* gateway-api: more gateway doc
* tweak
* Update content/en/docs/setup/additional-setup/gateway/index.md
Co-authored-by: John Howard <howardjohn@google.com>
Co-authored-by: John Howard <howardjohn@google.com>
* Document Sidecar Ingress TLS Termination Feature
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix lint failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failure
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failure
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix the negative test for TLS
Signed-off-by: Faseela K <faseela.k@est.tech>
* fix test
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix the verification issue with multiline command output
Signed-off-by: Faseela K <faseela.k@est.tech>
* Replace _verify_contains with _verify_first_line
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add exact result string for _verify_first_line
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix after-snapshot test error
Signed-off-by: Faseela K <faseela.k@est.tech>
* incorporate review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Incorporate review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Additional review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Small fix
Signed-off-by: Faseela K <faseela.k@est.tech>
* Additional review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
Signed-off-by: Faseela K <faseela.k@est.tech>
* gateway-api doc: ingress-sni-passthrough
* use kustomize for crds
* debug
* more debug
* use standard crd install
* try profile=none
* uninstall
* confirm install
* disable test for now
* regen
* use short_codes for gateway api version and tpye
* Update function name. Forcing name doesn't work for boilerplates?
* Fix lint
* Remove k8s_gateway_api_type
* Add update-gateway-version mkaefile target
* Fix version in test string
* Simplify id
* Fix ingress control doc related to other providers and numbering
* Run make gen
* Add back TCP_INGRESS_PORT
* Revert to dash seperator for consistency
* Update index.md
Added a quick tip for Kind users to get LoadBalancers to work.
* Added more context on Kind-related tip.
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
The test waits for vs resource, that is not even created.
Wait on SE and DR is only needed.
Signed-off-by: Faseela K <faseela.k@est.tech>
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add minikube in the instructions per Kubernetes environment
I was coming from https://istio.io/latest/docs/examples/bookinfo/ "Follow these instructions to set the INGRESS_HOST and INGRESS_PORT ..." and did not realize I would have to setup the minikube tunnel as explained in the [Getting Started Guide](https://istio.io/latest/docs/setup/getting-started/#determining-the-ingress-ip-and-ports)
For this reason I suggest to add it here as well.
* incorporated reviewers suggestions
* snips and tests for the new code snippet in docu
* ran make snips
* updated test.sh with the new functin names
* also the functions
snip_determining_the_ingress_ip_and_ports_{3,5,6,7,8,9} have changed
but they seem not to be used in test.sh
* followed reviewer suggestion to revert sip numbers
- used the annotation snip_id=none to skip the snippet, see https://github.com/istio/istio.io/blob/master/tests/README.md
- took back the snip renumbering
- checked that generating snips does not bring them back again: make
snips
* used custom name for generated snip
- now using minikube_tunnel as snip_id, resulting in a generated snip id snip_minikube_tunnel
- apparently still the remaining snips get renumbered
- updated test.sh with the 2 changed snip calls
Co-authored-by: Martin Knechtel <martin.knechtel@sap.com>
* Improve clarity of Egress Gateway docs
Make the step 13 more clear, since it is creating a DestinationRule in the test-egress namespace and not in the default namespace.
* Update content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: craigbox <craigbox@google.com>
* Wildcard egress: remove arbitrary domain section
This doc has been a nuisance for many years. It recommends an extremely
complex and dangerous pattern, relying on deploying nginx, extremely
complex EnvoyFilters enabling unsupported, custom, alpha Envoy c++
filters, and a number of other scary practices. IMO this does not belong
in Istio docs at all, and certainly not in our top level taks.
* Add back single wildcard
* Update content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Documentation for egress mTLS origination at sidecar using credentialName in DR
The feature is already merged. So trying to add a documentation for the same.
Signed-off-by: Faseela K <faseela.k@est.tech>
* Remove duplicate code and point to the existing documentation
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add tests for mTLS origination at sidecar
Signed-off-by: Faseela K <faseela.k@est.tech>
* Typo fix for GKE
* make gen
Co-authored-by: Noah Nsimbe <37845280+NoahNsimbe@users.noreply.github.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Minor fix in egress mtls example cleanup
The document mentions some resources for cleanup
which are not actually created as part of this exercise.
Signed-off-by: Faseela K <faseela.k@est.tech>
* Adding make gen output files
Signed-off-by: Faseela K <faseela.k@est.tech>
* Expand the gateway-api docs for 1.12
This introduces a lot more details, highlights changes in 1.12, and
discusses the differences between Istio and Gateway-API.
* erics comments
* clarify
* gen
* Update to latest istio/istio commit for istio.io tests
* Update to latest istio commit
* Additional istioctl analyze output
* Fix istioctl-analyze test
* Fix gateway doc
* Fix setting of INGRESS_HOST and more cleanup
* Fixes for unbound INGRESS_HOST
* lint fix
Co-authored-by: John Howard <howardjohn@google.com>
* Update test reference to latest istio
* Update helm output
* Update install/operator test to allow <pending> IP for running locally.
* fix lint
* Gateway changes
* Fix gateway
* Remove remaining webhook to make tests pass
* Change to use istioctl tag remove
* Remove file mount egress documentation
This is actively leading users down a bad practice. We previously did
the same for Ingress - the results were we got a lot less bugs about
file mount being very hard to use.
As is, users are directed here as the default - only if they happen to
know what "SDS" is (an implementation detail) will they realize the
other doc is better.
* gen snips
* fix test
* Fix inject
* Add the information that you can concatenate CA certs
Add the information that you can concatenate CA certs if you want to accept MTLS from client providing certificate signed by different CAs
* english review comments
* adding back key and also adding "value"
Co-authored-by: Laurent Demailly <ldemailly@gmail.com>
* Update Gateway API doc
This patch updates Gateway API doc to use:
- Gateway CRD v0.3.0
- Remove `PILOT_ENABLED_SERVICE_APIS` as it is enabled by default.
* Run make gen
* revise author info to pass google cla
* revise the tip content in bookinfo page
* run make gen
* Update content/en/docs/examples/bookinfo/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Add info about SNI routing
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* add to common problems
* address comments
* fix lint
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update istio test ref - fix timeout failures?
* Go back to figure out why ext cp setup is failing (samples not starting)
* Again including #31560
* After 31561
* Past #31410
* test ref sha=688973e58828ffbcff2ccd9eeab41a12527c217a
* test ref 9d5ba69765#31401
* Update test ref to latest istio and change 504/408 for egress test
* Update to get around quay.io outage
* Rename Service APIs to Gateway API
* update alias
Co-authored-by: craigbox <craigbox@google.com>
* fix missing url
Co-authored-by: craigbox <craigbox@google.com>
* Silence curl command
* Update more files with -sS (adding S to show errors)
* Over-agressive on the -S and causing some tests to fail.
* Remove more curl -S flags
* mark as tested
* generate snips
* test progress
* add -I to curl output in command
* regenerate snips
* doc test fixes
* Add HTTP/1.1 to expected output
* change to use verify_elided
* Update istio/istio ref to latest master
* Move to latest before testing.
* Update release in Makefile
* Fix some tests
* Update to latest isti.io/istio again
* Update to latest istio.io/istio
* Update to latest istio.io/istio
* Update ref to latest master
* Fix instioctl-analyze
* Add back @howardjohn commit I inadvertantly deleted
* Fix lint
* Pick up new stio: fix empty iop read from stdin for operator
* go mod tidy without itermediate go gets
* Update to current stats-filter's
* Needed another 'make gen'
* More go.* changes for changes in ref'd istio/istio
* Update istio to 1.9.0-beta.0
* Add documentation for experimental service APIs integration
The intent of this doc is to show users that Istio supports
service-apis, and the few steps needed to use them with Istio. It is NOT
intended as a source of truth for documentation for the APIs, deferring
to the upstream for all details
(https://kubernetes-sigs.github.io/service-apis/).
* apply suggestions
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Small update to clarify the mirror flow
Small clarification - This route rule sends 100% of the traffic from `v1` to `v2`
* Update index.md
ok updated, hope this clarifies further.
* Update content/en/docs/tasks/traffic-management/mirroring/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Overview of the changes:
- Adding ability to verify that expected output occurs a number of times consecutively. This is needed for https://github.com/istio/istio.io/pull/8402.
- Moving snapshot checking logic to Go code so that it can be separated out into separate test steps, which are timed and contain their own output directories/files. This makes the code cleaner and also makes the snapshot logic more transparent.
- Updating debug.sh to use newer bash syntax that allows it to dynamically select a free file descriptor. Without this, I was seeing all commands echoed to my console in goland.
This required some other changes WRT verification:
- Change __cmp_like to allow for not accepting <pending> for an IP address.
- Change __verify_with_retry to use a timeout rathan than number of retries. This is a more intuitive interface and aligns with the way we do retries in istio/istio. I also got rid of exponential backoff and allow both the timeout and delay between retries to be configured.
* Add warning on egress gw instructions
Documentation is misleading when repeating the steps for multiple
hosts. The example breaks down. Add a warning describing how to
configuration should look like when additional hosts are configured.
* fix typo
* change to tip, make text more compact
* change other warning as well
* Try longer timeout for tasks/security/authorization/authz-ingress/test.sh
* Go back to old 5m timeout and add failure on timeout back in
* Test with individual wait_for_istio call updates
* Revert to simply changing timeout (but keep duration in output)
* Fix call
* Comment out istioctl wait call
* Add TODO remark
* Fix lint error
* Add temporary sleep until _wait_for_istio is re-enabled
* Add wait for sleep deployment to complete
* Update test reference
* Test framework changes
* Another required change
* Update Tag to 1.8
* Pick istio/istio commit that actually exists
* Disable ISTIO_META_DNS_CAPTURE
* Add --skip-confirmation to istioctl installl commands
* Increase test timeout. First pass at fixes.
* Update to later istio/istio that fixes DNS and minor fixes
* test fixes
* Pick up go.mod `replace` changes from #8118
* Fix istioctl-analayze and mirror
* Fix mtls-migration test
* Update istio to include commit to fix egress
* Re-enable verify with fix
* Update istio/istio ref for egress fix
* Fix tasks/security/authorization/authz-td-migration - remove ns
* Shorten wait timeout so tests complete in under an hr
* Let tests continue after wait timeout
* Fix --skip-confirmation to -y and use yes | in tests
* revert yes | to echo y |
* Additional echo y fix
* Code review comments
* Change verify from same to contains as k8s 1.19 has extra warning lines.
* automated test for viewing traces from zipkin dashboard (expectation is that traces are seen correctly)
* fix shellcheck linting errors
* remove verification of traces and just check if zipkin dashboard is accessible through port-forward
* Modify snippet generation logic to take {{< boilerplate >}} into account
* snippets for boilerplate
* fix shellcheck (linting) issues
* snippets generated with new logic
* automated test - check if zipkin dashboard is accessible by port-forwarding (as we cannot verify screenshot and the trace is already verified in istio/istio integration test
* clean up ZIPKIN_URL comment
* Address code review comments
1. Simplify boilerplate snippet filenames (remove .md_snips)
2. Sourced filenames should be in double quote(") instead of single quote(')
* fix gencheck_istio flake
* do not generate or include boilerplate snippets if there is not {{<text>}} in them
* fix linting errors in snip.py
* fix bug - filter out boilerplates without snippets very early
* add warnings about using DNS resolution
* the gateway perform -> the gateway performs
* Apply comments of @frankbu, part 1
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* remove "the" from "the DNS resolution"
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* remove the from "the DNS resolution", if ... were ... would -> if ... is ... will
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* remove the from
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* add missing cleanup for vs nginx
* add openssl req
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* add missing cleanup for vs nginx
* init sds doc
* squash commits
add simple TLS task
address issues
fix lint and secret configuration
add secret format specification
add mutual TLS task
fix lint and rename older task
make gen again
fix name
keep old directory
add warnings
lint
fix cacert issue
lint
* secure
* make gen
* rebase master
* make secret types clearer
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* run make gen
* lint
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* make gen
* add tls test
* move mesh creation
* suggestions
* add mtls test
* fix typo
* move secret section
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update istio/istio ref and reenable tests
* Update istio/istio reference
* Update istioctl build to have version for images
* Fix lint and pull a newer istio/istio
* Disable egress tests
* Add IBM Cloud Kubernetes Service specific instructions for Ingress Host
The previous instruction put IBM cloud under other environments, and the command set the Ingress Host to the wrong address.
* Update content/en/docs/setup/getting-started/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Moved IBM Cloud instructions above Docker
* Add IBM Cloud Node port Ingress host instructions to same documentation
* Update Ingress Control Tests
* Update content/en/docs/tasks/traffic-management/ingress/ingress-control/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* update snips.sh
* Update content/en/docs/tasks/traffic-management/ingress/ingress-control/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/traffic-management/ingress/ingress-control/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/traffic-management/ingress/ingress-control/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* add missing cleanup for vs nginx
* Add test for Gateway TLS Origination
* fix copyright
* Add Gateway mTLS origination
* replace <password> with password
* fix lint and autogen yes response
* oops typos
* make gen
* escape SC2154 :)
* apply suggestions and fix lint
* squash commits and cleanup branch
wrong quotes
more typos
make snips again
linter :'(
make linter happy
newline blocks
make gen 2
tab linting
try this
change service deletion
oops was deploying sleep twice
ignore nginx version lines for expected response
add update snips
lint again
make snips 3
redo check
do some magic
do some magic 2
lint tabs
remove incorrect snip matching
hack tls origination sleep deployment
hack 2
* this test is super flaky
* delete virtual service
* move scripts
* move scripts
* move to new testing framework
end file with newline and cleanup
typo
* content length shouldn't be included in snips
* comment out the final HTTP check
* Update content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/mtls_test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/tls_test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/tls_test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* ignore cleanup errors
* add source back in
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* add an example task to test
* main test function: save progress
* a working example: routing request
* improve log info and error handling
* introduce makefile
* run each test as a subtest; remove common setup from test.sh
* add another test.sh: fault-injection
* improve error handling
* check test environment
* add two more test.sh files
* fix make command for istio setup
* update two test.sh files from upstream
* add comments and update README.md
* update test.sh files from upstream
* support multiple test names
* update README
* update README.md for new framework
* remove documentation of migration steps
* undo format changes
* change separation line to '# @cleanup'
* move go code and makefile from content/ to tests/
* change package name
* make for loop more readable
* change the set of auto-sourced scripts
* add docs for all functions
* approach to deal with folders with the same name
* minor fixes to ensure everything still runs
* fix make gen error
* add a TIMEOUT argument
* make sure util/debug.sh works with new framework
* make lint-go happy
* [BIG CHANGE] allow different istio setup configs
* make linters happy
* make linters happier
* changed wording and function orders
* make error return as the 2nd argument
* add TODOs
* Update content/en/docs/tasks/traffic-management/traffic-shifting/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* only test english docs
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* allow test.sh as suffix
* move adding setup configs to tests/setup
* recommend full paths
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* require full test paths
* converting old tests to new tests: traffic-management and misc
* converting old tests to new tests: security
* remove old tests
* Update content/en/docs/tasks/security/cert-management/dns-cert/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* simplify setup configs
* Update content/en/docs/tasks/security/authentication/authn-policy/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authentication/mtls-migration/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authorization/authz-http/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* do not let istioctl prompt y/n
* Update content/en/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/traffic-management/ingress/secure-ingress/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/cert-management/plugin-ca-cert/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* simplify stuff
* rename dns-cert test.sh to test_broken.sh
* fix dns-cert doc and test
* remove egress=disabled
* fix test
* Update content/en/docs/tasks/observability/logs/access-log/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authentication/authn-policy/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* add an example task to test
* main test function: save progress
* a working example: routing request
* improve log info and error handling
* introduce makefile
* run each test as a subtest; remove common setup from test.sh
* add another test.sh: fault-injection
* improve error handling
* check test environment
* add two more test.sh files
* fix make command for istio setup
* update two test.sh files from upstream
* add comments and update README.md
* update test.sh files from upstream
* support multiple test names
* update README
* update README.md for new framework
* remove documentation of migration steps
* undo format changes
* change separation line to '# @cleanup'
* move go code and makefile from content/ to tests/
* change package name
* make for loop more readable
* change the set of auto-sourced scripts
* add docs for all functions
* approach to deal with folders with the same name
* minor fixes to ensure everything still runs
* fix make gen error
* add a TIMEOUT argument
* make sure util/debug.sh works with new framework
* make lint-go happy
* [BIG CHANGE] allow different istio setup configs
* make linters happy
* make linters happier
* changed wording and function orders
* make error return as the 2nd argument
* add TODOs
* Update content/en/docs/tasks/traffic-management/traffic-shifting/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* only test english docs
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* allow test.sh as suffix
* move adding setup configs to tests/setup
* recommend full paths
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* require full test paths
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Frank Budinsky
Caleb Olson
Faseela K
Eric Van Norman
Rodrey
Tong Li
Istio Automation
CharliePu
Jakub Horák
John Howard
Faseela K
刘旭
Yangmin Zhu
Brian Avery
danielmenezesbr
Kenjiro Nakayama
craigbox
Taction
Xiaopeng Han
Meng Wang
Shamsher Ansari
Pengyuan Bian
masquee
jacob-delgado
Zhonghu Xu
Xinnan Wen
Sam Naser
carolynhu
sudeepbatra
imgbot[bot]
Nathan Mittler
Roland Kool
Suchith J N
Lin Sun
Neeraj Poddar
Navraj Singh Chhina
Vadim Eisenberg
Gregory Hanson
Ram Vennam
Albert Sun
Morven Cao
Nicolas Haller
Hongyi Zhang