s -o /dev/null -D - instead of curl -I
* Perform TLS Origination for Egress Traffic -> TLS Origination for Egress Traffic
- Within a code block, you can now surround a relative file path with @@. This will
cause the path to be rendered as a link to raw.githubusercontent.com/istio/istio/<path>.
This lets the user click on the link to see the content of the file, which is mighty
handy.
- Updated all code blocks to take advantage of the above.
- Introduce support for {{< branch_name >}} which returns the source code branch
name associated with the current doc site.
- Use {{< branch_name >}} in all our references to content in istio/istio on GitHub. This thus
pins our references to the correct version of the content in GitHub. This prevents errors from
gradually appearing in our doc set as content in GitHub starts to diverge from the expectation
in the site content.
(cherry picked from commit 1dcd301)
instead of 0.6
```bash
sed -e 's/https:\/\/archive.istio.io\/v0.6\/docs\/tasks\//https:\/\/archive.istio.io\/v0.7\/docs\/tasks\/traffic-management\//g' *.md
```
Vadim Eisenberg
cjongseok
Frank Budinsky
salrashid123
Guang Ya Liu
mtail
Tao Li
Martin Taillefer
Lin Sun
Morven Cao