* Migrate ingress-sni-passthrough test to profile minimal
Signed-off-by: Faseela K <faseela.k@est.tech>
* fix after snapshot test
Signed-off-by: Faseela K <faseela.k@est.tech>
* update minimal profile
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix cleanup test error
Signed-off-by: Faseela K <faseela.k@est.tech>
* review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
* WIP - test
* Fix verbosity option
* Echo config
* REplace nc with echo
* Put nc back in but add a sleep
* Final update (for now) adding delay so `nc` doesn't reset the kubeconfig
* Remove extra cat'ing of kubeconfig
* Update content/en/docs/tasks/traffic-management/tcp-traffic-shifting/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update custom ca integration with k8s CSR demo to include foo and
bar namespace creation and remove an unnecessary tab from the
sleep pod command.
Signed-off-by: jaellio <jaellio@microsoft.com>
* Fix lint error
Signed-off-by: jaellio <jaellio@microsoft.com>
---------
Signed-off-by: jaellio <jaellio@microsoft.com>
* Add PDB and HPA example for gateway-api
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* gen
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* to be clear with how to apply custom metrics
Signed-off-by: oops-oom <734819342@qq.com>
* fix test error
Signed-off-by: oops-oom <734819342@qq.com>
* fix for test
Signed-off-by: oops-oom <734819342@qq.com>
Signed-off-by: oops-oom <734819342@qq.com>
* Add documentations for SkyWalking integration and task
* Add script to undeploy skywalking
* Clean up istio namespace
* Update index.md
* Address review comments
* Apply suggestions from code review
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* gateway-api: more gateway doc
* tweak
* Update content/en/docs/setup/additional-setup/gateway/index.md
Co-authored-by: John Howard <howardjohn@google.com>
Co-authored-by: John Howard <howardjohn@google.com>
* Document Sidecar Ingress TLS Termination Feature
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix lint failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failure
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failure
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix the negative test for TLS
Signed-off-by: Faseela K <faseela.k@est.tech>
* fix test
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix the verification issue with multiline command output
Signed-off-by: Faseela K <faseela.k@est.tech>
* Replace _verify_contains with _verify_first_line
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add exact result string for _verify_first_line
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix after-snapshot test error
Signed-off-by: Faseela K <faseela.k@est.tech>
* incorporate review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Incorporate review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Additional review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Small fix
Signed-off-by: Faseela K <faseela.k@est.tech>
* Additional review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
Signed-off-by: Faseela K <faseela.k@est.tech>
* gateway-api doc: ingress-sni-passthrough
* use kustomize for crds
* debug
* more debug
* use standard crd install
* try profile=none
* uninstall
* confirm install
* disable test for now
* regen
* use short_codes for gateway api version and tpye
* Update function name. Forcing name doesn't work for boilerplates?
* Fix lint
* Remove k8s_gateway_api_type
* Add update-gateway-version mkaefile target
* Fix version in test string
* Simplify id
* Fix ingress control doc related to other providers and numbering
* Run make gen
* Add back TCP_INGRESS_PORT
* Revert to dash seperator for consistency
* Update index.md
Added a quick tip for Kind users to get LoadBalancers to work.
* Added more context on Kind-related tip.
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
The test waits for vs resource, that is not even created.
Wait on SE and DR is only needed.
Signed-off-by: Faseela K <faseela.k@est.tech>
Signed-off-by: Faseela K <faseela.k@est.tech>
* build an archive of v1.14 in master
* update data/versions.yml and archive index page
* advance master to release-1.16
* Rerun `make update_ref_docs
* Update to commit on main branch to fix tests
* Disable failing test (temporary)
* Add minikube in the instructions per Kubernetes environment
I was coming from https://istio.io/latest/docs/examples/bookinfo/ "Follow these instructions to set the INGRESS_HOST and INGRESS_PORT ..." and did not realize I would have to setup the minikube tunnel as explained in the [Getting Started Guide](https://istio.io/latest/docs/setup/getting-started/#determining-the-ingress-ip-and-ports)
For this reason I suggest to add it here as well.
* incorporated reviewers suggestions
* snips and tests for the new code snippet in docu
* ran make snips
* updated test.sh with the new functin names
* also the functions
snip_determining_the_ingress_ip_and_ports_{3,5,6,7,8,9} have changed
but they seem not to be used in test.sh
* followed reviewer suggestion to revert sip numbers
- used the annotation snip_id=none to skip the snippet, see https://github.com/istio/istio.io/blob/master/tests/README.md
- took back the snip renumbering
- checked that generating snips does not bring them back again: make
snips
* used custom name for generated snip
- now using minikube_tunnel as snip_id, resulting in a generated snip id snip_minikube_tunnel
- apparently still the remaining snips get renumbered
- updated test.sh with the 2 changed snip calls
Co-authored-by: Martin Knechtel <martin.knechtel@sap.com>
* SHA-1 signatures will not work with Golang 1.18
Support for SHA-1 signatures is disabled by default in Go 1.18 or newer. When generating the certificates please use OpenSSL on MacOS to make sure the certificates will work with istio.
* Lint fixes
* Lint fix
Co-authored-by: Saverio Proto <saverioproto@microsoft.com>
Co-authored-by: craigbox <craigbox@google.com>
* Update for Wasm contents
* Fix the wrong cleanup code
* Fix the description of `extensibility` folder's description
* Apply suggestions from code review
Co-authored-by: craigbox <craigbox@google.com>
* Update _index.md
* Regenerate snips
* Add old URL path as an alias
* Update content/en/docs/tasks/extensibility/_index.md
* Add description for the wasm pull policy
Signed-off-by: Ingwon Song <igsong@google.com>
* Apply suggestions from code review
Co-authored-by: Douglas Reid <douglas-reid@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: craigbox <craigbox@google.com>
* Applying the comment from @dgn
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: Douglas Reid <douglas-reid@users.noreply.github.com>
* Improve clarity of Egress Gateway docs
Make the step 13 more clear, since it is creating a DestinationRule in the test-egress namespace and not in the default namespace.
* Update content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: craigbox <craigbox@google.com>
* Update to use the master branch of istio.io/istio for test refs
* go.* changes
* Update test and go.*
* Update to use `master` branch for make targets
* One final go mod tidy
* REmove vm test for now.
* Remove istioctl-analyze test
* Also remove using-istio-dashboard
* Wildcard egress: remove arbitrary domain section
This doc has been a nuisance for many years. It recommends an extremely
complex and dangerous pattern, relying on deploying nginx, extremely
complex EnvoyFilters enabling unsupported, custom, alpha Envoy c++
filters, and a number of other scary practices. IMO this does not belong
in Istio docs at all, and certainly not in our top level taks.
* Add back single wildcard
* Update content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Remove doc on "Istio DNS Certificate Management"
This document gives harmful advice. This feature was intended to be used
for signing control plane certificates, and actually doesn't work for
other cases (cross namespace or any modern Kubernetes version are
completely broken).
* use archive link
* name trick
* Documentation for egress mTLS origination at sidecar using credentialName in DR
The feature is already merged. So trying to add a documentation for the same.
Signed-off-by: Faseela K <faseela.k@est.tech>
* Remove duplicate code and point to the existing documentation
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add tests for mTLS origination at sidecar
Signed-off-by: Faseela K <faseela.k@est.tech>
* Update to use main branch for reference docs
* Updates to fix this for next time (not moving to master)
* Run `make gen`
* Update master istio test reference
* Ingore one shellcheck, SC1091, for now. Not sure why it just showed up
* Typo fix for GKE
* make gen
Co-authored-by: Noah Nsimbe <37845280+NoahNsimbe@users.noreply.github.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Prepare for v1.13 as istio source is already branched
* Update VM test image from 1.11 to current to test
* Rename tests to temporaily disable Issue created to reanble before 1.13
* Minor fix in egress mtls example cleanup
The document mentions some resources for cleanup
which are not actually created as part of this exercise.
Signed-off-by: Faseela K <faseela.k@est.tech>
* Adding make gen output files
Signed-off-by: Faseela K <faseela.k@est.tech>
* add test for the dry-run task
* Update content/en/docs/tasks/security/authorization/authz-dry-run/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* update release note for external authz
* address comment
* Update content/en/news/releases/1.12.x/announcing-1.12/change-notes/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* build an archive of v1.11 in master
* update data/versions.yml and archive index page
* advance master to release-1.13
* ANother script update
* go get remaing istio repos to satisfy linter
* Temporarily fix link broken by istio/api #2148
* Temporarily disable istioctl analyze test.
* Initial Telemetry API docs
Currently, the docs only have Telemetry for tracing. This adds a common
Telemetry API doc for high level info, shared for all 3 types. It also
adds some info about access logging via Telemetry.
We should likely add a similar page for Metrics, but I did not do it
here.
* fix gen
* fix dead links
* fix typo
* dead link
* one more
* 1 more?
* I hope this is it...
* again???
* Expand the gateway-api docs for 1.12
This introduces a lot more details, highlights changes in 1.12, and
discusses the differences between Istio and Gateway-API.
* erics comments
* clarify
* gen
* Update to latest istio/istio commit for istio.io tests
* Update to latest istio commit
* Additional istioctl analyze output
* Fix istioctl-analyze test
* Fix gateway doc
* Fix setting of INGRESS_HOST and more cleanup
* Fixes for unbound INGRESS_HOST
* lint fix
Co-authored-by: John Howard <howardjohn@google.com>
* Fix in attribute "name" on "metadata".
Missing tab in attribute "name" at section "Define the external authorizer" in ServiceEntry example.
* command make gen
Co-authored-by: Igor Agueme <igoragueme@outlook.com>
* Update test reference to latest istio
* Update helm output
* Update install/operator test to allow <pending> IP for running locally.
* fix lint
* Gateway changes
* Fix gateway
* Remove remaining webhook to make tests pass
* Change to use istioctl tag remove
* Remove file mount egress documentation
This is actively leading users down a bad practice. We previously did
the same for Ingress - the results were we got a lot less bugs about
file mount being very hard to use.
As is, users are directed here as the default - only if they happen to
know what "SDS" is (an implementation detail) will they realize the
other doc is better.
* gen snips
* fix test
* Fix inject
* build an archive of v1.10 in master
* update data/versions.yml and archive index page
* advance master to release-1.12
* Update istio test reference to pick up 1.12 in istioctl messages
* Fix lint and IMAGE_VERSION
* MOre changes for lint
* Use correct IMAGE_VERSION
* Skip virtual machines test - Release Blocker issue created
* Add the information that you can concatenate CA certs
Add the information that you can concatenate CA certs if you want to accept MTLS from client providing certificate signed by different CAs
* english review comments
* adding back key and also adding "value"
Co-authored-by: Laurent Demailly <ldemailly@gmail.com>
* Flag experimental pages with dagger
* Use dagger symbol in title
* Dagger in navigation titles for experimental status
* Experimental asterisk note
* Asterisk with space
* Spacing between title and asterisk
* Flag experimental and alpha status
* Update Gateway API doc
This patch updates Gateway API doc to use:
- Gateway CRD v0.3.0
- Remove `PILOT_ENABLED_SERVICE_APIS` as it is enabled by default.
* Run make gen
On deploying the existing provided configuration, the system throws a warning message stating the filters "envoy.http_connection_manager" and "envoy.router" is deprecated. Updated the filters with the right values to avoid showing warning messages while using the config.
* build an archive of v1.9 in master
* update data/versions.yml and archive index page
* advance master to release-1.11
* Update the istio test reference to master
* Remove failing deny test
* Remove another test
* Remove a third test
* Add installation instructions for use with tracing configurability
Fixes https://github.com/istio/istio.io/issues/7288
* Move installation to top
* Use istio meta cluster id env instead of canonical name
* add enable tracing option to meshconfig yaml
* Documentation fixes for Metrics Classification example
* Update for 1.9
* Fix yaml indenting to prevent kubectl apply error
* Fix typo
* use version shortcode for dynamic version, more clarifaction on examples
* fix indenting
* fix linting errors
* revise author info to pass google cla
* revise the tip content in bookinfo page
* run make gen
* Update content/en/docs/examples/bookinfo/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Add info about SNI routing
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* add to common problems
* address comments
* fix lint
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* update security doc with evaluation order, common patterns, shoter task names and some small updates
* update
* update
* add link
* update
* update
* fix lint
* Apply suggestions from code review
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* update
* Apply suggestions from code review
Co-authored-by: John Howard <howardjohn@google.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: John Howard <howardjohn@google.com>
* Update istio test ref - fix timeout failures?
* Go back to figure out why ext cp setup is failing (samples not starting)
* Again including #31560
* After 31561
* Past #31410
* test ref sha=688973e58828ffbcff2ccd9eeab41a12527c217a
* test ref 9d5ba69765#31401
* Update test ref to latest istio and change 504/408 for egress test
* Update to get around quay.io outage
* Rename Service APIs to Gateway API
* update alias
Co-authored-by: craigbox <craigbox@google.com>
* fix missing url
Co-authored-by: craigbox <craigbox@google.com>
* Make trace pod annotation warning more visible.
* Update content/en/docs/tasks/observability/distributed-tracing/configurability/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Improve the plug-in cert task.
* Small fix.
* Update content/en/docs/tasks/security/cert-management/plugin-ca-cert/index.md
Co-authored-by: Sven Mawson <sven@google.com>
* Describe the recommendation of using hierarchical CA.
* Small fix.
* Apply suggestions from code review
Co-authored-by: Sven Mawson <sven@google.com>
* Apply suggestions from code review
Co-authored-by: Sven Mawson <sven@google.com>
Co-authored-by: Sven Mawson <sven@google.com>