* Update documentation to not refer to experimental APIs
* missed TCPRoute, we did have one example of that
* fix snip
* and again
* and again
* caught error, thanks @ericvn!
* Fix egress mtls origination test
Signed-off-by: Keith Mattix II <keithmattix@microsoft.com>
* Refactor the egress snips for tests
Signed-off-by: Keith Mattix II <keithmattix@microsoft.com>
* Fix go.mod
Signed-off-by: Keith Mattix II <keithmattix@microsoft.com>
* Remove unneded change
Signed-off-by: Keith Mattix II <keithmattix@microsoft.com>
---------
Signed-off-by: Keith Mattix II <keithmattix@microsoft.com>
* Add namespace labels to test framework diff snapshots
* fix lint
* failing tests
* more failed tests
* more failures
* more fixes
* one more
* fix fault injection
* remove troubleshooting section and add tip for cert verification
* remove indent and fix capitalisation
* add tip to verify cert for gateway api and update snips
* address frank's comments
* adjust egress-gateway/test.sh as per latest changes
* fix gateway api verify cert output
* verify contains snip out instead of hardcoded string
* fix indentation of command output for mtl verify cert
* remove apply PeerAuthentication and use _verify_same in test
* revert to verify_contains
* add san-validation documentation
Signed-off-by: Faseela K <faseela.k@est.tech>
* Apply suggestions from code review
Co-authored-by: Daniel Hawton <daniel@hawton.org>
* make gen
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
Co-authored-by: Daniel Hawton <daniel@hawton.org>
* Update istio test reference to latest commit and fix tests
* Move back two commits since some didn't have releases built
* Run go mod tidy after make clean
* Try removing metallb
* Don't remove the metallb validatingwebhookconfigurations
* Redo egress-control test to no use istio-state
* Update istio test reference to contain operator fix and revert test change
* Disable jwt-route test temporarily waiting on Envoy fix
* Upadte istio/api
* Replace uninstall
* revert chmod
* Add arbitrary host section to wildcard egress doc
* fix
* updated
* fix lint
* Update content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
---------
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Add docs for ocsp staple support
Signed-off-by: Faseela K <faseela.k@est.tech>
* Update content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* clarify the internal IP ranges for IBM Cloud Kubernetes Service
* Trigger Build
* add example of the command output
* paraphrase the text
* update snips.sh
* Enhance mTLS origination example
Signed-off-by: Faseela K <faseela.k@est.tech>
* rebase
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
`Configure traffic through egress gateway with SNI proxy` section was removed from the docs in the 1.14 release
but that is still mentioned in the setup instructions for the task `Egress using Wildcard Hosts`.
The test waits for vs resource, that is not even created.
Wait on SE and DR is only needed.
Signed-off-by: Faseela K <faseela.k@est.tech>
Signed-off-by: Faseela K <faseela.k@est.tech>
* Improve clarity of Egress Gateway docs
Make the step 13 more clear, since it is creating a DestinationRule in the test-egress namespace and not in the default namespace.
* Update content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: craigbox <craigbox@google.com>
* Wildcard egress: remove arbitrary domain section
This doc has been a nuisance for many years. It recommends an extremely
complex and dangerous pattern, relying on deploying nginx, extremely
complex EnvoyFilters enabling unsupported, custom, alpha Envoy c++
filters, and a number of other scary practices. IMO this does not belong
in Istio docs at all, and certainly not in our top level taks.
* Add back single wildcard
* Update content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Documentation for egress mTLS origination at sidecar using credentialName in DR
The feature is already merged. So trying to add a documentation for the same.
Signed-off-by: Faseela K <faseela.k@est.tech>
* Remove duplicate code and point to the existing documentation
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add tests for mTLS origination at sidecar
Signed-off-by: Faseela K <faseela.k@est.tech>
* Typo fix for GKE
* make gen
Co-authored-by: Noah Nsimbe <37845280+NoahNsimbe@users.noreply.github.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Minor fix in egress mtls example cleanup
The document mentions some resources for cleanup
which are not actually created as part of this exercise.
Signed-off-by: Faseela K <faseela.k@est.tech>
* Adding make gen output files
Signed-off-by: Faseela K <faseela.k@est.tech>
Craig Box
adityasamant25
Keith Mattix II
John Howard
Frank Budinsky
Eric Van Norman
seokyun.ha
Simone Rodigari
Faseela K
Kalya Subramanian
ognyvrac
Wei Shan Sun
Mariam John
Tong Li
Jakub Horák
Istio Automation
Faseela K