* Update documentation to not refer to experimental APIs
* missed TCPRoute, we did have one example of that
* fix snip
* and again
* and again
* caught error, thanks @ericvn!
* add san-validation documentation
Signed-off-by: Faseela K <faseela.k@est.tech>
* Apply suggestions from code review
Co-authored-by: Daniel Hawton <daniel@hawton.org>
* make gen
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
Co-authored-by: Daniel Hawton <daniel@hawton.org>
* Add docs for ocsp staple support
Signed-off-by: Faseela K <faseela.k@est.tech>
* Update content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Minor fix in egress mtls example cleanup
The document mentions some resources for cleanup
which are not actually created as part of this exercise.
Signed-off-by: Faseela K <faseela.k@est.tech>
* Adding make gen output files
Signed-off-by: Faseela K <faseela.k@est.tech>
* Remove file mount egress documentation
This is actively leading users down a bad practice. We previously did
the same for Ingress - the results were we got a lot less bugs about
file mount being very hard to use.
As is, users are directed here as the default - only if they happen to
know what "SDS" is (an implementation detail) will they realize the
other doc is better.
* gen snips
* fix test
* Fix inject
* Silence curl command
* Update more files with -sS (adding S to show errors)
* Over-agressive on the -S and causing some tests to fail.
* Remove more curl -S flags
Overview of the changes:
- Adding ability to verify that expected output occurs a number of times consecutively. This is needed for https://github.com/istio/istio.io/pull/8402.
- Moving snapshot checking logic to Go code so that it can be separated out into separate test steps, which are timed and contain their own output directories/files. This makes the code cleaner and also makes the snapshot logic more transparent.
- Updating debug.sh to use newer bash syntax that allows it to dynamically select a free file descriptor. Without this, I was seeing all commands echoed to my console in goland.
* add missing cleanup for vs nginx
* add openssl req
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* add missing cleanup for vs nginx
* init sds doc
* squash commits
add simple TLS task
address issues
fix lint and secret configuration
add secret format specification
add mutual TLS task
fix lint and rename older task
make gen again
fix name
keep old directory
add warnings
lint
fix cacert issue
lint
* secure
* make gen
* rebase master
* make secret types clearer
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* run make gen
* lint
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* make gen
* add tls test
* move mesh creation
* suggestions
* add mtls test
* fix typo
* move secret section
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update istio/istio ref and reenable tests
* Update istio/istio reference
* Update istioctl build to have version for images
* Fix lint and pull a newer istio/istio
* Disable egress tests
* add missing cleanup for vs nginx
* Add test for Gateway TLS Origination
* fix copyright
* Add Gateway mTLS origination
* replace <password> with password
* fix lint and autogen yes response
* oops typos
* make gen
* escape SC2154 :)
* apply suggestions and fix lint
* squash commits and cleanup branch
wrong quotes
more typos
make snips again
linter :'(
make linter happy
newline blocks
make gen 2
tab linting
try this
change service deletion
oops was deploying sleep twice
ignore nginx version lines for expected response
add update snips
lint again
make snips 3
redo check
do some magic
do some magic 2
lint tabs
remove incorrect snip matching
hack tls origination sleep deployment
hack 2
* this test is super flaky
* delete virtual service
* move scripts
* move scripts
* move to new testing framework
end file with newline and cleanup
typo
* content length shouldn't be included in snips
* comment out the final HTTP check
* Update content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/mtls_test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/tls_test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/tls_test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* ignore cleanup errors
* add source back in
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
The code in step 3 of Perform TLS origination with an egress gateway explains how to create egress Gateway for edition.cnn.com. port 80, so the title of this step should follow it.
Co-authored-by: Koki Tomoshige <36136133+tomocy@users.noreply.github.com>
- We don't need cookies for istio.io, the few settings we do have should be
managed with browser-local storage instead. This is a better privacy posture,
and avoids sending needless data to the server for every request.
- Fix a bunch of heading capitalization.
- Remove words that shouldn't be in the dictionary
and update the text accordingly.
- Added a few @@ sequences to reference content files from text blocks.
- Used a few {{< source_branch_name >}} sequences to refer to the proper
branch in GitHub rather than master.
* migrate Deployment apiVersion from extensions/v1beta1 to apps/v1 to support k8s 1.16
* migrate Deployment, PodSecurityPolicy apiVersion to support k8s 1.16
Craig Box
Frank Budinsky
Faseela K
Faseela K
刘旭
John Howard
Eric Van Norman
Nathan Mittler
Navraj Singh Chhina
Gregory Hanson
Hongyi Zhang
Jonh Wendell
Istio Automation
Martin Taillefer
Naoki Oketani
Vadim Eisenberg
Ed Snible