* [kiali] add viewing and editing Istio configuration YAML to the task
* The linter is failing this because it considered "Config" a spelling error. However, the actual GUI menu item is literally called "Istio Config".
Because of this, I cannot format "Istio Config" in simply bold letters (which is the Istio doc standard for denoting GUI elements).
Thus, even though its a GUI element, I have to surround with backticks to avoid this being considered a spelling error.
* Incorporate review suggestion.
Fix some other things I noticed.
* Added the Best Practices section with general principles.
This is the beginning of the new Best Practices section.
Our goal is to provide a section for all the best practices and recommendations
for Istio deployments. The best practices are based on the identified and
recommended deployment models.
Signed-off-by: rcaballeromx <grca@google.com>
* Change headings for clarity.
Adds clarity to some passages based on feedback.
Removes a list of recommendations that was causing some confusion.
Adds a glossary entry for failure domains and how they relate to a
platform's availability zones.
Signed-off-by: rcaballeromx <grca@google.com>
* Move Best Practices to Ops Guide
Signed-off-by: rcaballeromx <grca@google.com>
* Moved Deployment Best Practices to a new "Prepare Your Deployment" section.
Moved all deployment preparation content into a new section under "Setup".
For now the content includes the following sections:
- Deployment models
- Deployment best practices
- Pod requirements
Merged the two existing pages containing pod requirements into one single page.
Signed-off-by: rcaballeromx <grca@google.com>
* Replace example with better guidance around namespace tenancy.
Signed-off-by: Rigs Caballero <grca@google.com>
* Add links and language pointing to the Prepare section
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix minor typos and broken links.
Signed-off-by: Rigs Caballero <grca@google.com>
* Move from Setup to Operations
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix broken links
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix rebasing issues.
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix multicluster install link.
Signed-off-by: Rigs Caballero <grca@google.com>
* [kiali] add a new section that creates a weighted route to show kiali is more than just a pretty graph.
* spell checker failed, I assume "dropdown" and "checkbox" and "popup" must not be compound words.
(I can't get the linter to run locally on my box, so I have to commit this and see what travis says)
* address suggestions.
* Alot of the Istio community does not know that Kiali is more than just a graph.
We want to get that across. This Task can't cover it all, so this commit
adds a link to the "Features" page of the kiali website
which lists the non-graph features as well so people can at least
learn about those other features.
* add a task to show kiali validation
* Update multicluster shared-vpn doc
Update docs for the multicluster installation for Shared control plane (single-network) to make it work with `istioctl manifest`.
* Update index.md
* Apply suggestions from code review
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Added Verify Istio CNI to observability-issues.md
If using the Istio CNI to avoid granting `NET_ADMIN` to pods, the CNI
node pods must be running for metrics to be collected. The helm charts
don't include a PodSecurityPolicy, so the documentation guides users to
a non-working setup if the cluster has PodSecurityPolicy enabled.
* Markup changes to PodSecurityPolicy and NET_ADMIN
* Added backticks to `PodSecurityPolicy`
* Added backticks and link to NET_ADMIN capability requirement
* Removed trailing whitespace on line 39
* Added backticks to `istio-init`
* Use 'istioctl dashboard' instead of port-forward
* bold references to UI elements
* Cleanup dashboards
* Address comments
* Mention control-c, which is easier way to stop dashboard
Let's make additional changes in a followup PR.
* Replace "Mesh Expansion" with "VM Support" and related edits.
To avoid confusion and improve the visibility of the VM-related content, these
changes align with terminology used by our users.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix descriptions, titles and link texts.
Addressed the feedback given around the link text still containing "mesh
expansion". Also addressed the feedback around the accuracy of the
titles and descriptions used.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix bullets and descriptions.
Signed-off-by: rcaballeromx <grca@google.com>
* Return content to examples.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix broken links.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix title for accuracy.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix links for ZH content.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix language for clarity.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix broken link to SDS task.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix merge conflicts.
Signed-off-by: Rigs Caballero <grca@google.com>
* Update istioctl analyze ops doc to not recommend using master
* Apply suggestions from code review
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* fix link
* update telemetry v2 to use istio/istio test data
* Update content/en/docs/ops/telemetry/in-proxy-service-telemetry/index.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* Update content/en/docs/ops/telemetry/in-proxy-service-telemetry/index.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
- Improved look of the call to action buttons
- Removed redundant attributions on all news items, those were
leftovers from when the relesse notes were in the blog section.
- Used consistent subtitles and descriptions for all news items.
* Improve root transition doc.
* Small fix.
* Small fix.
* Small fix.
* Small fix.
* Update index.md
* Update index.md
* Small fix.
* Small fix.
* Small fix.
* Fix auth installation and its references.
* Apply suggestions from code review
Fix according to the feedback.
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* User guide for istioctl managing webhooks
* Generate the webhook configurations
* Skip long config
* Move the task to be under setup/install directory
* Add jq as a prerequisite
* Decouple installation from the user guide
* Add explanations to config
* Change the weight
* Revisions on cleanup
* Revise headings
* Revise the search instructions
* Revise the wordings
* Revise install instructions and location
* Skip --validation
* Use istioctl to generate webhook configurations
* Use istioctl to install
* Revise the commands
* Revise the wording
* Remove two comment lines
* User guide for Istio DNS certificates
A guide of how to provision and manage DNS certificates in Istio.
* Explain why uses this feature
* Use the boilerplate command
* Unindent a text block
* Add jq as a prerequisite
* Decouple installation step from the user guide
* Wording revisions
* Wording revisions and change weight
* Follow the same installation approach of CNI
* Revise the writing
* Merge the javascript functions
* Fix the lint error
- ./public/docs/tasks/security/dns-cert/index.html
* linking to /docs/setup/install/helm/#dnscerts, but dnscerts does not exist (line 58176)
<a href="/docs/setup/install/helm/#dnscerts">Customizable Install with Helm</a>
htmlproofer 3.12.0 | Error: HTML-Proofer found 1 failure!
* Use istioctl to install Istio
* Revisions according to review comments
* Add an explanation
* Revise based on review comments
* Remove the referrence to a file
* first rewrite of the DR removal till global mTLS section.
* remove all destinationrule for authn policy doc.
* lint fix
* add separate page for automtls
* restore the original authn policy
* new page with auto mtls separately.
* fix the lint
* fix lint and using istioctl manifest.
* complete the instructions for auto mlts
* finish and verify with install
* more delta before and after in strict
* header with certificate identity.
* no more helm
* apply the suggestion.
- Fix a bunch of heading capitalization.
- Remove words that shouldn't be in the dictionary
and update the text accordingly.
- Added a few @@ sequences to reference content files from text blocks.
- Used a few {{< source_branch_name >}} sequences to refer to the proper
branch in GitHub rather than master.
* remove completed pods
as they aren't shown any more, not seeing them in the generated manifest via `istioctl manifest generate --set profile=demo`
* remove sidecars
We also recently removed sidecars for policy telemetry and pilot for demo profile.
* Draft of upgrade docs
* Fixed PR comments
* More PR review comments addressed
* Added note about -f and --set flag support
* Further PR comments
* shortcode added for istioctl
* rebase and typo fixes
* Typo fixes
* fix the certificate and private key generation for the first section
* rewrite the second section
* fix the third section
* fix the troubleshooting section
* remove a reference to generating certificates and keys in the ingress passthru task
* a certificates -> a certificate, Generate a certificate -> Create a certificate
* add a cleanup subsection to set desired outbound traffic policy mode
the title: "Set the `global.outboundTrafficPolicy.mode` to your desired mode"
* remove a redundant empty line
* rename the subsection to be "Set the outbound traffic policy mode to your desired value"
* remove a semicolon at the end of the subsection's title
* add `uniq` so the output of the current outbound traffic policy mode will appear once
- Support snippets that specify the body syntax and output
syntax of the snippet.
- Snippets with bash syntax triggered an incorrect error message.
- No error message was produced for a misnamed snippet
- Convert a security task to use snippets to populate its
many preformatted blocks.
* modify watch namespace to only Istio-operator
also start the eval with demo profile first.
* use demo as the first starting point
* update grab script
* add watch ns
* fix lint
In release this is changed to below:
```yaml
global:
# Default hub for Istio images.
# Releases are published to docker hub under 'istio' project.
# Daily builds from prow are on gcr.io
hub: docker.io/istio
# Default tag for Istio images.
tag: 1.3.2
```
Not sure how to fix, but having the dev defaults here may be misleading.
Currently we are asking users to get a count of their CRDs. This is hard
because the docs fall out of sync very frequently, they may have CRDs
for the operator or something, etc. In generally its really hard to be
right here, and it involves the users manually running this command over
and over until it works.
Instead, we can just wait for the jobs to complete. This has the benefit
of working regardless of their environment, and won't fall out of date.
* Add intro, fix broken links/titles, set 80 columns
* Clarified, expanded wording and made it consistent
* Fixed curl case
* Removed tutorial node and moved to examples node
* Fixed PR comments
* migrate Deployment apiVersion from extensions/v1beta1 to apps/v1 to support k8s 1.16
* migrate Deployment, PodSecurityPolicy apiVersion to support k8s 1.16
* A compromise PR of a long original work
See PR: https://github.com/istio/istio.io/pull/5142
Pretty much everything about this PR is compromised...
* Apply reviewer comments.
* add the first version of Egress with Kubernetes Services
* add explicit disabling of TLS in destination rules
* rewrite the motivation for Kubernetes service entries
motivation: location transparency
* remove pre-Istio from .spelling
* add "The external services are not part of an Istio service mesh..."
so they cannot perform the mutual TLS of Istio.
* split a long line
* expand the explanations about disabling Istio's mutual TLS
* add explanation about disabling TLS mode in the HTTP case
* add explanation about disabling Istio mutual TLS for HTTPS case
* unencoded -> unencrypted
* fix a link
* fix the location of the task to be in content/en
* Add doc page for 'istioctl analyze'
* Address lint comments
* Fix spelling errors
* Use github_blob in link
* Changes based on PR feedback
* Fix lint issues
* More changes based on PR feedback
* Fix couple typos
* Remove one word
* Shorten title and use bulletted list
* Clarify relationship between pods and workloads
* Update content/en/docs/reference/glossary/pod.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* Task describing new experimental 'describe pod' sub-command
* Move document to troubleshooting and address comments
* Restructured so that commands and command responses are in the same text block
* Rewrite the `istioctl describe` task.
This rewrite fixes the style, tone, and language of the content. Additionally,
it adds links to relevant pages and glossary entries. Lastly, it adds and
improves the markup used.
Signed-off-by: rcaballeromx <grca@google.com>
* Add @frankbu's syntax correction for bash block
* Remove usages of curl inside istio-proxy
Distroless builds of Istio do not contain curl, so we should not tell
users to use it. Pilot-agent handles this functionality for us
* Fix lint error
* Mention mirror_percent field in mirroring task
* Apply suggestions from code review
Co-Authored-By: Adam Miller <1402860+adammil2000@users.noreply.github.com>
* Update for new istioctl value requirement
* Update Sidecar Injection docs
Part of this is fixing inaccurate information, and part is trying to
simplify it a bit. If I did a bad job simplifying I'll just revert most
of this and send just the essential fixes.
* Fix typos
* Update content/en/docs/setup/additional-setup/sidecar-injection/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Remove port name requirement
We now do protocol sniffing.
Note - this is definitely not safe to merge. We still need docs explaining protocol sniffing, and how to select a port type explicitly (required for things other than tcp/http, and more performant if you know its tcp/http). Not sure the path forward for this
* Add protocol selection doc
* Fix lint
* Add FAQ
* Added operator install guide
Added draft of operator install doc
Added entries to dict and fixed typo
Fixed tip syntax error
Moved install docs to new en folder structure
Toned-down intro, bash command fixes, reordered subsections
* PR review feedback, link from feature status page
* Fixed install verification example
I don't think we need to document every obscure edge case, especially in the very first page a user will look at. If the user follows our docs, this will never happen. If they *don't* follow the docs, they still will probably never hit this.
* Temporarily disable the user guide of Istio Vault integration for release 1.3
Istio release 1.3 uses new k8s JWT (https://github.com/istio/istio/pull/16147),
which breaks the user guide of Istio Vault CA integration for release 1.3.
This PR temporarily disables the user guide of Istio Vault CA integration for release 1.3.
* Remove unneeded info in Setup page
* You really don't need an "detailed understanding of sidecar injection"... Istio should just work out of the box.
* We already link to pod requirements at the top of the page
* Re-add sidecar injection
* Update doc for sds
* Update SDS doc for trustworthy jwt feature
* Drop legacy jwt support
* Add SDS announcement
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/docs/setup/platform-setup/_index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update index.md
* Update .spelling
* Update content/en/docs/setup/install/helm/index.md
Co-Authored-By: Romain Lenglet <romain.lenglet@berabera.info>
* Update index.md
* Update _index.md
* Update index.md
* Address comments
* Refine doc again
* Bump the support version of k8s to 1.13
* Update vendors
* Update docs
* Apply suggestions from code review
Co-Authored-By: Rigs Caballero <grca@google.com>
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Rigs Caballero <grca@google.com>
* Add Istio Deployment Models concept.
This concept replaces the old multi-cluster concept.
Includes new diagrams that comply with the diagram creation guidelines.
Updates the Chinese content to use a local copy of the previous diagrams.
Fixes all internal links to the previous version of the doc.
Signed-off-by: rcaballeromx <grca@google.com>
* Add glossary entries for needed terms.
The terms involved are:
- Cluster
- Identity
- Trust domain
Signed-off-by: rcaballeromx <grca@google.com>
* Define cluster in a platform agnostic way.
Also adds links between `identity` and `trust domain`.
Signed-off-by: rcaballeromx <grca@google.com>
* Add missing `(` in links.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix links to sections and reduce image sizes.
Signed-off-by: rcaballeromx <grca@google.com>
* Simplify the definition of `trust domain`
Signed-off-by: rcaballeromx <grca@google.com>
* Move old images to the ZH content.
Signed-off-by: rcaballeromx <grca@google.com>
* Add reworked control plane content.
Also addresses the comments left on the PR including those regarding the
diagrams.
Signed-off-by: rcaballeromx <grca@google.com>
* Add fail over example and glossary entries.
This update also reworks the control plane models section to fit the example.
Additional adjustments were made to the diagrams too.
Signed-off-by: rcaballeromx <grca@google.com>
* Move mesh models section.
Also minor fixes and edits.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix glossary entries and links.
Signed-off-by: rcaballeromx <grca@google.com>
When policy is set to an unrecognized value, the sidecar injector
defaults to [not injecting the pod, regardless of any other factors](https://github.com/istio/istio/blob/master/pkg/kube/inject/inject.go#L478)
This is different to the behvaior of `policy: disabled`, so the docs
should make that clear.
Signed-off-by: Maximilian Bischoff <maximilian.bischoff@inovex.de>
- This required fixing the script that grabs the reference docs, it had degenerated in the last
few weeks. While I was there, I made the script work using the build-tools container, and fixed
a bunch of shell script linting warnings.
John Mazzitelli
mtail
Rigs Caballero
imgbot[bot]
Martin Taillefer
John Zheng
Tao HE
Frank Budinsky
Martin Ostrowski
Eric Van Norman
Arun Fung
Hongzhi
Kuat
Kevin Kunkel
carolynhu
Ed Snible
Eric Buehl
Jimmy Chen
Jason Parraga
Diem Vu
lei-tang
Chris Wilson
Pengyuan Bian
Jonh Wendell
Oliver Liu
Jianfei Hu
Yangmin Zhu
leo
Adam Miller
Dirk Jablonski
Neeraj Poddar
Morven Cao
Lin Sun
Vadim Eisenberg
Brian Avery
John Howard
Johannes Scheuermann
Naoki Oketani
Gary Brown
Jesse Lumme
craigbox
Zhonghu Xu
Istio Automation
Joe Selman
Chunlin Yang
Steven Dake
David Ebbo
Jason Wang
Ram Vennam
LisaFC
Venil Noronha
Ryan Michela
Xinnan Wen
Jason Young
Greg Taylor
Darius Jazayeri
Douglas Reid
Sam Naser
Romain Lenglet
Martin Devlin
Phillip Quy Le
Mariam John
Eric Van Norman
ammarn911
Maximilian Bischoff
Romain Lenglet
navinger