* Fix cleanup instructions for TLS version config task
* Address comments and run generating snips: content/en/boilerplates/snips/before-you-begin-egress.sh
generating snips: content/en/boilerplates/snips/cve-2020-007-configmap.sh
generating snips: content/en/boilerplates/snips/example.sh
generating snips: content/en/boilerplates/snips/experimental-feature-warning.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/experimental.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/external-loadbalancer-support.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/gateway-api-choose.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/gateway-api-experimental.sh
generating snips: content/en/boilerplates/snips/gateway-api-future.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/gateway-api-gamma-support.sh
--> boilerplate gateway-api-future does not have snippets
--> boilerplate gateway-api-choose does not have snippets
generating snips: content/en/boilerplates/snips/gateway-api-install-crds.sh
generating snips: content/en/boilerplates/snips/gateway-api-support.sh
--> boilerplate gateway-api-future does not have snippets
--> boilerplate gateway-api-choose does not have snippets
generating snips: content/en/boilerplates/snips/gateway-api-version.sh
generating snips: content/en/boilerplates/snips/helm-backup.sh
generating snips: content/en/boilerplates/snips/helm-jwt-warning.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/helm-preamble.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/helm-prereqs.sh
generating snips: content/en/boilerplates/snips/index.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/kubectl-multicluster-contexts.sh
generating snips: content/en/boilerplates/snips/multi-cluster-with-metallb.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/revision-tags-default-intro.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/revision-tags-default-outro.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/revision-tags-middle.sh
generating snips: content/en/boilerplates/snips/revision-tags-preamble.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/revision-tags-prologue.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/revision-tags-usage.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/security-vulnerability.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/start-httpbin-service.sh
generating snips: content/en/boilerplates/snips/start-otel-collector-service.sh
generating snips: content/en/boilerplates/snips/telemetry-tracing-tips.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/test-0.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/test-1.sh
generating snips: content/en/boilerplates/snips/test-2.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/test-3.sh
generating snips: content/en/boilerplates/snips/trace-generation.sh
generating snips: content/en/boilerplates/snips/untested-document.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/verify-crds.sh
generating snips: content/en/boilerplates/snips/work-in-progress.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/docs/examples/bookinfo/snips.sh
--> boilerplate external-loadbalancer-support does not have snippets
generating snips: content/en/docs/examples/virtual-machines/snips.sh
generating snips: content/en/docs/ops/configuration/mesh/app-health-check/snips.sh
generating snips: content/en/docs/ops/configuration/mesh/config-resource-ready/snips.sh
generating snips: content/en/docs/ops/configuration/security/security-policy-examples/snips.sh
generating snips: content/en/docs/ops/configuration/telemetry/envoy-stats/snips.sh
generating snips: content/en/docs/ops/configuration/traffic-management/network-topologies/snips.sh
generating snips: content/en/docs/ops/diagnostic-tools/istioctl-analyze/snips.sh
--> boilerplate experimental-feature-warning does not have snippets
generating snips: content/en/docs/setup/additional-setup/cni/snips.sh
generating snips: content/en/docs/setup/additional-setup/gateway/snips.sh
--> boilerplate gateway-api-future does not have snippets
generating snips: content/en/docs/setup/additional-setup/getting-started/snips.sh
--> boilerplate gateway-api-future does not have snippets
--> boilerplate external-loadbalancer-support does not have snippets
generating snips: content/en/docs/setup/getting-started/snips.sh
--> boilerplate gateway-api-future does not have snippets
generating snips: content/en/docs/setup/install/external-controlplane/snips.sh
--> boilerplate gateway-api-future does not have snippets
--> boilerplate gateway-api-choose does not have snippets
generating snips: content/en/docs/setup/install/helm/snips.sh
--> boilerplate helm-preamble does not have snippets
generating snips: content/en/docs/setup/install/multicluster/multi-primary/snips.sh
generating snips: content/en/docs/setup/install/multicluster/multi-primary_multi-network/snips.sh
--> boilerplate multi-cluster-with-metallb does not have snippets
generating snips: content/en/docs/setup/install/multicluster/primary-remote/snips.sh
--> boilerplate multi-cluster-with-metallb does not have snippets
generating snips: content/en/docs/setup/install/multicluster/primary-remote_multi-network/snips.sh
--> boilerplate multi-cluster-with-metallb does not have snippets
generating snips: content/en/docs/setup/install/multicluster/verify/snips.sh
generating snips: content/en/docs/setup/install/multiple-controlplanes/snips.sh
--> boilerplate experimental-feature-warning does not have snippets
generating snips: content/en/docs/setup/install/virtual-machine/snips.sh
--> boilerplate experimental does not have snippets
--> boilerplate experimental does not have snippets
--> boilerplate experimental does not have snippets
generating snips: content/en/docs/setup/upgrade/canary/snips.sh
--> boilerplate revision-tags-preamble does not have snippets
--> boilerplate revision-tags-usage does not have snippets
--> boilerplate revision-tags-default-intro does not have snippets
--> boilerplate revision-tags-default-outro does not have snippets
generating snips: content/en/docs/setup/upgrade/helm/snips.sh
--> boilerplate helm-preamble does not have snippets
--> boilerplate revision-tags-preamble does not have snippets
--> boilerplate revision-tags-usage does not have snippets
--> boilerplate revision-tags-default-intro does not have snippets
--> boilerplate revision-tags-default-outro does not have snippets
generating snips: content/en/docs/tasks/extensibility/wasm-module-distribution/snips.sh
generating snips: content/en/docs/tasks/observability/distributed-tracing/jaeger/snips.sh
generating snips: content/en/docs/tasks/observability/distributed-tracing/opencensusagent/snips.sh
generating snips: content/en/docs/tasks/observability/distributed-tracing/skywalking/snips.sh
generating snips: content/en/docs/tasks/observability/distributed-tracing/zipkin/snips.sh
generating snips: content/en/docs/tasks/observability/gateways/snips.sh
generating snips: content/en/docs/tasks/observability/logs/access-log/snips.sh
generating snips: content/en/docs/tasks/observability/logs/otel-provider/snips.sh
generating snips: content/en/docs/tasks/observability/metrics/customize-metrics/snips.sh
generating snips: content/en/docs/tasks/observability/metrics/querying-metrics/snips.sh
generating snips: content/en/docs/tasks/observability/metrics/tcp-metrics/snips.sh
generating snips: content/en/docs/tasks/observability/metrics/using-istio-dashboard/snips.sh
generating snips: content/en/docs/tasks/policy-enforcement/rate-limit/snips.sh
generating snips: content/en/docs/tasks/security/authentication/authn-policy/snips.sh
generating snips: content/en/docs/tasks/security/authentication/claim-to-header/snips.sh
--> boilerplate experimental-feature-warning does not have snippets
generating snips: content/en/docs/tasks/security/authentication/jwt-route/snips.sh
generating snips: content/en/docs/tasks/security/authentication/mtls-migration/snips.sh
generating snips: content/en/docs/tasks/security/authorization/authz-custom/snips.sh
generating snips: content/en/docs/tasks/security/authorization/authz-deny/snips.sh
generating snips: content/en/docs/tasks/security/authorization/authz-dry-run/snips.sh
--> boilerplate experimental-feature-warning does not have snippets
generating snips: content/en/docs/tasks/security/authorization/authz-http/snips.sh
generating snips: content/en/docs/tasks/security/authorization/authz-ingress/snips.sh
generating snips: content/en/docs/tasks/security/authorization/authz-jwt/snips.sh
generating snips: content/en/docs/tasks/security/authorization/authz-tcp/snips.sh
generating snips: content/en/docs/tasks/security/authorization/authz-td-migration/snips.sh
generating snips: content/en/docs/tasks/security/cert-management/plugin-ca-cert/snips.sh
generating snips: content/en/docs/tasks/security/tls-configuration/workload-min-tls-version/snips.sh
generating snips: content/en/docs/tasks/traffic-management/circuit-breaking/snips.sh
generating snips: content/en/docs/tasks/traffic-management/egress/egress-control/snips.sh
generating snips: content/en/docs/tasks/traffic-management/egress/egress-gateway/snips.sh
generating snips: content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/snips.sh
generating snips: content/en/docs/tasks/traffic-management/egress/egress-kubernetes-services/snips.sh
generating snips: content/en/docs/tasks/traffic-management/egress/egress-tls-origination/snips.sh
generating snips: content/en/docs/tasks/traffic-management/egress/http-proxy/snips.sh
generating snips: content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/snips.sh
generating snips: content/en/docs/tasks/traffic-management/fault-injection/snips.sh
generating snips: content/en/docs/tasks/traffic-management/ingress/gateway-api/snips.sh
--> boilerplate gateway-api-future does not have snippets
generating snips: content/en/docs/tasks/traffic-management/ingress/ingress-control/snips.sh
generating snips: content/en/docs/tasks/traffic-management/ingress/ingress-sidecar-tls-termination/snips.sh
--> boilerplate experimental-feature-warning does not have snippets
generating snips: content/en/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/snips.sh
generating snips: content/en/docs/tasks/traffic-management/ingress/kubernetes-ingress/snips.sh
generating snips: content/en/docs/tasks/traffic-management/ingress/secure-ingress/snips.sh
generating snips: content/en/docs/tasks/traffic-management/locality-load-balancing/before-you-begin/snips.sh
generating snips: content/en/docs/tasks/traffic-management/locality-load-balancing/cleanup/snips.sh
generating snips: content/en/docs/tasks/traffic-management/locality-load-balancing/distribute/snips.sh
generating snips: content/en/docs/tasks/traffic-management/locality-load-balancing/failover/snips.sh
generating snips: content/en/docs/tasks/traffic-management/mirroring/snips.sh
generating snips: content/en/docs/tasks/traffic-management/request-routing/snips.sh
generating snips: content/en/docs/tasks/traffic-management/request-timeouts/snips.sh
generating snips: content/en/docs/tasks/traffic-management/tcp-traffic-shifting/snips.sh
generating snips: content/en/docs/tasks/traffic-management/traffic-shifting/snips.sh
* Update test.sh
* build an archive of v1.16 in master
* update data/versions.yml and archive index page
* advance master to release-1.18
* Fix lint by moving back to older files - Note automated job will fail lint.
* Temporarily disable the istioctl-analyze test
* Update custom ca integration with k8s CSR demo to include foo and
bar namespace creation and remove an unnecessary tab from the
sleep pod command.
Signed-off-by: jaellio <jaellio@microsoft.com>
* Fix lint error
Signed-off-by: jaellio <jaellio@microsoft.com>
---------
Signed-off-by: jaellio <jaellio@microsoft.com>
* build an archive of v1.14 in master
* update data/versions.yml and archive index page
* advance master to release-1.16
* Rerun `make update_ref_docs
* Update to commit on main branch to fix tests
* Disable failing test (temporary)
* SHA-1 signatures will not work with Golang 1.18
Support for SHA-1 signatures is disabled by default in Go 1.18 or newer. When generating the certificates please use OpenSSL on MacOS to make sure the certificates will work with istio.
* Lint fixes
* Lint fix
Co-authored-by: Saverio Proto <saverioproto@microsoft.com>
Co-authored-by: craigbox <craigbox@google.com>
* Remove doc on "Istio DNS Certificate Management"
This document gives harmful advice. This feature was intended to be used
for signing control plane certificates, and actually doesn't work for
other cases (cross namespace or any modern Kubernetes version are
completely broken).
* use archive link
* name trick
* Update to use main branch for reference docs
* Updates to fix this for next time (not moving to master)
* Run `make gen`
* Update master istio test reference
* Ingore one shellcheck, SC1091, for now. Not sure why it just showed up
* Prepare for v1.13 as istio source is already branched
* Update VM test image from 1.11 to current to test
* Rename tests to temporaily disable Issue created to reanble before 1.13
* add test for the dry-run task
* Update content/en/docs/tasks/security/authorization/authz-dry-run/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* update release note for external authz
* address comment
* Update content/en/news/releases/1.12.x/announcing-1.12/change-notes/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* build an archive of v1.11 in master
* update data/versions.yml and archive index page
* advance master to release-1.13
* ANother script update
* go get remaing istio repos to satisfy linter
* Temporarily fix link broken by istio/api #2148
* Temporarily disable istioctl analyze test.
* Fix in attribute "name" on "metadata".
Missing tab in attribute "name" at section "Define the external authorizer" in ServiceEntry example.
* command make gen
Co-authored-by: Igor Agueme <igoragueme@outlook.com>
* build an archive of v1.10 in master
* update data/versions.yml and archive index page
* advance master to release-1.12
* Update istio test reference to pick up 1.12 in istioctl messages
* Fix lint and IMAGE_VERSION
* MOre changes for lint
* Use correct IMAGE_VERSION
* Skip virtual machines test - Release Blocker issue created
* Flag experimental pages with dagger
* Use dagger symbol in title
* Dagger in navigation titles for experimental status
* Experimental asterisk note
* Asterisk with space
* Spacing between title and asterisk
* Flag experimental and alpha status
* build an archive of v1.9 in master
* update data/versions.yml and archive index page
* advance master to release-1.11
* Update the istio test reference to master
* Remove failing deny test
* Remove another test
* Remove a third test
* update security doc with evaluation order, common patterns, shoter task names and some small updates
* update
* update
* add link
* update
* update
* fix lint
* Apply suggestions from code review
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* update
* Apply suggestions from code review
Co-authored-by: John Howard <howardjohn@google.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: John Howard <howardjohn@google.com>
* Improve the plug-in cert task.
* Small fix.
* Update content/en/docs/tasks/security/cert-management/plugin-ca-cert/index.md
Co-authored-by: Sven Mawson <sven@google.com>
* Describe the recommendation of using hierarchical CA.
* Small fix.
* Apply suggestions from code review
Co-authored-by: Sven Mawson <sven@google.com>
* Apply suggestions from code review
Co-authored-by: Sven Mawson <sven@google.com>
Co-authored-by: Sven Mawson <sven@google.com>
* Silence curl command
* Update more files with -sS (adding S to show errors)
* Over-agressive on the -S and causing some tests to fail.
* Remove more curl -S flags
* Use experimental as feature stage
Pre-alpha/Development are deprecated in favor of Experimental (see
https://github.com/istio/community/pull/495). Update docs to reference
this phase.
* Add DNS proxying to experimental phase
* Do not mix alpha and experimental
* DNS Proxying is Alpha in 1.9; add to feature status page
* Fix virtual machine install doc based on review
* Fix linting issue
* update proxy protocol EnvoyFilter to be consistent
Make the proxy protocol EnvoyFilter identical to the one in
docs/ops/configuration/traffic-management/network-topologies/
* fix arch mistake
* update authz docs for remote.ip
remote.ip has been added as an Authorization Condition and the Ingress
Gateway Authorization task has been updated to include it.
* fix relative link to network topologies
* add more verification and use tabs
* remove mixer reference and put LB table below tabset
* move INGRESS_HOST info to top, add LB decision-making table
* clean up bash commands
* Update test reference to 1.8.0-alpha.2
* Fix access-log test for new behavior
* Update to remove deprecated parameter
* More updates for deprecated (already removed) values
* Enable test, disable failing tests (#8405) open for fix.
* Review comment
* Remove extraneous old-td
This required some other changes WRT verification:
- Change __cmp_like to allow for not accepting <pending> for an IP address.
- Change __verify_with_retry to use a timeout rathan than number of retries. This is a more intuitive interface and aligns with the way we do retries in istio/istio. I also got rid of exponential backoff and allow both the timeout and delay between retries to be configured.
* Update test reference
* Test framework changes
* Another required change
* Update Tag to 1.8
* Pick istio/istio commit that actually exists
* Disable ISTIO_META_DNS_CAPTURE
* Add --skip-confirmation to istioctl installl commands
* Increase test timeout. First pass at fixes.
* Update to later istio/istio that fixes DNS and minor fixes
* test fixes
* Pick up go.mod `replace` changes from #8118
* Fix istioctl-analayze and mirror
* Fix mtls-migration test
* Update istio to include commit to fix egress
* Re-enable verify with fix
* Update istio/istio ref for egress fix
* Fix tasks/security/authorization/authz-td-migration - remove ns
* Shorten wait timeout so tests complete in under an hr
* Let tests continue after wait timeout
* Fix --skip-confirmation to -y and use yes | in tests
* revert yes | to echo y |
* Additional echo y fix
* Code review comments
* Change verify from same to contains as k8s 1.19 has extra warning lines.
* add note about istio protocol detection
* fix accidental replace
* fix extra dot in filename
* path fixes
* add note about how to field authz in effect
* fix typos and add a note on the claims
* undo file rename
* Update content/en/docs/ops/common-problems/security-issues/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/ops/common-problems/security-issues/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* build an archive of v1.6 in master
* update data/versions.yml and archive index page
* advance master to release-1.8
* Missing `make snips` in script
* Update istio/istio ref and reenable tests
* Update istio/istio reference
* Update istioctl build to have version for images
* Fix lint and pull a newer istio/istio
* Disable egress tests
SRodi
Michael
Frank Budinsky
Eric Van Norman
Jackie Elliott
Aryan Gupta
Chen Xintong
Bo-Cheng Chu
Aryan Gupta
Petr McAllister
Tong Li
Istio Automation
Iris
John Howard
bobbypower-asm
lei-tang
Kevin
Deepak Pakhale
Yangmin Zhu
Sungyun Hur
Jianfei Hu
craigbox
Steve Zhang
Brian Avery
ChristinaMak
Shamsher Ansari
mrshengzyzy
davidhauck
Oliver Liu
jacob-delgado
Kyle Evans
Lin Sun
shankgan
Nathan Mittler
imgbot[bot]
Upo