* add missing cleanup for vs nginx
* Add test for Gateway TLS Origination
* fix copyright
* Add Gateway mTLS origination
* replace <password> with password
* fix lint and autogen yes response
* oops typos
* make gen
* escape SC2154 :)
* apply suggestions and fix lint
* squash commits and cleanup branch
wrong quotes
more typos
make snips again
linter :'(
make linter happy
newline blocks
make gen 2
tab linting
try this
change service deletion
oops was deploying sleep twice
ignore nginx version lines for expected response
add update snips
lint again
make snips 3
redo check
do some magic
do some magic 2
lint tabs
remove incorrect snip matching
hack tls origination sleep deployment
hack 2
* this test is super flaky
* delete virtual service
* move scripts
* move scripts
* move to new testing framework
end file with newline and cleanup
typo
* content length shouldn't be included in snips
* comment out the final HTTP check
* Update content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/mtls_test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/tls_test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/tls_test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* ignore cleanup errors
* add source back in
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* add an example task to test
* main test function: save progress
* a working example: routing request
* improve log info and error handling
* introduce makefile
* run each test as a subtest; remove common setup from test.sh
* add another test.sh: fault-injection
* improve error handling
* check test environment
* add two more test.sh files
* fix make command for istio setup
* update two test.sh files from upstream
* add comments and update README.md
* update test.sh files from upstream
* support multiple test names
* update README
* update README.md for new framework
* remove documentation of migration steps
* undo format changes
* change separation line to '# @cleanup'
* move go code and makefile from content/ to tests/
* change package name
* make for loop more readable
* change the set of auto-sourced scripts
* add docs for all functions
* approach to deal with folders with the same name
* minor fixes to ensure everything still runs
* fix make gen error
* add a TIMEOUT argument
* make sure util/debug.sh works with new framework
* make lint-go happy
* [BIG CHANGE] allow different istio setup configs
* make linters happy
* make linters happier
* changed wording and function orders
* make error return as the 2nd argument
* add TODOs
* Update content/en/docs/tasks/traffic-management/traffic-shifting/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* only test english docs
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* allow test.sh as suffix
* move adding setup configs to tests/setup
* recommend full paths
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* require full test paths
* converting old tests to new tests: traffic-management and misc
* converting old tests to new tests: security
* remove old tests
* Update content/en/docs/tasks/security/cert-management/dns-cert/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* simplify setup configs
* Update content/en/docs/tasks/security/authentication/authn-policy/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authentication/mtls-migration/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authorization/authz-http/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* do not let istioctl prompt y/n
* Update content/en/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/traffic-management/ingress/secure-ingress/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/cert-management/plugin-ca-cert/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* simplify stuff
* rename dns-cert test.sh to test_broken.sh
* fix dns-cert doc and test
* remove egress=disabled
* fix test
* Update content/en/docs/tasks/observability/logs/access-log/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authentication/authn-policy/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
The code in step 3 of Perform TLS origination with an egress gateway explains how to create egress Gateway for edition.cnn.com. port 80, so the title of this step should follow it.
Co-authored-by: Koki Tomoshige <36136133+tomocy@users.noreply.github.com>
* Retire helm documentation as we use a protobuf
The new rendered source of truth is:
https://preliminary.istio.io/docs/reference/config/istio.operator.v1alpha1/
This is rendered from the API repo protobuf which (may) need description fields
set. That protobuf is here:
https://github.com/istio/api/blob/master/operator/v1alpha1/operator.proto
* Follow the flowchart
The flowchart is not quite right and could use some improvement.
* Update content/en/blog/2019/performance-best-practices/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* remove mixer references from egress tasks and deprecate where needed
* lint fixes
* Update content/en/docs/tasks/traffic-management/egress/egress_sni_monitoring_and_policies/index.md
Co-Authored-By: mandarjog <mandarjog@gmail.com>
* Update content/en/docs/tasks/traffic-management/egress/egress_sni_monitoring_and_policies/index.md
Co-Authored-By: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Francois Pesce <fpesce@google.com>
Co-authored-by: mandarjog <mandarjog@gmail.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* add "for" in description: ... configure Istio for Kubernetes External Services
* add "in the default namespace" to "create a Kubernetes ExternalName Service"
* mention the Kubernetes DNS format for services
These fix problems encountered when switching to the new Hugo which has
a completely different markdown engine. I went through diffs of the generated
HTML and made required adjustments.
- We don't need cookies for istio.io, the few settings we do have should be
managed with browser-local storage instead. This is a better privacy posture,
and avoids sending needless data to the server for every request.
* Add note about annotations to control traffic
Fixes https://github.com/istio/istio/issues/19258
* Update content/en/docs/tasks/traffic-management/egress/egress-control/index.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* use a subset in the destination rule for TLS origination
this way the TLS origination will only be applied for the traffic directed by the
virtual service for TLS origination. TLS origination will not be applied for the original TLS traffic
* add a check that the original TLS traffic works as before
- Fix a bunch of heading capitalization.
- Remove words that shouldn't be in the dictionary
and update the text accordingly.
- Added a few @@ sequences to reference content files from text blocks.
- Used a few {{< source_branch_name >}} sequences to refer to the proper
branch in GitHub rather than master.
* add a cleanup subsection to set desired outbound traffic policy mode
the title: "Set the `global.outboundTrafficPolicy.mode` to your desired mode"
* remove a redundant empty line
* rename the subsection to be "Set the outbound traffic policy mode to your desired value"
* remove a semicolon at the end of the subsection's title
* add `uniq` so the output of the current outbound traffic policy mode will appear once
* migrate Deployment apiVersion from extensions/v1beta1 to apps/v1 to support k8s 1.16
* migrate Deployment, PodSecurityPolicy apiVersion to support k8s 1.16
* add the first version of Egress with Kubernetes Services
* add explicit disabling of TLS in destination rules
* rewrite the motivation for Kubernetes service entries
motivation: location transparency
* remove pre-Istio from .spelling
* add "The external services are not part of an Istio service mesh..."
so they cannot perform the mutual TLS of Istio.
* split a long line
* expand the explanations about disabling Istio's mutual TLS
* add explanation about disabling TLS mode in the HTTP case
* add explanation about disabling Istio mutual TLS for HTTPS case
* unencoded -> unencrypted
* fix a link
* fix the location of the task to be in content/en
* Remove usages of curl inside istio-proxy
Distroless builds of Istio do not contain curl, so we should not tell
users to use it. Pilot-agent handles this functionality for us
* Fix lint error
Frank Budinsky
Hongyi Zhang
Navraj Singh Chhina
Shamsher Ansari
John Howard
Kenjiro Nakayama
Gregory Hanson
Jonh Wendell
Istio Automation
Steven Dake
Vadim Eisenberg
Martin Taillefer
Neeraj Poddar
Rigs Caballero
Naoki Oketani
imgbot[bot]
Ryan Michela
LisaFC
Ed Snible
Romain Lenglet