* create single cluster load balancing example& modify keywords
* modify keywords and remove see also section from locality load balancing
* remove single cluster lb page from examples
* create a standalone example for single cluster load balancing
* fix lint
* remove traffic-shifting from keywords
* fix typos
* organize locality-load-balancing page
* delete standalone single-cluster-lb page & add a tip for single-cluster lb
* remove use case description
* add original text back in
* update test file
* fix lint
* rephrase paragraph
* commit suggestion for the tip
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* update test file
* suppress generation of the snips
* move tip to the start of the before-you-begin section
* add step 3 to tell users to deploy istiod and the app to the nodes
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* fix format for the commands
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* move tip before Environment Variables section
* reformat the tip section
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
The terminology is bit confusing; before it was not experimental upstream at all -- it was undefined. Now its really experimental, so its not "pending agreement"
* Update to latest istio commit. Also use rc for gateway-api.
* Fix Makefile update-gateway-version
* Update istio to 1.19.0-rc1
* Remove wasm from envoy test
* Update gateway-api to rc-2.
* Revert gateway-api t0 0.7.1
* Update samples for core group
* Revert gateway-api to rc.1 to match istio repo
* Re-enable processing of gateway-api version in `make gen`
* Update gateway-api to be the publicly released base version
* remove script and add awk in Makefile
* rebase and make gen
* Change Istio Classic terminology to Istio APIs
Signed-off-by: Keith Mattix II <keithmattix@microsoft.com>
* Fix stutter
Signed-off-by: Keith Mattix II <keithmattix@microsoft.com>
* Change back parallel structure formation
Signed-off-by: Keith Mattix II <keithmattix@microsoft.com>
---------
Signed-off-by: Keith Mattix II <keithmattix@microsoft.com>
* Add docs for ocsp staple support
Signed-off-by: Faseela K <faseela.k@est.tech>
* Update content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* clarify the internal IP ranges for IBM Cloud Kubernetes Service
* Trigger Build
* add example of the command output
* paraphrase the text
* update snips.sh
* Master has a non release gateway API. Changes to allow that.
* Grab a istio test ref from main branch
* <ove from istio.io/pkg to istio/istio/pkg
* revert one change
* update istio/api
* Run make gen
* disable failing test temporarily
* Enhance mTLS origination example
Signed-off-by: Faseela K <faseela.k@est.tech>
* rebase
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
`Configure traffic through egress gateway with SNI proxy` section was removed from the docs in the 1.14 release
but that is still mentioned in the setup instructions for the task `Egress using Wildcard Hosts`.
* Migrate ingress-sni-passthrough test to profile minimal
Signed-off-by: Faseela K <faseela.k@est.tech>
* fix after snapshot test
Signed-off-by: Faseela K <faseela.k@est.tech>
* update minimal profile
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix cleanup test error
Signed-off-by: Faseela K <faseela.k@est.tech>
* review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
* WIP - test
* Fix verbosity option
* Echo config
* REplace nc with echo
* Put nc back in but add a sleep
* Final update (for now) adding delay so `nc` doesn't reset the kubeconfig
* Remove extra cat'ing of kubeconfig
* Update content/en/docs/tasks/traffic-management/tcp-traffic-shifting/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Add PDB and HPA example for gateway-api
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* gen
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* gateway-api: more gateway doc
* tweak
* Update content/en/docs/setup/additional-setup/gateway/index.md
Co-authored-by: John Howard <howardjohn@google.com>
Co-authored-by: John Howard <howardjohn@google.com>
* Document Sidecar Ingress TLS Termination Feature
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix lint failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failure
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failure
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix the negative test for TLS
Signed-off-by: Faseela K <faseela.k@est.tech>
* fix test
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix the verification issue with multiline command output
Signed-off-by: Faseela K <faseela.k@est.tech>
* Replace _verify_contains with _verify_first_line
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add exact result string for _verify_first_line
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix after-snapshot test error
Signed-off-by: Faseela K <faseela.k@est.tech>
* incorporate review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Incorporate review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Additional review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Small fix
Signed-off-by: Faseela K <faseela.k@est.tech>
* Additional review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
Signed-off-by: Faseela K <faseela.k@est.tech>
* gateway-api doc: ingress-sni-passthrough
* use kustomize for crds
* debug
* more debug
* use standard crd install
* try profile=none
* uninstall
* confirm install
* disable test for now
* regen
* use short_codes for gateway api version and tpye
* Update function name. Forcing name doesn't work for boilerplates?
* Fix lint
* Remove k8s_gateway_api_type
* Add update-gateway-version mkaefile target
* Fix version in test string
* Simplify id
* Fix ingress control doc related to other providers and numbering
* Run make gen
* Add back TCP_INGRESS_PORT
* Revert to dash seperator for consistency
* Update index.md
Added a quick tip for Kind users to get LoadBalancers to work.
* Added more context on Kind-related tip.
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
The test waits for vs resource, that is not even created.
Wait on SE and DR is only needed.
Signed-off-by: Faseela K <faseela.k@est.tech>
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add minikube in the instructions per Kubernetes environment
I was coming from https://istio.io/latest/docs/examples/bookinfo/ "Follow these instructions to set the INGRESS_HOST and INGRESS_PORT ..." and did not realize I would have to setup the minikube tunnel as explained in the [Getting Started Guide](https://istio.io/latest/docs/setup/getting-started/#determining-the-ingress-ip-and-ports)
For this reason I suggest to add it here as well.
* incorporated reviewers suggestions
* snips and tests for the new code snippet in docu
* ran make snips
* updated test.sh with the new functin names
* also the functions
snip_determining_the_ingress_ip_and_ports_{3,5,6,7,8,9} have changed
but they seem not to be used in test.sh
* followed reviewer suggestion to revert sip numbers
- used the annotation snip_id=none to skip the snippet, see https://github.com/istio/istio.io/blob/master/tests/README.md
- took back the snip renumbering
- checked that generating snips does not bring them back again: make
snips
* used custom name for generated snip
- now using minikube_tunnel as snip_id, resulting in a generated snip id snip_minikube_tunnel
- apparently still the remaining snips get renumbered
- updated test.sh with the 2 changed snip calls
Co-authored-by: Martin Knechtel <martin.knechtel@sap.com>
* Improve clarity of Egress Gateway docs
Make the step 13 more clear, since it is creating a DestinationRule in the test-egress namespace and not in the default namespace.
* Update content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: craigbox <craigbox@google.com>
* Wildcard egress: remove arbitrary domain section
This doc has been a nuisance for many years. It recommends an extremely
complex and dangerous pattern, relying on deploying nginx, extremely
complex EnvoyFilters enabling unsupported, custom, alpha Envoy c++
filters, and a number of other scary practices. IMO this does not belong
in Istio docs at all, and certainly not in our top level taks.
* Add back single wildcard
* Update content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Documentation for egress mTLS origination at sidecar using credentialName in DR
The feature is already merged. So trying to add a documentation for the same.
Signed-off-by: Faseela K <faseela.k@est.tech>
* Remove duplicate code and point to the existing documentation
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add tests for mTLS origination at sidecar
Signed-off-by: Faseela K <faseela.k@est.tech>
* Typo fix for GKE
* make gen
Co-authored-by: Noah Nsimbe <37845280+NoahNsimbe@users.noreply.github.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Minor fix in egress mtls example cleanup
The document mentions some resources for cleanup
which are not actually created as part of this exercise.
Signed-off-by: Faseela K <faseela.k@est.tech>
* Adding make gen output files
Signed-off-by: Faseela K <faseela.k@est.tech>
* Expand the gateway-api docs for 1.12
This introduces a lot more details, highlights changes in 1.12, and
discusses the differences between Istio and Gateway-API.
* erics comments
* clarify
* gen
* Update to latest istio/istio commit for istio.io tests
* Update to latest istio commit
* Additional istioctl analyze output
* Fix istioctl-analyze test
* Fix gateway doc
* Fix setting of INGRESS_HOST and more cleanup
* Fixes for unbound INGRESS_HOST
* lint fix
Co-authored-by: John Howard <howardjohn@google.com>
* Update test reference to latest istio
* Update helm output
* Update install/operator test to allow <pending> IP for running locally.
* fix lint
* Gateway changes
* Fix gateway
* Remove remaining webhook to make tests pass
* Change to use istioctl tag remove
* Remove file mount egress documentation
This is actively leading users down a bad practice. We previously did
the same for Ingress - the results were we got a lot less bugs about
file mount being very hard to use.
As is, users are directed here as the default - only if they happen to
know what "SDS" is (an implementation detail) will they realize the
other doc is better.
* gen snips
* fix test
* Fix inject
* Add the information that you can concatenate CA certs
Add the information that you can concatenate CA certs if you want to accept MTLS from client providing certificate signed by different CAs
* english review comments
* adding back key and also adding "value"
Co-authored-by: Laurent Demailly <ldemailly@gmail.com>
* Update Gateway API doc
This patch updates Gateway API doc to use:
- Gateway CRD v0.3.0
- Remove `PILOT_ENABLED_SERVICE_APIS` as it is enabled by default.
* Run make gen
Wei Shan Sun
Eric Van Norman
Frank Budinsky
John Howard
ognyvrac
Keith Mattix II
Faseela K
John Zheng
zirain
Mariam John
Michael
Niranjan Shankar
Istio Automation
Michael
Caleb Olson
Rodrey
Tong Li
CharliePu
Jakub Horák
Faseela K
刘旭
Yangmin Zhu
Brian Avery
danielmenezesbr
Kenjiro Nakayama