* Fix auth installation and its references.
* Apply suggestions from code review
Fix according to the feedback.
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* User guide for istioctl managing webhooks
* Generate the webhook configurations
* Skip long config
* Move the task to be under setup/install directory
* Add jq as a prerequisite
* Decouple installation from the user guide
* Add explanations to config
* Change the weight
* Revisions on cleanup
* Revise headings
* Revise the search instructions
* Revise the wordings
* Revise install instructions and location
* Skip --validation
* Use istioctl to generate webhook configurations
* Use istioctl to install
* Revise the commands
* Revise the wording
* Remove two comment lines
* User guide for Istio DNS certificates
A guide of how to provision and manage DNS certificates in Istio.
* Explain why uses this feature
* Use the boilerplate command
* Unindent a text block
* Add jq as a prerequisite
* Decouple installation step from the user guide
* Wording revisions
* Wording revisions and change weight
* Follow the same installation approach of CNI
* Revise the writing
* Merge the javascript functions
* Fix the lint error
- ./public/docs/tasks/security/dns-cert/index.html
* linking to /docs/setup/install/helm/#dnscerts, but dnscerts does not exist (line 58176)
<a href="/docs/setup/install/helm/#dnscerts">Customizable Install with Helm</a>
htmlproofer 3.12.0 | Error: HTML-Proofer found 1 failure!
* Use istioctl to install Istio
* Revisions according to review comments
* Add an explanation
* Revise based on review comments
* Remove the referrence to a file
* first rewrite of the DR removal till global mTLS section.
* remove all destinationrule for authn policy doc.
* lint fix
* add separate page for automtls
* restore the original authn policy
* new page with auto mtls separately.
* fix the lint
* fix lint and using istioctl manifest.
* complete the instructions for auto mlts
* finish and verify with install
* more delta before and after in strict
* header with certificate identity.
* no more helm
* apply the suggestion.
- Fix a bunch of heading capitalization.
- Remove words that shouldn't be in the dictionary
and update the text accordingly.
- Added a few @@ sequences to reference content files from text blocks.
- Used a few {{< source_branch_name >}} sequences to refer to the proper
branch in GitHub rather than master.
* fix the certificate and private key generation for the first section
* rewrite the second section
* fix the third section
* fix the troubleshooting section
* remove a reference to generating certificates and keys in the ingress passthru task
* a certificates -> a certificate, Generate a certificate -> Create a certificate
* add a cleanup subsection to set desired outbound traffic policy mode
the title: "Set the `global.outboundTrafficPolicy.mode` to your desired mode"
* remove a redundant empty line
* rename the subsection to be "Set the outbound traffic policy mode to your desired value"
* remove a semicolon at the end of the subsection's title
* add `uniq` so the output of the current outbound traffic policy mode will appear once
- Support snippets that specify the body syntax and output
syntax of the snippet.
- Snippets with bash syntax triggered an incorrect error message.
- No error message was produced for a misnamed snippet
- Convert a security task to use snippets to populate its
many preformatted blocks.
* migrate Deployment apiVersion from extensions/v1beta1 to apps/v1 to support k8s 1.16
* migrate Deployment, PodSecurityPolicy apiVersion to support k8s 1.16
* add the first version of Egress with Kubernetes Services
* add explicit disabling of TLS in destination rules
* rewrite the motivation for Kubernetes service entries
motivation: location transparency
* remove pre-Istio from .spelling
* add "The external services are not part of an Istio service mesh..."
so they cannot perform the mutual TLS of Istio.
* split a long line
* expand the explanations about disabling Istio's mutual TLS
* add explanation about disabling TLS mode in the HTTP case
* add explanation about disabling Istio mutual TLS for HTTPS case
* unencoded -> unencrypted
* fix a link
* fix the location of the task to be in content/en
* Remove usages of curl inside istio-proxy
Distroless builds of Istio do not contain curl, so we should not tell
users to use it. Pilot-agent handles this functionality for us
* Fix lint error
* Mention mirror_percent field in mirroring task
* Apply suggestions from code review
Co-Authored-By: Adam Miller <1402860+adammil2000@users.noreply.github.com>
* Temporarily disable the user guide of Istio Vault integration for release 1.3
Istio release 1.3 uses new k8s JWT (https://github.com/istio/istio/pull/16147),
which breaks the user guide of Istio Vault CA integration for release 1.3.
This PR temporarily disables the user guide of Istio Vault CA integration for release 1.3.
* Update doc for sds
* Update SDS doc for trustworthy jwt feature
* Drop legacy jwt support
* Add SDS announcement
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/docs/setup/platform-setup/_index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update index.md
* Update .spelling
* Update content/en/docs/setup/install/helm/index.md
Co-Authored-By: Romain Lenglet <romain.lenglet@berabera.info>
* Update index.md
* Update _index.md
* Update index.md
* Address comments
* Refine doc again
* Bump the support version of k8s to 1.13
* Update vendors
* Update docs
* Apply suggestions from code review
Co-Authored-By: Rigs Caballero <grca@google.com>
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Rigs Caballero <grca@google.com>
Martin Taillefer
imgbot[bot]
John Mazzitelli
Oliver Liu
Jianfei Hu
lei-tang
Frank Budinsky
Yangmin Zhu
Neeraj Poddar
Vadim Eisenberg
Rigs Caballero
Jimmy Chen
Diem Vu
John Howard
Naoki Oketani
Gary Brown
Zhonghu Xu
Istio Automation
Chunlin Yang
Ryan Michela
Xinnan Wen
LisaFC
Jonh Wendell
Greg Taylor
Ed Snible
Romain Lenglet
Phillip Quy Le
Sam Naser
Adam Miller