* Draft 1.0 EOL blog.
* Make it clear that it's an upcoming EOL, not an EOL happening immediately.
* Add period to description.
* fix spelling error.
* Relativize URLs
* The final(?) attempt to please the gods of good documentation.
* fix the bug: helloworld-v1 service port should change to 5000
* fix the bug: helloworld-v1 service port should change to 5000
* fix the bug: some yaml format error in Chinese docs,something like this
spec:
selector:
istio: egressgateway
servers:
- port:
number: 80
name: https
protocol: HTTPS
Moves the content found in examples/advanced-gateways/ to
tasks/traffic-management/edge-traffic and
the content found in examples/multicluster/ to tasks/multicluster/
Fixes all broken links caused by the move and adds aliases to the moved pages.
The changes are applied to both, English and Chinese, websites.
Signed-off-by: rcaballeromx <grca@google.com>
* Add the diagram creation guidelines.
These guidelines include an SVG file with all the shapes and styles needed. The
steps to get someone started are meant to entice people to create their own
diagrams.
Signed-off-by: rcaballeromx <grca@google.com>
* Add InkScape to the spell checker exceptions.
Signed-off-by: rcaballeromx <grca@google.com>
* Add Google Draw version of the guide.
Signed-off-by: rcaballeromx <grca@google.com>
* Add steps to contribute Google Draw diagrams.
Signed-off-by: rcaballeromx <grca@google.com>
The user guide for Istio Vault CA integration fails
because the cluster hosting an example Vault server was deleted.
This PR fixes the user guide with a new example Vault CA.
* #13575, second workaround
* backticks in place, the comment about upgrading to the latest kube-apiserver is removed as I am already on the latest version and that does not solve anything. (#13575)
* commit for the cla/google
* removing the trailing space
* .svc in no_proxy also works
- Remove unnecessary ratio= attributes used with the image shortcode
- Make it so the gloss shortcode doesn't depend on the location of the glossary
within the content tree.
- Make it so the image shortcode understands languages. It will now look in the current
language's content tree, and then callback to the English tree if not found.
- Leverage the above to simplify the Chinese content and remove many absolute references from the
Chinese content to the English content.
- Substantially simplify logic that deals with releases & release notes.
- Make it easier to add a new release to the site. THere are fewer things to
change as the site infra can figure more stuff out on its own.
- Make it so release notes can be added in one language without require them
to be added in the other language.
- Replace the ugly "a new version is available" callout on older release note
pages with a popup that only shows up when you click on the download button.
The flag to pass to Helm is `cniBinDir=/home/kubernetes/bin`, so it is confusing to add `istio-cni.cniBinDir=/home/kubernetes/bin` as the option, unless there is some context I am missing
- HTML tags appearing in bash text block output weren't being escaped properly, making them
disappear.
- Never call prism when syntax coloring is turned off, otherwise things
fail with an exception.
We want to backup certmanager CRDs in the case of Tiller usage.
Also clarify thee filename slightly to indicate it is CRD data and
related to Istio 1.0.
Fixes: #3753
* Add some detail to networking stuff
* Qualify language around service visibility
* Fix misc and refine the language around exportTo
* Add port control details to sidecar
* Water down language around namespace scoping
* Fix trailing space
* Resolve sdake's comments
* Fix typo
- Add tests for the various text block features.
- Combine text_file and text_dynamic into text_import
- Add support for snippet extraction for text downloaded from a URL
- Add support for formatting output blocks in a different style for
content downloaded from a URL
- Report some errors when unable to fetch content from a URL.
- Fixed a few small bugs along the way.
* Organize control plane update page
* small wording
* typo
* Update content/docs/setup/kubernetes/upgrade/index.md
Co-Authored-By: linsun <linsun@us.ibm.com>
* Update content/docs/setup/kubernetes/upgrade/index.md
Co-Authored-By: linsun <linsun@us.ibm.com>
* address martin comment and hope to fix circleci
* more update
* fix circle lint
* Upgrade release notes
8 months of work. Lots of changes. Very difficult to distill into
a short set of release notes, but here is my take :)
* Fix broken link
* Address reviewer comments
* Clarify language regarding the sidecar webhook.
Signed-off-by: rcaballeromx <grca@google.com>
* Clarify the injection process further.
Signed-off-by: rcaballeromx <grca@google.com>
* Remove blank lines around short codes.
Signed-off-by: rcaballeromx <grca@google.com>
- Added a test suite to test out the different compositions of
site features.
- Substantially improve the composability of site features
(callouts, tabs, text blocks, boilerplates, lists). You can
now more confidentally mix & match these in any combination
and have a pretty good chance it'll render correctly.
* Rework IBM Cloud public instructions to call common instructions
* Review comment - further simplification
* Update content/docs/setup/kubernetes/install/platform/ibm/index.md
- Add a test suite for various compositions of site features.
- Substantially improve composition of various site features to eliminate bad
interactions. It's not perfect yet, but it's much better. The one thing still
broken is "a text block inside a warning in a list in a tab". There's still
something funny going on there, but I have some ideas for later.
- Added a new linter check to detect misuse of https://preliminary.istio.io in docs,
and fixed one offending instance.
* Add doc on policy check enablement and clean-up P&T release notes
* Add in-process adapter model deprecation notice
* Add deprecation feature status for in-proc
* Fix doc link
* Add port usage
* Review comments
* Monitoring port is hardcoded and not overridable
* Restructure Istio port table
* Code review comments: Shorten table, description
- Added call-to-action buttons in the 1.1 announcements. We can use the same
buttons in future release announcements.
- Fixed broken large warning icon on the 404 error page.
- Fix oerder of blog posts in the side bar.
- Add support to not expand @@ notations in text blocks and use
it for a text blocks that's currently triggering a build failure
- Fixed broken rendering of some text blocks when syntax coloring
is turned off via the menu.
* Remomve AWS Kops as a docummented option
This doesn't mean you can't get AWS Kops to deploy Istio, just that
nobody cares to maintain the documentation. If in the future someone
wishes to maintain the documentation, we can consider adding this page
back in. I would suggest however a page on any EKS specific requirements
needed for Istio as this will be the more likely path folks take to run
Istio.
* Remove link to AWS
* Add warning callout to securing Tiller installs
There are 3 other `helm init` redundant sections. I am likely
to just C&P this warning to those sections. As a team, we need
to seriously rethink how to document these options longer term.
* Add C&P warning to all `helm init` sections
Clearly the C&P is not ideal. What would be better is to consolidate
all install instructions in these various documents into our main helm
install page as the helm init instructions are not doing anything special.
* Fix linter errors
* Boilerplate the helm security warning
* Workaround <{{ not parsable by hugo
use <pre></pre> to get hugo moving on the boilerplate. This needs
to be resolved at some point, but I'm hopeful this workaround will
work for now.
* Better workaround to problem of parsing a boiler
* Address reviewer comments
- We haven't been checking external links for months now due to a script error
when someone added an option that didn't work as expected. I'm fixing a bunch
of resulting broken links. I can't turn on the link checker yet since there are
some bad links in reference docs which I have to address first.
- Add a bunch of links to yaml files in our code examples using the @@ syntax.
* Update docs regarding when to use flexible mTLS
mTLS is now supported with stateful sets and headless services.
See https://github.com/istio/istio/issues/1277
* Fix formatting
- Move requirements up to be the first thing people see. This matches
the order presented in the landing page.
- Shuffle the order in the sidebar a bit to correspond to the order
the material is presented in the landing page.
- Clean up some of the wording on the k8s landing page.
- Shorten the platform names used in the sidebar nav so they fit better.
This matches the names used in the Platform Setup section.
* Document the sidecar.istio.io/statsInclusionPrefixes annotation
* Minor wording changes suggested by venilnoronha
* Remove trailing spaces to satisfy lint
* Use code style for filenames
* Address two concerns from Frank
* Incorporate comments from rcaballeromx
* Remove trailing space at end of line
* Add a tip about prefixing with sudo for TCP sample
This adds a note about using sudo while running the TCP Traffic Shifting
sample on certain platforms.
Signed-off-by: Venil Noronha <veniln@vmware.com>
* Switch from a tip to a warning
This updates the help text to a warning.
Signed-off-by: Venil Noronha <veniln@vmware.com>
* First round of mesh expansion doc updates.
* Bash syntax works now, and remove the headline to be consistent.
* fix the spelling.
* SERVICE_NAMESPACE and cleanup.
* Use more SERVICE_NAMESPACE in the cmd.
* Another round of fixing the doc by following exactly what it says.
* add gcloud ssh
* VM instance ip as a step.
* address comments. ns explaining.
* comments fixing and echo to tee.
* update meshexpansion.enabled
* applied my zone, project in scp.
* add istio-sys ns crtn.
* Fix frank suggestion.
* gce instance ip
* Verfied manually: use helm template for CRD.
* Verfied manually: use helm template for CRD.
* for example comma.
* Add tips to disclaim GCE.
* Update content/docs/setup/kubernetes/mesh-expansion/index.md
Co-Authored-By: incfly <jianfeih@google.com>
* Update content/docs/setup/kubernetes/mesh-expansion/index.md
Co-Authored-By: incfly <jianfeih@google.com>
* address taos comments.
* fix the link for cert life config.
* Change to require helm in prerequisite.
* fix lint
* congrats section and cleanup vm model section.
* Apply 23 suggestions to code review from github.
Co-Authored-By: incfly <jianfeih@google.com>
* remove tip section.
* fix trailing spaces lint.
* fix lint.
* remove duplicate sentence.
* remove duplicate the the.
so that users don't need to download istio archive.
confirmed these files exist for me:
```
~/istio-fetch/istio ⌚ 13:55:51
$ ls
Chart.yaml templates values-istio-remote.yaml
README.md values-istio-demo-auth.yaml values-istio-sds-auth.yaml
charts values-istio-demo-common.yaml values.yaml
example-values values-istio-demo.yaml
requirements.yaml values-istio-minimal.yaml
```
* Implement consitent term for installation related flows
Replaced "paths", "instructions", and other similar terms
with the term "flow" to ensure readers from different
Geos are not confused by multiple meanings or idiomatic use.
Signed-off-by: Rigs Caballero <grca@google.com>
* Implement consistent term for installation related flows
Replaced "paths", "instructions", and other similar terms
with the term "flow" to ensure readers from different
Geos are not confused by multiple meanings or idiomatic use.
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix typos and lint issue.
Signed-off-by: Rigs Caballero <grca@google.com>
* Clarify that egress gateway isn't present with Helm
Values.yaml has been updated to disable the egress gateway if the Helm installation option is used. Currently, we don't indicate that egress gateway should not be present if you used Helm.
* Clarify that egress gateway is disabled by default in Helm
* CR comments. Also moved notice up since it covers both services and podsw
* Cleand up wording
* Added links to relevant installer sections for egress gateway
* Added links to appropriate sections
* added blank line
* Paths have changed. Updated link
* Removed section as per code review comments
* add access log task
* change config map to configuration map to prevent spelling errors
* add an empty line between two boilerplates
seems to be required, otherwise a redundant <p> tag is generated
* make the task's title Getting Envoy's Access Logs
* mind escaping -> be sure to escape
* check the log of sleep, httpbin -> check sleep's, httpbin's log
* change -> customize
* to do it, edit -> by editing
* use a separate gateway for bookinfo in the case of multiple hosts
* set the name parameter to be "istio" instead of "istio-ingressgateway"
Since the original istio-ingressgateway was deployed with the name parameter "istio".
Otherwise, the following error will be received:
The Deployment "istio-ingressgateway" is invalid: spec.template.metadata.labels: Invalid value: map[string]string{"chart":"gateways", "heritage":"Tiller", "istio":"ingressgateway", "release":"istio-ingressgateway", "app":"istio-ingressgateway"}: `selector` does not match template `labels`
The problem is that the "release" label contains the name parameter of helm template,
and if this label will not match in the new and the original deployments of istio-ingressgateway,
kubectl apply will fail.
* add ingress troubleshooting section
* it does not arrive to the Istio -> it does not arrive to the ingress gateway
* fix a link
* remove checking the log since access log will be removed in 1.1
* you have no other Kubernetes Ingress resources -> you have no Kubernetes Ingress resources
* fail with 503 instead of 000 for injected-app
As a bad destination rule is set to disable client side mTLS and receiving side is mTLS enabled. At this point, Running the curl command between sidecar injected Istio services all requests will fail with a 503 error code as the client side is still using plain-text.
* use a boilerplate for setting environment variables for kubectl contexts of the two clusters
share the boilerplate for gateway connectivity and for split horizon EDS clusters
* add the boilerplate file
* use the 443 port and host "*.local" for the gateway
* the Gateway -> a gateway, remote services -> services in cluster2
* rewrite instructions for setting the gateway's address
* add unsetting environment variables and removing files to cleanup
* put backticks around `istio` and `ConfigMap`
* add "i.e." before the Kubernetes DNS domain in parenthesis
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* the 443 port -> 443 port
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* add deleting n2-k8s-config in the cleanup
* set --set global.meshNetworks.network2.gateways[0].port to 443
* add unsetting CTX_CLUSTER1
* move unsetting CTX_CLUSTER1 before removing temporary files
for symmetry with CTX_CLUSTER2
* add unsetting CTX_CLUSTER2
* Change the gateway's address and port -> Update the gateway's address and port to reflect...
* wait for the pods to come up by checking their status -> wait for the pods to become ready:
* add output of get pods for cluster1
* do not check the status of the istio-ingressgateway on cluster2
before configuring watching of cluster2 by cluster1
* add waiting for istio-ingressgateway to become ready after setting watching cluster2
* combine printing ingress host and port into one line
With the upgrade of cert-manager to v0.6.2 two new CRDs are being
introduced. The total number of CRDs should now be `58`. Updating
the CRDs installation section of the documentation accordingly.
* initial version, copied from release-0.8, updated format
* remove the sentence about release 0.8
* remove mentioning namespaces
* fix a localhost:1313 link
* fix the links to the new examples instead of tasks
* extend the introduction into "Configure monitoring and access policies"
* fix format of the Logging section
* fix command format of "Access control by routing" section
* replace source.service with source.name
* remove 'tail -4' since the log can come from multiple mixer telemetry instances
* add subset cnn to the virtual services
* update the log output after access control by routing
* fix format of the command to send requests to cnn.com
in access control by routing
* fix format for "Access control by Mixer policy checks"
* change the error code from 404 to 403 in "Access control by Mixer policy checks"
* add 'with mutual authentication enabled'
* fix cleanup format, delete politics source
* use kubectl apply instead of istioctl/kubectl create
* add reporterUID and sourcePrincipal attributes to the log
remove source, sourceNamespace since they erroneously report egress-gateway as a source
remove user since it is unknown
document the parameters
* fix format of Access policies by mixer, part 2
* our organization -> the organization
* fix format in the Dashboard section, 404 -> 403, SOURCE_POD_IN_POLITICS -> SOURCE_POD_POLITICS
* remove the dashboard section since it does not show source
* from a certain namespace -> with a certain service account
* change future tense to present one
* add assumption about the container name being sleep
* remove additional future tense usages
* fix a link
* $SOURCE_POD -> SOURCE_POD
* remove another case of future tense
* remove the cleanup of grafana
* change summary
* fix links
* put backticks around Listchecker
* on the localhost -> inside the pod
* add 'SDKs' to .spelling
* fix another link
* more link fixing
* Egress Gateway task -> Egress Gateway example
* add the last_update field
* add IBM to attribution
* remove the weight attribute
* Update content/blog/2018/egress-monitoring-access-control/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/blog/2018/egress-monitoring-access-control/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* after you accomplish this -> after completing that example
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Remove note, must -> should
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* combine two sentences: "peformed before you begin" and "enabled traffic to edition.cnn.com"
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Now -> at this point, configure for monitoring -> configure to monitor
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* According to the scenario of this blog post -> according to our scenario
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* remove leftover from 27f2917884
* rewrite "Related tasks and examples" as a bulleted list
* extract additional bullet
- Make better use of html semantic elements to help
search & screen readers.
- Add or improve ARIA annotations for accessibility
- Improve print-time formatting.
Martin Taillefer
Michael
Jonh Wendell
Frank Budinsky
Gary Brown
Joshua Blatt
ASaiun
mtail
Vadim Eisenberg
Jason Clark
lei-tang
Rigs Caballero
wxdao
Jimmy Chen
Gregory Hanson
Francois Parquet
Ajanthan
Eric Buehl
banix
Baykonur
Yangmin Zhu
Lin Sun
Josh Cox
imgbot[bot]
Andrew Martin
John Howard
MrLuje
Thang Chung
Zach Arnold
Arian Motamedi
Limin Wang
Quanjie Lin
Eric Chen
Jianfei Hu
Tao Li
Mariam John
Steven Dake
Louis Ryan
Brian Avery
Douglas Reid
mandarjog
jnativio
David Radcliffe
Kuat
Shriram Rajagopalan
Eric Van Norman
Liam White
Dan Ciruli
Pengyuan Bian
Morven Cao
Anmol Sethi
Yossi Mesika
Ed Snible
Ram Vennam
Venil Noronha
Phil Rud
Andra Cismaru
Tim Swanson
Diem Vu
Idan Zach
idouba
Ralf Pannemans
Oliver Liu
SataQiu
flydragon