`Configure traffic through egress gateway with SNI proxy` section was removed from the docs in the 1.14 release
but that is still mentioned in the setup instructions for the task `Egress using Wildcard Hosts`.
* Fix minor nits on the security tasks page Plugin CA Certificate
Partially fixes: #12695
* Fix minor nits on the security tasks page for certificate management
* Update feature status for Experimental/Alpha
Based off of the feature status in features.yaml, update the
corresponding doc page.
Update navigation_level.html to only flag Experimental and Alpha
features with an asterisk '*', rather than all docs with _any_ status
set.
Add new 'alpha.md' boilerplate, similar to 'experimental.md', with a
link to https://github.com/istio/community/blob/master/FEATURE-LIFECYCLE.md
Add either 'boilerplate alpha' or 'boilerplate experimental' to all
pages which have Alpha or Experimental status set.
Tidy up pages which already had
'boilerplate experimental-feature-warning' and be consistent with
'boilerplate experimental'
Update tasks/observability/distributed-tracing/mesh-and-proxy-config
status from 'Beta/Experimental' to 'Beta', to match what's in
features.yaml (all others only have a single value here)
* Add content/zh/boilerplates/alpha.md
* Update content/en/boilerplates/alpha.md
Suggested change
Co-authored-by: Faseela K <k.faseela@gmail.com>
* Update the zh 'alpha' boilerplate to match
---------
Co-authored-by: Faseela K <k.faseela@gmail.com>
* Update Istio/SPIRE integration demo to use SPIRE Controller
Manager instead of k8s workload registration.
Signed-off-by: jaellio <jaellio@microsoft.com>
* Adds test for automatic workload registration via the SPIRE
controller manager. During cleanup, removes generated istio.yaml
and chaim.pem files. Updates label to
spiffe.io/spire-managed-identity.
Signed-off-by: jaellio <jaellio@microsoft.com>
* Adds missing newline
Signed-off-by: jaellio <jaellio@microsoft.com>
* Fix spelling error
Signed-off-by: jaellio <jaellio@microsoft.com>
* Add missing ns flag on role and rolebinding resource commands
Signed-off-by: jaellio <jaellio@microsoft.com>
* Delete sleep resources and uninstall before SPIRE
Signed-off-by: jaellio <jaellio@microsoft.com>
* Reconfigures demo so istio install is not expected to fail.
Created ClusterSPIFFEID before install istio. Previously install
would fail because the ingress gateway wasn't registered/
Signed-off-by: jaellio <jaellio@microsoft.com>
* Remove references to v1.14 and update required version to 1.14+
Signed-off-by: jaellio <jaellio@microsoft.com>
* Fix lint errors
Signed-off-by: jaellio <jaellio@microsoft.com>
---------
Signed-off-by: jaellio <jaellio@microsoft.com>
* accesslog: work with Telemetry API cluster_name
Add telemetry api example with xds.cluster_name
* removed default namespace install and fixed some linting
* Fix "spelling" error
* Update envoy filter name
* Gloss refs and other small improvemetents in ambient docs
* Update content/en/docs/ops/ambient/architecture/index.md
Co-authored-by: John Howard <howardjohn@google.com>
---------
Co-authored-by: John Howard <howardjohn@google.com>
* Make ambient warning more extreme
* Update content/en/docs/ops/ambient/getting-started/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Co-authored-by: Lin Sun <lin.sun@solo.io>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Reword this to better explain why a gateway on each node is recommended.
Signed-off-by: Benjamin Leggett <benjamin.leggett@solo.io>
* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Signed-off-by: Benjamin Leggett <benjamin.leggett@solo.io>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* ambient: add traffic routing docs
This fills in part of the architecture doc for ambient.
Note this is intentionally low-level. This attempts to mirror
https://istio.io/latest/docs/ops/configuration/traffic-management/traffic-routing/
but for ambient.
* Address Frank's comments
* Update content/en/docs/ops/ambient/architecture/index.md
Co-authored-by: Lin Sun <lin.sun@solo.io>
* Update content/en/docs/ops/ambient/architecture/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Co-authored-by: Lin Sun <lin.sun@solo.io>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* remove explicit istio-injection labeling on ns for ingress-gateway
The gateway deployment already has the annotation "sidecar.istio.io/inject=true"
Signed-off-by: Faseela K <faseela.k@est.tech>
* fix lint
Signed-off-by: Faseela K <faseela.k@est.tech>
* fix lint
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
* doc-global-downstream-max-conn-helm
* Add instructions to set global_downstream_max_connections with Helm
* Fix https://github.com/istio/istio/issues/37443
* Fix linting errors
* Address comments
* Remove global_downstream_max_connections from .spelling and add backticks where missing
* Simplify instructions on how to set global_downstream_max_connections
* Fix cleanup instructions for TLS version config task
* Address comments and run generating snips: content/en/boilerplates/snips/before-you-begin-egress.sh
generating snips: content/en/boilerplates/snips/cve-2020-007-configmap.sh
generating snips: content/en/boilerplates/snips/example.sh
generating snips: content/en/boilerplates/snips/experimental-feature-warning.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/experimental.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/external-loadbalancer-support.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/gateway-api-choose.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/gateway-api-experimental.sh
generating snips: content/en/boilerplates/snips/gateway-api-future.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/gateway-api-gamma-support.sh
--> boilerplate gateway-api-future does not have snippets
--> boilerplate gateway-api-choose does not have snippets
generating snips: content/en/boilerplates/snips/gateway-api-install-crds.sh
generating snips: content/en/boilerplates/snips/gateway-api-support.sh
--> boilerplate gateway-api-future does not have snippets
--> boilerplate gateway-api-choose does not have snippets
generating snips: content/en/boilerplates/snips/gateway-api-version.sh
generating snips: content/en/boilerplates/snips/helm-backup.sh
generating snips: content/en/boilerplates/snips/helm-jwt-warning.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/helm-preamble.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/helm-prereqs.sh
generating snips: content/en/boilerplates/snips/index.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/kubectl-multicluster-contexts.sh
generating snips: content/en/boilerplates/snips/multi-cluster-with-metallb.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/revision-tags-default-intro.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/revision-tags-default-outro.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/revision-tags-middle.sh
generating snips: content/en/boilerplates/snips/revision-tags-preamble.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/revision-tags-prologue.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/revision-tags-usage.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/security-vulnerability.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/start-httpbin-service.sh
generating snips: content/en/boilerplates/snips/start-otel-collector-service.sh
generating snips: content/en/boilerplates/snips/telemetry-tracing-tips.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/test-0.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/test-1.sh
generating snips: content/en/boilerplates/snips/test-2.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/test-3.sh
generating snips: content/en/boilerplates/snips/trace-generation.sh
generating snips: content/en/boilerplates/snips/untested-document.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/boilerplates/snips/verify-crds.sh
generating snips: content/en/boilerplates/snips/work-in-progress.sh
--> no snippet or boilerplate. skipping..
generating snips: content/en/docs/examples/bookinfo/snips.sh
--> boilerplate external-loadbalancer-support does not have snippets
generating snips: content/en/docs/examples/virtual-machines/snips.sh
generating snips: content/en/docs/ops/configuration/mesh/app-health-check/snips.sh
generating snips: content/en/docs/ops/configuration/mesh/config-resource-ready/snips.sh
generating snips: content/en/docs/ops/configuration/security/security-policy-examples/snips.sh
generating snips: content/en/docs/ops/configuration/telemetry/envoy-stats/snips.sh
generating snips: content/en/docs/ops/configuration/traffic-management/network-topologies/snips.sh
generating snips: content/en/docs/ops/diagnostic-tools/istioctl-analyze/snips.sh
--> boilerplate experimental-feature-warning does not have snippets
generating snips: content/en/docs/setup/additional-setup/cni/snips.sh
generating snips: content/en/docs/setup/additional-setup/gateway/snips.sh
--> boilerplate gateway-api-future does not have snippets
generating snips: content/en/docs/setup/additional-setup/getting-started/snips.sh
--> boilerplate gateway-api-future does not have snippets
--> boilerplate external-loadbalancer-support does not have snippets
generating snips: content/en/docs/setup/getting-started/snips.sh
--> boilerplate gateway-api-future does not have snippets
generating snips: content/en/docs/setup/install/external-controlplane/snips.sh
--> boilerplate gateway-api-future does not have snippets
--> boilerplate gateway-api-choose does not have snippets
generating snips: content/en/docs/setup/install/helm/snips.sh
--> boilerplate helm-preamble does not have snippets
generating snips: content/en/docs/setup/install/multicluster/multi-primary/snips.sh
generating snips: content/en/docs/setup/install/multicluster/multi-primary_multi-network/snips.sh
--> boilerplate multi-cluster-with-metallb does not have snippets
generating snips: content/en/docs/setup/install/multicluster/primary-remote/snips.sh
--> boilerplate multi-cluster-with-metallb does not have snippets
generating snips: content/en/docs/setup/install/multicluster/primary-remote_multi-network/snips.sh
--> boilerplate multi-cluster-with-metallb does not have snippets
generating snips: content/en/docs/setup/install/multicluster/verify/snips.sh
generating snips: content/en/docs/setup/install/multiple-controlplanes/snips.sh
--> boilerplate experimental-feature-warning does not have snippets
generating snips: content/en/docs/setup/install/virtual-machine/snips.sh
--> boilerplate experimental does not have snippets
--> boilerplate experimental does not have snippets
--> boilerplate experimental does not have snippets
generating snips: content/en/docs/setup/upgrade/canary/snips.sh
--> boilerplate revision-tags-preamble does not have snippets
--> boilerplate revision-tags-usage does not have snippets
--> boilerplate revision-tags-default-intro does not have snippets
--> boilerplate revision-tags-default-outro does not have snippets
generating snips: content/en/docs/setup/upgrade/helm/snips.sh
--> boilerplate helm-preamble does not have snippets
--> boilerplate revision-tags-preamble does not have snippets
--> boilerplate revision-tags-usage does not have snippets
--> boilerplate revision-tags-default-intro does not have snippets
--> boilerplate revision-tags-default-outro does not have snippets
generating snips: content/en/docs/tasks/extensibility/wasm-module-distribution/snips.sh
generating snips: content/en/docs/tasks/observability/distributed-tracing/jaeger/snips.sh
generating snips: content/en/docs/tasks/observability/distributed-tracing/opencensusagent/snips.sh
generating snips: content/en/docs/tasks/observability/distributed-tracing/skywalking/snips.sh
generating snips: content/en/docs/tasks/observability/distributed-tracing/zipkin/snips.sh
generating snips: content/en/docs/tasks/observability/gateways/snips.sh
generating snips: content/en/docs/tasks/observability/logs/access-log/snips.sh
generating snips: content/en/docs/tasks/observability/logs/otel-provider/snips.sh
generating snips: content/en/docs/tasks/observability/metrics/customize-metrics/snips.sh
generating snips: content/en/docs/tasks/observability/metrics/querying-metrics/snips.sh
generating snips: content/en/docs/tasks/observability/metrics/tcp-metrics/snips.sh
generating snips: content/en/docs/tasks/observability/metrics/using-istio-dashboard/snips.sh
generating snips: content/en/docs/tasks/policy-enforcement/rate-limit/snips.sh
generating snips: content/en/docs/tasks/security/authentication/authn-policy/snips.sh
generating snips: content/en/docs/tasks/security/authentication/claim-to-header/snips.sh
--> boilerplate experimental-feature-warning does not have snippets
generating snips: content/en/docs/tasks/security/authentication/jwt-route/snips.sh
generating snips: content/en/docs/tasks/security/authentication/mtls-migration/snips.sh
generating snips: content/en/docs/tasks/security/authorization/authz-custom/snips.sh
generating snips: content/en/docs/tasks/security/authorization/authz-deny/snips.sh
generating snips: content/en/docs/tasks/security/authorization/authz-dry-run/snips.sh
--> boilerplate experimental-feature-warning does not have snippets
generating snips: content/en/docs/tasks/security/authorization/authz-http/snips.sh
generating snips: content/en/docs/tasks/security/authorization/authz-ingress/snips.sh
generating snips: content/en/docs/tasks/security/authorization/authz-jwt/snips.sh
generating snips: content/en/docs/tasks/security/authorization/authz-tcp/snips.sh
generating snips: content/en/docs/tasks/security/authorization/authz-td-migration/snips.sh
generating snips: content/en/docs/tasks/security/cert-management/plugin-ca-cert/snips.sh
generating snips: content/en/docs/tasks/security/tls-configuration/workload-min-tls-version/snips.sh
generating snips: content/en/docs/tasks/traffic-management/circuit-breaking/snips.sh
generating snips: content/en/docs/tasks/traffic-management/egress/egress-control/snips.sh
generating snips: content/en/docs/tasks/traffic-management/egress/egress-gateway/snips.sh
generating snips: content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/snips.sh
generating snips: content/en/docs/tasks/traffic-management/egress/egress-kubernetes-services/snips.sh
generating snips: content/en/docs/tasks/traffic-management/egress/egress-tls-origination/snips.sh
generating snips: content/en/docs/tasks/traffic-management/egress/http-proxy/snips.sh
generating snips: content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/snips.sh
generating snips: content/en/docs/tasks/traffic-management/fault-injection/snips.sh
generating snips: content/en/docs/tasks/traffic-management/ingress/gateway-api/snips.sh
--> boilerplate gateway-api-future does not have snippets
generating snips: content/en/docs/tasks/traffic-management/ingress/ingress-control/snips.sh
generating snips: content/en/docs/tasks/traffic-management/ingress/ingress-sidecar-tls-termination/snips.sh
--> boilerplate experimental-feature-warning does not have snippets
generating snips: content/en/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/snips.sh
generating snips: content/en/docs/tasks/traffic-management/ingress/kubernetes-ingress/snips.sh
generating snips: content/en/docs/tasks/traffic-management/ingress/secure-ingress/snips.sh
generating snips: content/en/docs/tasks/traffic-management/locality-load-balancing/before-you-begin/snips.sh
generating snips: content/en/docs/tasks/traffic-management/locality-load-balancing/cleanup/snips.sh
generating snips: content/en/docs/tasks/traffic-management/locality-load-balancing/distribute/snips.sh
generating snips: content/en/docs/tasks/traffic-management/locality-load-balancing/failover/snips.sh
generating snips: content/en/docs/tasks/traffic-management/mirroring/snips.sh
generating snips: content/en/docs/tasks/traffic-management/request-routing/snips.sh
generating snips: content/en/docs/tasks/traffic-management/request-timeouts/snips.sh
generating snips: content/en/docs/tasks/traffic-management/tcp-traffic-shifting/snips.sh
generating snips: content/en/docs/tasks/traffic-management/traffic-shifting/snips.sh
* Update test.sh
* Add release note for istioctl 1.17 auth plugin removal
Signed-off-by: Keith Mattix II <keithmattix2@gmail.com>
* Respond to PR comments
Signed-off-by: Keith Mattix II <keithmattix2@gmail.com>
* Put version in backticks
Signed-off-by: Keith Mattix II <keithmattix2@gmail.com>
---------
Signed-off-by: Keith Mattix II <keithmattix2@gmail.com>
* build an archive of v1.16 in master
* update data/versions.yml and archive index page
* advance master to release-1.18
* Fix lint by moving back to older files - Note automated job will fail lint.
* Temporarily disable the istioctl-analyze test
* Termporarily remove the Performance page from the website
* Update preformance links to point to doc's relese version or latest existing page.
* Fixup another link
* Migrate ingress-sni-passthrough test to profile minimal
Signed-off-by: Faseela K <faseela.k@est.tech>
* fix after snapshot test
Signed-off-by: Faseela K <faseela.k@est.tech>
* update minimal profile
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix cleanup test error
Signed-off-by: Faseela K <faseela.k@est.tech>
* review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
* WIP - test
* Fix verbosity option
* Echo config
* REplace nc with echo
* Put nc back in but add a sleep
* Final update (for now) adding delay so `nc` doesn't reset the kubeconfig
* Remove extra cat'ing of kubeconfig
* Update content/en/docs/tasks/traffic-management/tcp-traffic-shifting/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* 2023 Istio Steering Contributor Seats
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add IBM member
Signed-off-by: Faseela K <faseela.k@est.tech>
* Apply suggestions from code review
Co-authored-by: Craig Box <craig.box@gmail.com>
* additional review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* add second member from Huawei
Signed-off-by: Faseela K <faseela.k@est.tech>
* fix order
Signed-off-by: Faseela K <faseela.k@est.tech>
* remove [] for missing link
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix order of members
Signed-off-by: Faseela K <faseela.k@est.tech>
* Apply suggestions from code review
Co-authored-by: Craig Box <craig.box@gmail.com>
* Update content/en/blog/2023/steering-contribution-seat-results/index.md
Co-authored-by: Craig Box <craig.box@gmail.com>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
Co-authored-by: Craig Box <craig.box@gmail.com>
* Clarify gateway canary upgrade
Signed-off-by: Faseela K <faseela.k@est.tech>
* Apply suggestions from code review
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update index.md
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update custom ca integration with k8s CSR demo to include foo and
bar namespace creation and remove an unnecessary tab from the
sleep pod command.
Signed-off-by: jaellio <jaellio@microsoft.com>
* Fix lint error
Signed-off-by: jaellio <jaellio@microsoft.com>
---------
Signed-off-by: jaellio <jaellio@microsoft.com>
* Announce IstioDay at KubeCon Europe 2023
Signed-off-by: Faseela K <faseela.k@est.tech>
* Apply suggestions from code review
Co-authored-by: Mitch Connors <mitchconnors@gmail.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update index.md
* Remove social hour
Signed-off-by: Faseela K <faseela.k@est.tech>
* Apply suggestions from code review
Co-authored-by: Craig Box <craig.box@gmail.com>
* fix lint
Signed-off-by: Faseela K <faseela.k@est.tech>
Signed-off-by: Faseela K <faseela.k@est.tech>
Co-authored-by: Mitch Connors <mitchconnors@gmail.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Craig Box <craig.box@gmail.com>
* Enhance docs for revision tags and add tests
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix lint failure
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix cleanup test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix cleanup for canary upgrade tests
Signed-off-by: Faseela K <faseela.k@est.tech>
* add profile none
Signed-off-by: Faseela K <faseela.k@est.tech>
* review comments
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* make gen
Signed-off-by: Faseela K <faseela.k@est.tech>
Signed-off-by: Faseela K <faseela.k@est.tech>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Add more context
* Update content/en/docs/ops/configuration/traffic-management/network-topologies/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/ops/configuration/traffic-management/network-topologies/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/ops/configuration/traffic-management/network-topologies/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/ops/configuration/traffic-management/network-topologies/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* As per discuss in https://github.com/istio/istio/pull/42962#issuecomment-1402236303
* Lint fix
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Add PDB and HPA example for gateway-api
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* gen
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Doc for installing multiple control planes using revisions and discoverySelectors
Signed-off-by: Faseela K <faseela.k@est.tech>
* make gen
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test
Signed-off-by: Faseela K <faseela.k@est.tech>
* enable peer-auth
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test
Signed-off-by: Faseela K <faseela.k@est.tech>
* Review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* More review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Additional review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Remove duplicates that came from commit suggestion
* Rerun make gen
Signed-off-by: Faseela K <faseela.k@est.tech>
Signed-off-by: Faseela K <faseela.k@est.tech>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* fix: envoy statistics config documentation
* chore: make gen
* feat: sync from istio/api
* Update content/zh/docs/ops/configuration/telemetry/envoy-stats/index.md
Co-authored-by: Michael <haifeng.yao@daocloud.io>
Co-authored-by: Michael <haifeng.yao@daocloud.io>
Fix linting issues
./en/docs/setup/platform-setup/gardener/index.md:15: MD009 Trailing spaces
./en/docs/setup/platform-setup/gardener/index.md:72: MD009 Trailing spaces
Fix linter identified typos
19 | ternatively, [23 Technologies GmbH](https://23technologies.cloud
19 | managed Gardener service that conviniently works with all supported clou
19 | and comes with a free trial: [Okeanos](https://okeanos.dev/). Simil
19 | ACKIT](https://stackit.de/), [B'Nerd](https://bnerd.com/), [MetalS
19 | B'Nerd](https://bnerd.com/), [MetalStack](https://metalstack.cloud/),
21 | log/2018/05/17/gardener/) on [kubernetes.io](https://kubernetes.io/blog).
resolve with recommendations from istio team
incorporate feedback from @ericvn and cleanup
* to be clear with how to apply custom metrics
Signed-off-by: oops-oom <734819342@qq.com>
* fix test error
Signed-off-by: oops-oom <734819342@qq.com>
* fix for test
Signed-off-by: oops-oom <734819342@qq.com>
Signed-off-by: oops-oom <734819342@qq.com>
* Add 1.16.0 release notes
* WIP: grammer fixes and start the announcement post
* remove revert
* add notes
* Update content/en/news/releases/1.16.x/announcing-1.16/_index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* add ext auth promotion to beta
* add jwt claim based routing and organize
* Update content/en/news/releases/1.16.x/announcing-1.16/_index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* add missing release note items
* Update content/en/news/releases/1.16.x/announcing-1.16/change-notes/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* multiple grammatical fixes
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
This is the last reference to extensions/v1beta1 API in our docs(this was removed in Kubernetes 1.22 release). Removing old
references from our docs. The remaining references are in the blogs referencing previous releases (won't update those).
Partially Fixes: #12216
* Add documentations for SkyWalking integration and task
* Add script to undeploy skywalking
* Clean up istio namespace
* Update index.md
* Address review comments
* Apply suggestions from code review
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* gateway-api: more gateway doc
* tweak
* Update content/en/docs/setup/additional-setup/gateway/index.md
Co-authored-by: John Howard <howardjohn@google.com>
Co-authored-by: John Howard <howardjohn@google.com>
* Document Sidecar Ingress TLS Termination Feature
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix lint failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failure
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failure
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix the negative test for TLS
Signed-off-by: Faseela K <faseela.k@est.tech>
* fix test
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix the verification issue with multiline command output
Signed-off-by: Faseela K <faseela.k@est.tech>
* Replace _verify_contains with _verify_first_line
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add exact result string for _verify_first_line
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix after-snapshot test error
Signed-off-by: Faseela K <faseela.k@est.tech>
* incorporate review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Incorporate review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Additional review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Small fix
Signed-off-by: Faseela K <faseela.k@est.tech>
* Additional review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
Signed-off-by: Faseela K <faseela.k@est.tech>
* gateway-api doc: ingress-sni-passthrough
* use kustomize for crds
* debug
* more debug
* use standard crd install
* try profile=none
* uninstall
* confirm install
* disable test for now
* regen
* Release notes for Istio 1.14.5
* Fix lint
* Fix lint
* Update the notes
* Revisisons
* Update notes
* Update content/en/news/releases/1.14.x/announcing-1.14.5/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update release date
* Update content/en/news/releases/1.14.x/announcing-1.14.5/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update content/en/news/releases/1.14.x/announcing-1.14.5/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Lei Tang <32078630+lei-tang@users.noreply.github.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* use short_codes for gateway api version and tpye
* Update function name. Forcing name doesn't work for boilerplates?
* Fix lint
* Remove k8s_gateway_api_type
* Add update-gateway-version mkaefile target
* Fix version in test string
* Simplify id
* Fix ingress control doc related to other providers and numbering
* Run make gen
* Add back TCP_INGRESS_PORT
* Revert to dash seperator for consistency
* Update index.md
Added a quick tip for Kind users to get LoadBalancers to work.
* Added more context on Kind-related tip.
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Release notes for Istio 1.13.8
* Add a new release notes entry
* Fix lint
* Update the release date
Co-authored-by: Lei Tang <32078630+lei-tang@users.noreply.github.com>
* Release noets for Istio 1.14.4
* Fix a lint error
* Add a new release note entry
* Update release date
Co-authored-by: Lei Tang <32078630+lei-tang@users.noreply.github.com>
The test waits for vs resource, that is not even created.
Wait on SE and DR is only needed.
Signed-off-by: Faseela K <faseela.k@est.tech>
Signed-off-by: Faseela K <faseela.k@est.tech>
* add contributors for ambient
* missed 1 name
* reword based on craig and eric's feedback
* more cleanup
* another name missed
* Update content/en/blog/2022/introducing-ambient-mesh/index.md
Co-authored-by: craigbox <craigbox@google.com>
* Update index.md
* fix trailing space
* re-italicize
* clean up spelling dups and sort
* add Kevin who contributed AWS support for ambient
Co-authored-by: craigbox <craigbox@google.com>
* add contributors for ambient
* missed 1 name
* reword based on craig and eric's feedback
* more cleanup
* another name missed
* Update content/en/blog/2022/introducing-ambient-mesh/index.md
Co-authored-by: craigbox <craigbox@google.com>
* Update index.md
* fix trailing space
* re-italicize
Co-authored-by: craigbox <craigbox@google.com>
* Blog fixes
* Add banner
* Apply suggestions from Frank's code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Fix lint
* spelling
* Fix lint
* Update content/en/events/banners/announcing-ambient-mesh.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Craig Box <craig.box@gmail.com>
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* build an archive of v1.14 in master
* update data/versions.yml and archive index page
* advance master to release-1.16
* Rerun `make update_ref_docs
* Update to commit on main branch to fix tests
* Disable failing test (temporary)
* Test moving up a Hugo version and replace BlackFriday with GoldMark.
* remove markdownify
* Update URL to not use relative for parent page
* Restore moarkdownify in centered block to fix (about/deployment)
* Add markdownify to tip, info, warning, quote
* Dmarkdownify tabsets
* Tweak indentation. Fixes companies. Does not fix the interactive panels.
* Update config.toml, rebase
* unindent ecosytem
* comapnaies looks OK,but not interactive_panels
* Revert panel change
* markdownify interactive panel?
* Put markdownify back - delete section_description
* Promoted command x uninstall to install
Signed-off-by: Tong Li <litong01@us.ibm.com>
* Promoted command x uninstall to install
Signed-off-by: Tong Li <litong01@us.ibm.com>
* Promoted command x uninstall to install
Signed-off-by: Tong Li <litong01@us.ibm.com>
* Update content/en/docs/setup/install/operator/test.sh
Promoted command x uninstall to install
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Signed-off-by: Tong Li <litong01@us.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update test ref to 1.15.0-beta.1
* Change order for hem test output
* Go back to most likely sort over, but remove REV since it may change.
* Update test to just verify that both revisions exist
* But the revisions back in the doc
* Inform users of bad builds
* move to news
* Move to security
* Fix 1.13.6 notice
* review comments
* review
* Update content/en/news/security/istio-security-2022-006/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* fix links
Co-authored-by: Jacob Delgado <jacob.delgado@volunteers.acasi.info>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Release notes of Istio 1.13.6
* Remove trailing space
* Remove a trailing space
* Edit the go version FYI
Co-authored-by: Lei Tang <32078630+lei-tang@users.noreply.github.com>
* Advanced Helm chart customization doc
As per the WG meeting, it was decided not to allow support for new values in istio helm charts
(unless there is substantial evidence it is needed by a large number of people); instead create an istio.io doc on last mile helm customization
Signed-off-by: Faseela K <faseela.k@est.tech>
* Update references section
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add link to the new document in the main helm install page
Signed-off-by: Faseela K <faseela.k@est.tech>
* incorporate review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix lint error
Signed-off-by: Faseela K <faseela.k@est.tech>
* Incorporate additional review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Review comments, and fix deployment name in kustomize patch
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix helm template command
Signed-off-by: Faseela K <faseela.k@est.tech>
* specify namespace in the helm commands
Signed-off-by: Faseela K <faseela.k@est.tech>
* format helm template command output
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix intend
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add minikube in the instructions per Kubernetes environment
I was coming from https://istio.io/latest/docs/examples/bookinfo/ "Follow these instructions to set the INGRESS_HOST and INGRESS_PORT ..." and did not realize I would have to setup the minikube tunnel as explained in the [Getting Started Guide](https://istio.io/latest/docs/setup/getting-started/#determining-the-ingress-ip-and-ports)
For this reason I suggest to add it here as well.
* incorporated reviewers suggestions
* snips and tests for the new code snippet in docu
* ran make snips
* updated test.sh with the new functin names
* also the functions
snip_determining_the_ingress_ip_and_ports_{3,5,6,7,8,9} have changed
but they seem not to be used in test.sh
* followed reviewer suggestion to revert sip numbers
- used the annotation snip_id=none to skip the snippet, see https://github.com/istio/istio.io/blob/master/tests/README.md
- took back the snip renumbering
- checked that generating snips does not bring them back again: make
snips
* used custom name for generated snip
- now using minikube_tunnel as snip_id, resulting in a generated snip id snip_minikube_tunnel
- apparently still the remaining snips get renumbered
- updated test.sh with the 2 changed snip calls
Co-authored-by: Martin Knechtel <martin.knechtel@sap.com>
* Add Gateway API blog
* Spelling
* Relative links
* Link Gateway API docs
* Update content/en/blog/2022/gateway-api-beta/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Changes from review
* Add final blog URL
* Add SMI blog URL
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* SHA-1 signatures will not work with Golang 1.18
Support for SHA-1 signatures is disabled by default in Go 1.18 or newer. When generating the certificates please use OpenSSL on MacOS to make sure the certificates will work with istio.
* Lint fixes
* Lint fix
Co-authored-by: Saverio Proto <saverioproto@microsoft.com>
Co-authored-by: craigbox <craigbox@google.com>
* Update for Wasm contents
* Fix the wrong cleanup code
* Fix the description of `extensibility` folder's description
* Apply suggestions from code review
Co-authored-by: craigbox <craigbox@google.com>
* Update _index.md
* Regenerate snips
* Add old URL path as an alias
* Update content/en/docs/tasks/extensibility/_index.md
* Add description for the wasm pull policy
Signed-off-by: Ingwon Song <igsong@google.com>
* Apply suggestions from code review
Co-authored-by: Douglas Reid <douglas-reid@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: craigbox <craigbox@google.com>
* Applying the comment from @dgn
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: Douglas Reid <douglas-reid@users.noreply.github.com>
* Add missing change notes
New change notes were added after the original change notes PR.
This PR adds the missing change notes.
* Fix lint
* Add two more missing items
* Improve clarity of Egress Gateway docs
Make the step 13 more clear, since it is creating a DestinationRule in the test-egress namespace and not in the default namespace.
* Update content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: craigbox <craigbox@google.com>
* More clarification about performance numbers
* rewrite and put in appropriate place
* Update content/en/blog/2022/cryptomb-privatekeyprovider/index.md
Forgot a "t", my bad
* Update index.md
* Update content/en/blog/2022/cryptomb-privatekeyprovider/index.md
* Update content/en/blog/2022/cryptomb-privatekeyprovider/index.md
Don't like ending with a period?
Co-authored-by: craigbox <craigbox@google.com>
* Fix ServiceEntry example in concepts/traffic-management (#11396)
This change replaces the incorrect mTLS egress example with a simpler,
valid example that adjusts the TCP connection timeout.
Page: Documentation / Concepts / Traffic Management
Section: Service entry example
URL: https://istio.io/latest/docs/concepts/traffic-management/#service-entry-example
* Revert apiVersion change in DestinationRule example
Change back to v1alpha3 to be consistent with rest of page
Co-authored-by: John Howard <howardjohn@google.com>
Co-authored-by: John Howard <howardjohn@google.com>
* Update to use the master branch of istio.io/istio for test refs
* go.* changes
* Update test and go.*
* Update to use `master` branch for make targets
* One final go mod tidy
* REmove vm test for now.
* Remove istioctl-analyze test
* Also remove using-istio-dashboard
* add tests to gateway setup
* manually cleanup the minimal istio install
* Add canary upgrade test
* convert rewrite-repo to a helper function
* upgrade helm test
* lint fixes
* left over validatingwebhook from a prior test
* remove boilerplate check
* undo elided pod names
* gen snip
* Remove validatingwebhookconfigurations deletion
* remove webhook configs pending fix in istio
* remove webhook configs pending fix in istio
* revert some changes
* remove temp webhook removals
* remove revision labeled mutating webhooks
* revert revision-tags-middle change
* make gen
* Wildcard egress: remove arbitrary domain section
This doc has been a nuisance for many years. It recommends an extremely
complex and dangerous pattern, relying on deploying nginx, extremely
complex EnvoyFilters enabling unsupported, custom, alpha Envoy c++
filters, and a number of other scary practices. IMO this does not belong
in Istio docs at all, and certainly not in our top level taks.
* Add back single wildcard
* Update content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Remove doc on "Istio DNS Certificate Management"
This document gives harmful advice. This feature was intended to be used
for signing control plane certificates, and actually doesn't work for
other cases (cross namespace or any modern Kubernetes version are
completely broken).
* use archive link
* name trick
* Documentation for egress mTLS origination at sidecar using credentialName in DR
The feature is already merged. So trying to add a documentation for the same.
Signed-off-by: Faseela K <faseela.k@est.tech>
* Remove duplicate code and point to the existing documentation
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add tests for mTLS origination at sidecar
Signed-off-by: Faseela K <faseela.k@est.tech>
* 1.13.4 release note
* bump version
* Update content/en/news/releases/1.13.x/announcing-1.13.4/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update content/en/news/releases/1.13.x/announcing-1.13.4/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* remove reverted release note
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Steven Landow <steven@stlcomputerservices.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* add 1.12.6 release notes
* Update content/en/news/releases/1.12.x/announcing-1.12.6/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update content/en/news/releases/1.12.x/announcing-1.12.6/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Fixes some broken suggested recording rules that treated
`istio_tcp_sent_bytes_total` and `istio_tcp_sent_received_total` as if
they were distribution type metrics rather than counters.
I have also reordered the metrics to more closely align with the order
on the "Istio Standard Metrics" page.
Fixes#10311
* Add istiocon registration blog
* Update _index.md
* Fix lint
* Rename _index.md. I don't think it will show in the list otherwise
Co-authored-by: craigbox <craigbox@google.com>
* Add document on "Understanding DNS"
This is a follow-on to the recent docs "Understanding traffic routing"
and "Understanding TLS" where I attempt to give in depth explainations
of some of the implementation details of some commonly misunderstood
parts of Istio.
In particular, this aims to clear up how app DNS, DNS proxying, and
Envoy DNS resolution interact.
* Apply suggestions from code review
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Add non-success info
* Update content/en/docs/ops/configuration/traffic-management/dns/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* tie in dns proxy
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update support policy to reflect changes
* Update content/en/docs/releases/supported-releases/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Apply suggestions from code review
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Fix docs for installation: IstioOperator is not suggested for a production environment
* Update index.md
Fix issue "Multiple consecutive blank lines"
* Fixed#10963 for zn docs, about IstioOperator is not suggested on production environment
* Add note about gateways to protocol selection
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update to use main branch for reference docs
* Updates to fix this for next time (not moving to master)
* Run `make gen`
* Update master istio test reference
* Ingore one shellcheck, SC1091, for now. Not sure why it just showed up
* wip: 1.13 release announcement and notes
* regen notes
* merge some duplicated notes
* touchup formatting
* apply formatting suggestions
Co-authored-by: jacob-delgado <jacob.delgado@volunteers.acasi.info>
Co-authored-by: John Howard <howardjohn@google.com>
* Update content/en/news/releases/1.13.x/announcing-1.13/change-notes/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update content/en/news/releases/1.13.x/announcing-1.13/change-notes/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update content/en/news/releases/1.13.x/announcing-1.13/change-notes/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update content/en/news/releases/1.13.x/announcing-1.13/change-notes/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update content/en/news/releases/1.13.x/announcing-1.13/change-notes/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update content/en/docs/releases/supported-releases/index.md
Co-authored-by: jacob-delgado <jacob.delgado@volunteers.acasi.info>
* Apply suggestions from code review
Co-authored-by: craigbox <craigbox@google.com>
* Apply suggestions from code review
Co-authored-by: craigbox <craigbox@google.com>
* add announcement
* update supported versions
* spellling
* Update content/en/news/releases/1.13.x/announcing-1.13/_index.md
Co-authored-by: craigbox <craigbox@google.com>
* Update content/en/news/releases/1.13.x/announcing-1.13/_index.md
Co-authored-by: craigbox <craigbox@google.com>
* spelling adjust
* Fixed wrong year
* Explain that the change is to improve the security
* Fixed a typo
* Removed an obsolete item
* Fix lint error of "Ensure markdown content uses relative references to istio.io"
* Fix another lint error of "Ensure markdown content uses relative references to istio.io"
* Fix yet another lint error of "Ensure markdown content uses relative references to istio.io"
* Fixed the date and the extra spaces in last column
* Reorder items into groups
* Fixed an issue URL and a lint error
* add missingnotes
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* lint
* Update content/en/news/releases/1.13.x/announcing-1.13/change-notes/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update content/en/news/releases/1.13.x/announcing-1.13/change-notes/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update content/en/news/releases/1.13.x/announcing-1.13/change-notes/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Fix bullet indention
* Remove extraneous characters
* Update release date to Feb 11.
Co-authored-by: jacob-delgado <jacob.delgado@volunteers.acasi.info>
Co-authored-by: John Howard <howardjohn@google.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: lei-tang <32078630+lei-tang@users.noreply.github.com>
* Typo fix for GKE
* make gen
Co-authored-by: Noah Nsimbe <37845280+NoahNsimbe@users.noreply.github.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Add release notes for 1.11.6
* Apply suggestions from code review
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Information about holdApplicationUntilProxyStarts
This is a very extended topic about networking issues with pods with the istio-proxy sidecar container and is not spread or well documented.
Many people using solutions as "curl -fsI http://localhost:15021/healthz/ready", or post start hooks, even changing logics in scripts etc.
Adding this in this related documentation can help people find this feature easily.
* Fix letfover d
Remove leftover d in added
* Apply suggestions from craigbox
Co-authored-by: craigbox <craigbox@google.com>
* Update index.md
Remove trailing space in line 245.
Co-authored-by: Adrian Rico <aseguirico@gmail.com>
Co-authored-by: craigbox <craigbox@google.com>
This update adds the Rappi case study with reviewed/approved copy, and
a few assets to go with it.
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: craigbox <craigbox@google.com>
This adds a new Bluecore case study with approved/reviewed copy, new
graphics, and a few additions to the spelling file.
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: craigbox <craigbox@google.com>
* docs: update servicemesher to CNC
ServiceMesher Community is no longer running. Instead, we are running Cloud Native Community(China) now.
* Update _index.md
* Prepare for v1.13 as istio source is already branched
* Update VM test image from 1.11 to current to test
* Rename tests to temporaily disable Issue created to reanble before 1.13
* docs(platform-setup): add guide to install istio in tencent-cloud-mesh
Signed-off-by: Xunzhuo <mixdeers@gmail.com>
* fix: lint errors
* fix: update refer to review from eric
Signed-off-by: Xunzhuo <mixdeers@gmail.com>
* fix: change images into English and update related links to english
Signed-off-by: Xunzhuo <mixdeers@gmail.com>
* Update index.md
* Added a small section on common errors while accessing headless services
* Fixed lint errors
* Removed unnecessary config details
* Few corrections and restructuring
* Updated commands for easier copying
* Minor fix in egress mtls example cleanup
The document mentions some resources for cleanup
which are not actually created as part of this exercise.
Signed-off-by: Faseela K <faseela.k@est.tech>
* Adding make gen output files
Signed-off-by: Faseela K <faseela.k@est.tech>
* analysis message IST0150
* add message to analysis.yaml
* analysis message IST0150
* add message to analysis.yaml
* modify link example
* remove trailing space
* Update content/en/docs/reference/config/analysis/ist0150/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Add CORS faq
This is very commonly confused topic, so having a page will hopefully
help or provide a simple link to users struggling.
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* add test for the dry-run task
* Update content/en/docs/tasks/security/authorization/authz-dry-run/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* update release note for external authz
* address comment
* Update content/en/news/releases/1.12.x/announcing-1.12/change-notes/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* build an archive of v1.11 in master
* update data/versions.yml and archive index page
* advance master to release-1.13
* ANother script update
* go get remaing istio repos to satisfy linter
* Temporarily fix link broken by istio/api #2148
* Temporarily disable istioctl analyze test.
* Update platform setup for kops 1.22+
* Update index.md
* Update index.md
* Update content/en/docs/setup/platform-setup/kops/index.md
* Update content/en/docs/setup/platform-setup/kops/index.md
* Update content/en/docs/setup/platform-setup/kops/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Initial Telemetry API docs
Currently, the docs only have Telemetry for tracing. This adds a common
Telemetry API doc for high level info, shared for all 3 types. It also
adds some info about access logging via Telemetry.
We should likely add a similar page for Metrics, but I did not do it
here.
* fix gen
* fix dead links
* fix typo
* dead link
* one more
* 1 more?
* I hope this is it...
* again???
* Expand the gateway-api docs for 1.12
This introduces a lot more details, highlights changes in 1.12, and
discusses the differences between Istio and Gateway-API.
* erics comments
* clarify
* gen
* add authz limitation
* Apply suggestions from code review
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update to latest istio/istio commit for istio.io tests
* Update to latest istio commit
* Additional istioctl analyze output
* Fix istioctl-analyze test
* Fix gateway doc
* Fix setting of INGRESS_HOST and more cleanup
* Fixes for unbound INGRESS_HOST
* lint fix
Co-authored-by: John Howard <howardjohn@google.com>
* Add usage warning for in-cluster operator
* iterate on comments
* move helm back to alpha
* in-cluster operator -> operator
* change istioctl and helm ordering
* change wording to is not needed
* iterate on comments
* Improve DestinationRule Security Best Practices
* Add instructions for improving security using subjectAltNames which is
not checked by default.
* Add instructions to turn on VERIFY_CERTIFICATE_AT_CLIENT to decrease
friction of checking certificates against a CA.
* Escalate certificate validation that is not being done to a warning to
increase visibility.
* Add Clarification to certificate validation.
* Add explanation of using system to enable OS CA certificate usage.
* Clarify subjectAltName usage and why it is important
* Fix linter error
* Clarify CA cert used and user need for an sni value
* Fix in attribute "name" on "metadata".
Missing tab in attribute "name" at section "Define the external authorizer" in ServiceEntry example.
* command make gen
Co-authored-by: Igor Agueme <igoragueme@outlook.com>
* Update test reference to latest istio
* Update helm output
* Update install/operator test to allow <pending> IP for running locally.
* fix lint
* Gateway changes
* Fix gateway
* Remove remaining webhook to make tests pass
* Change to use istioctl tag remove
This updates the trust-domain reference link. The spiffe docs site is
updated and this fix the direct link to the trust-domain anchor.
Signed-off-by: Dhi Aurrahman <dio@rockybars.com>
* minor improvements in the Reporting Bugs page
- Adds recommendation to obtain output of istioctl analyze in the case of manual dump (I think it is great to collect this if bug-report is not possible)
- Adds commands to obtain gateways and sidecar logs
- Adds a note on using `--include` if the bug-report is failing to complete in the case of large clusters linking to reference docs for other options.
* apply suggestions form review and fix lint error
* Fixes lint errors
* move analyze to the beginning, logs examples
* Update content/en/docs/releases/bugs/index.md
removing space
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Adds missing period and fix identation
* Fixes identation for components and sidecar logs.
* Fixes MD004 with lists
* Fix MD007 Unordered list indentation
Co-authored-by: Cynthia Lopes do Sacramento <clsacramento@google.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* [release-1.11] Add release notes for 1.11.2
* fixed make lint
* change files according to comments
* fixed another lint error
* add missing CL
* eric's comments
* Update content/en/news/releases/1.11.x/announcing-1.11.2/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Ryan King <ryan.king@solo.io>
Co-authored-by: Ryan King <ryan.taylor.king@gmail.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Remove file mount egress documentation
This is actively leading users down a bad practice. We previously did
the same for Ingress - the results were we got a lot less bugs about
file mount being very hard to use.
As is, users are directed here as the default - only if they happen to
know what "SDS" is (an implementation detail) will they realize the
other doc is better.
* gen snips
* fix test
* Fix inject
* Helm can use revision tags
Update canary and helm docs to clarify use of stable revision labels.
Cleanup the docs appropriately and point to existing blogs and diagrams
that detail this functionality better.
* Code review comments
* Fix linter
* Fix usage
* Update comments
* build an archive of v1.10 in master
* update data/versions.yml and archive index page
* advance master to release-1.12
* Update istio test reference to pick up 1.12 in istioctl messages
* Fix lint and IMAGE_VERSION
* MOre changes for lint
* Use correct IMAGE_VERSION
* Skip virtual machines test - Release Blocker issue created
* add best practice to restart proxies after applying network policy
* Update content/en/docs/ops/best-practices/security/index.md
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: craigbox <craigbox@google.com>
* Test banner for warning of using istio < 1.10 with k8s 1.22
* Fix spelling error in lint
* Tone down message
* Reworded banner
* Lower number of impressions
* Shorten message due to formatting issues
* Update content/en/events/banners/kubernetes-1.22-with-older-releases.md
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: craigbox <craigbox@google.com>
* Document rewriting of TCP based probes (see istio 33734)
https://github.com/istio/istio/pull/33734
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
* run make gen
* make it obvious that the same rewrite action is done on both HTTP and TCP probes
Co-authored-by: craigbox <craigbox@google.com>
* fix typo
* apply more review comments
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
* fix apiVersion for gw install
getting an error for current doc:
```
error: unable to recognize "iop.yaml": no matches for kind "IstioOperator" in version "operator.istio.io/v1alpha1"
```
* update apiversion for istio operator
Co-authored-by: Lin Sun <lin.sun@solo.io>
Now that the Kiali addon has been upgraded to v1.36, there is no longer the monitoring dashboard CRD that we have to worry about. This is what caused that timing error (the CRD would fail to be established in time before the dashboards themselves started to get created).
Since this timing error won't happen, we can remove this warning in the docs.
* Add the information that you can concatenate CA certs
Add the information that you can concatenate CA certs if you want to accept MTLS from client providing certificate signed by different CAs
* english review comments
* adding back key and also adding "value"
Co-authored-by: Laurent Demailly <ldemailly@gmail.com>
* add normalization guideline in security best practice
* Apply suggestions from code review
Co-authored-by: Justin Pettit <jdpettit@google.com>
* add link
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Justin Pettit <jdpettit@google.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Announce steering election and TOC election result
* Upon leaving the project, a member of Project Mayhem has a name
* update w/Neeraj's suggestions & new links
* you really care about trailing spaces, don't you linter?
Mariam John
Istio Automation
Lin Sun
majeshps
Paddy Doyle
Jackie Elliott
Carl Eastman
Frank Budinsky
John Howard
Ben Leggett
zirain
Faseela K
Daniel Hawton
SRodi
Xiaopeng Han
Keith Mattix II
Michael
AndreaM12345
Eric Van Norman
demotascha
Michael
Daniel Hawton
Niranjan Shankar
Kalya Subramanian
Sam Naser
Craig Box
Peter Jausovec
Whitney Griffith
Steve Zhang
Aryan Gupta
Alan Wang
Whitney Griffith
vasu1124
Max Lambrecht
Chen Xintong
Franciszek Pogodziński
oops-oom
Bo-Cheng Chu
John Mazzitelli
Christine Kim
Ihor Sychevskyi
tedli
Caleb Olson
kezhenxu94
lei-tang
Darnele Pierre-Louis
Rachael Luo
Aryan Gupta
akitok
Rodrey
Ikumi Nakamura
Petr McAllister
craigbox
Tong Li
Chase Andries
stewartbutler
abasitt
Iris
verysonglaa
Jacek Ewertowski
Ingwon Song
Jason Wang
CharliePu
Jakub Horák
Yossi Mesika
Ravi kumar Veeramally
Mitch Connors
rotimiawani
merusso
Oliver Liu
Zhonghu Xu
yanrongshi
Daniel Hawton
bobbypower-asm
Alexandre Alves Alvino
Kenan O'Neal
kinzhi
Ram Vennam
Steven Landow
Dennis Effing
Greg Hanson
Daniel Grimm
Pengyuan Bian
zirain
lgadban
nickgooding
Jonh Wendell
zhaohuabing
Kevin
John Zheng
jacob-delgado
keyolk
Tim Ebert
Edgar Hernández
Steven Landow
Jonh Wendell
Erik L. Arneson
plucury
Xunzhuo
Deepak Pakhale
sha-rath
Faseela K
Takeshi Yoneda
eliavem
Nick
Marc Bachmann
Yangmin Zhu
刘旭
IM CHAECHEOL
Daniel Gospodinow
Sam Naser
Paul Lin
Andrii
Kenan O'Neal
Ryan King
Avi Miller
Dhi Aurrahman
Cynthia Lopes do Sacramento
Sungyun Hur
Douglas Reid
Shamsher Ansari
Jianfei Hu
Ryan King
Philipp Stehle
AndreaM12345
Neeraj Poddar
zirain
María Cruz
silenceshell
Brian Avery
danielmenezesbr