* Add intro, fix broken links/titles, set 80 columns
* Clarified, expanded wording and made it consistent
* Fixed curl case
* Removed tutorial node and moved to examples node
* Fixed PR comments
* migrate Deployment apiVersion from extensions/v1beta1 to apps/v1 to support k8s 1.16
* migrate Deployment, PodSecurityPolicy apiVersion to support k8s 1.16
* A compromise PR of a long original work
See PR: https://github.com/istio/istio.io/pull/5142
Pretty much everything about this PR is compromised...
* Apply reviewer comments.
* add the first version of Egress with Kubernetes Services
* add explicit disabling of TLS in destination rules
* rewrite the motivation for Kubernetes service entries
motivation: location transparency
* remove pre-Istio from .spelling
* add "The external services are not part of an Istio service mesh..."
so they cannot perform the mutual TLS of Istio.
* split a long line
* expand the explanations about disabling Istio's mutual TLS
* add explanation about disabling TLS mode in the HTTP case
* add explanation about disabling Istio mutual TLS for HTTPS case
* unencoded -> unencrypted
* fix a link
* fix the location of the task to be in content/en
* Add doc page for 'istioctl analyze'
* Address lint comments
* Fix spelling errors
* Use github_blob in link
* Changes based on PR feedback
* Fix lint issues
* More changes based on PR feedback
* Fix couple typos
* Remove one word
* Shorten title and use bulletted list
* Clarify relationship between pods and workloads
* Update content/en/docs/reference/glossary/pod.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* Task describing new experimental 'describe pod' sub-command
* Move document to troubleshooting and address comments
* Restructured so that commands and command responses are in the same text block
* Rewrite the `istioctl describe` task.
This rewrite fixes the style, tone, and language of the content. Additionally,
it adds links to relevant pages and glossary entries. Lastly, it adds and
improves the markup used.
Signed-off-by: rcaballeromx <grca@google.com>
* Add @frankbu's syntax correction for bash block
* Remove usages of curl inside istio-proxy
Distroless builds of Istio do not contain curl, so we should not tell
users to use it. Pilot-agent handles this functionality for us
* Fix lint error
* Mention mirror_percent field in mirroring task
* Apply suggestions from code review
Co-Authored-By: Adam Miller <1402860+adammil2000@users.noreply.github.com>
* Update for new istioctl value requirement
* Update Sidecar Injection docs
Part of this is fixing inaccurate information, and part is trying to
simplify it a bit. If I did a bad job simplifying I'll just revert most
of this and send just the essential fixes.
* Fix typos
* Update content/en/docs/setup/additional-setup/sidecar-injection/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Remove port name requirement
We now do protocol sniffing.
Note - this is definitely not safe to merge. We still need docs explaining protocol sniffing, and how to select a port type explicitly (required for things other than tcp/http, and more performant if you know its tcp/http). Not sure the path forward for this
* Add protocol selection doc
* Fix lint
* Add FAQ
* Added operator install guide
Added draft of operator install doc
Added entries to dict and fixed typo
Fixed tip syntax error
Moved install docs to new en folder structure
Toned-down intro, bash command fixes, reordered subsections
* PR review feedback, link from feature status page
* Fixed install verification example
I don't think we need to document every obscure edge case, especially in the very first page a user will look at. If the user follows our docs, this will never happen. If they *don't* follow the docs, they still will probably never hit this.
* Temporarily disable the user guide of Istio Vault integration for release 1.3
Istio release 1.3 uses new k8s JWT (https://github.com/istio/istio/pull/16147),
which breaks the user guide of Istio Vault CA integration for release 1.3.
This PR temporarily disables the user guide of Istio Vault CA integration for release 1.3.
* Remove unneeded info in Setup page
* You really don't need an "detailed understanding of sidecar injection"... Istio should just work out of the box.
* We already link to pod requirements at the top of the page
* Re-add sidecar injection
* Update doc for sds
* Update SDS doc for trustworthy jwt feature
* Drop legacy jwt support
* Add SDS announcement
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/docs/setup/platform-setup/_index.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update index.md
* Update .spelling
* Update content/en/docs/setup/install/helm/index.md
Co-Authored-By: Romain Lenglet <romain.lenglet@berabera.info>
* Update index.md
* Update _index.md
* Update index.md
* Address comments
* Refine doc again
* Bump the support version of k8s to 1.13
* Update vendors
* Update docs
* Apply suggestions from code review
Co-Authored-By: Rigs Caballero <grca@google.com>
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/en/blog/2019/trustworthy-jwt-sds/index.md
Co-Authored-By: Rigs Caballero <grca@google.com>
* Add Istio Deployment Models concept.
This concept replaces the old multi-cluster concept.
Includes new diagrams that comply with the diagram creation guidelines.
Updates the Chinese content to use a local copy of the previous diagrams.
Fixes all internal links to the previous version of the doc.
Signed-off-by: rcaballeromx <grca@google.com>
* Add glossary entries for needed terms.
The terms involved are:
- Cluster
- Identity
- Trust domain
Signed-off-by: rcaballeromx <grca@google.com>
* Define cluster in a platform agnostic way.
Also adds links between `identity` and `trust domain`.
Signed-off-by: rcaballeromx <grca@google.com>
* Add missing `(` in links.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix links to sections and reduce image sizes.
Signed-off-by: rcaballeromx <grca@google.com>
* Simplify the definition of `trust domain`
Signed-off-by: rcaballeromx <grca@google.com>
* Move old images to the ZH content.
Signed-off-by: rcaballeromx <grca@google.com>
* Add reworked control plane content.
Also addresses the comments left on the PR including those regarding the
diagrams.
Signed-off-by: rcaballeromx <grca@google.com>
* Add fail over example and glossary entries.
This update also reworks the control plane models section to fit the example.
Additional adjustments were made to the diagrams too.
Signed-off-by: rcaballeromx <grca@google.com>
* Move mesh models section.
Also minor fixes and edits.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix glossary entries and links.
Signed-off-by: rcaballeromx <grca@google.com>
When policy is set to an unrecognized value, the sidecar injector
defaults to [not injecting the pod, regardless of any other factors](https://github.com/istio/istio/blob/master/pkg/kube/inject/inject.go#L478)
This is different to the behvaior of `policy: disabled`, so the docs
should make that clear.
Signed-off-by: Maximilian Bischoff <maximilian.bischoff@inovex.de>
- This required fixing the script that grabs the reference docs, it had degenerated in the last
few weeks. While I was there, I made the script work using the build-tools container, and fixed
a bunch of shell script linting warnings.
Frank Budinsky
Adam Miller
Naoki Oketani
Steven Dake
Martin Taillefer
Vadim Eisenberg
David Ebbo
Jason Wang
Jesse Lumme
Ram Vennam
LisaFC
Istio Automation
Lin Sun
Ed Snible
Rigs Caballero
John Howard
Johannes Scheuermann
Venil Noronha
Zhonghu Xu
Ryan Michela
Xinnan Wen
Jason Young
Jonh Wendell
Yangmin Zhu
Greg Taylor
Darius Jazayeri
Martin Ostrowski
Martin Taillefer
Douglas Reid
Sam Naser
Romain Lenglet
Martin Devlin
carolynhu
Phillip Quy Le
Jimmy Chen
Morven Cao
Mariam John
Brian Avery
lei-tang
Eric Van Norman
ammarn911
Maximilian Bischoff
Romain Lenglet
navinger