The destination.service attribute is being deprecated in the favor of
destination.service.host. This commit updates the match expression in
the TCP metrics guide to reflect the same.
Signed-off-by: Venil Noronha <veniln@vmware.com>
Partner components (adapters not controlled by the Istio org) are now
called out as such on their page. Component authors have a chance to put
all sorts of info about their component to make it easy for customers
to find and use their component.
* Site improvements.
- For SVG images, authors no longer need to specify image ratios
(which is a constant source of errors)
- Move more icons into the new icons.svg file to further reduce
average page load times.
- Rationalize Istio logo file names.
- Improve underlining behavior for sidebar headers and the RSS feed
Subscribe link.
- Made the RSS feed subscribe link open in a new tab.
- Increase the constract ratio for some elements in dark mode
text blocks (namely, YAML field names)
- Reduce the "brightness" of the light bulb icon which helps it
not pop so much in dark mode.
- Optimize the fonts we load and the order we load them in so as to improve page load time and
reduce the initial render time.
* Sadly, embedding SVGs into the HTML results in duplicate element ids, which is invalid HTML :-(
- Use a new approach to managing icons. This has two primary benefits:
- It makes it possible to color the icons such that they look good in the
dark theme. Previously, the icons were rendered in black on dark grey when
using the dark theme.
- The average payload size for our web pages is reduced and we better use the
browser cache.
- The new icon approach makes it possible to remove our dependency on the fontawesome
package, which further slims down our payload requirement
- Refresh our iconography for a slightly lighter look.
- Remove the extra thick left-hand border of text blocks to lighten the
look.
- Added a "NN minutes to read" indication on top of each page. This is
only displayed if the count is > 1 minute.
- Added a calendar icon next to the blog post date.
- Exposed a bunch of strings that were buried in CSS/JS to translation.
- Add the 'keywords:' front-matter fields to the Hugo archetypes.
* Add docker-for-desktop installation note
A default istio helm install under kubernetes running in docker-for-desktop wasn't working because pilot was reserving too much memory. Added documentation to work around this
* Update index.md
* Create index.md
* Update index.md
* Update index.md
* Update index.md
* Rename content/docs/setup/kubernetes/platform-setup/index.md to content/docs/setup/kubernetes/platform-setup/docker-for-desktop/index.md
* Update index.md
* Update index.md
quoted memory allocation, capitalized Kubernetes
* check the logs of all the telemetry pods
* filter log entries
remove entries sent to pilot, telemetry, policy and unknown destinations
* use kubectl logs -l instead of applying kubectl logs on selected pods
* documentation for RBAC policy permissive mode
* update permissive mode sample for global RBAC config
* address comment
* move permissive section to the top
* add more words for expected user experience
* seperate two senarios to use permissive
1. turn on RBAC 0 -> 1
2. add new policy
* rename rbac->authorization, move to concept page
* address comment
* address comment
- When displaying a "Changes" button, we now display a diff from the previous patch to the current
patch, instead of a diff from the base release to the current patch.
- Properly localize the release note buttons so these can be translated.
* initial version
* add the steps to Generate client and server certificates and keys section
* extend the description of the example
explain about the NGINX service
* add creating namespace, secrets and nginx configuration
* add creating of nginx-configmap
* add deployment of NGINX
* finalize the NGINX config
* move creating client certificates into the section of redeploying Egress gateway
* add instructions for generating and deploying istio-egressgateway.yaml
* update the description
* nginx.example.com -> my-nginx.mesh-external.svc.cluster.local
* change the title and description to mutual TLS to extrnal services
* add mTLS origination and cleanup
* change the port of nginx to 443
* update the output and the log with actual content
* add test NGINX deployment section
* add missing dot in page description
* Nginx -> NGINX
* change dots to semicolons before command blocks
* add volumes to the sleep deployment
* add sending requests to the NGINX server
* renamed the directory: mtls-egress-gateway -> egress-gateway-mtls-origination
* remove redundant whitespaces
* fix dead link (missing leading slash)
* change the name of the port 443 to be https and protocol HTTPS
* add endpoints section to the service entry
* replace internal kubernetes address with nginx.example.com
* change we to you
* expand the introduction to explain using NGINX and nginx.example.com
* remove before you begin section
* use sleep container in the default namespace to test both NGINX and egress gateway
* add port 80 to the ServiceEntry
* remove the second definition of the ServiceEntry
* use resolve option in testing mTLS
* change container name from egressgateway to istio-proxy
* simplify the introduction
* make Egress Gateway lower case
* make the introduction present tense
* replace pushd/popd with cd, since they are not POSIX
* add missing article
* remove cross referencing with regard to generating certificates/keys
* add "namely" to mesh-external namespace
* the NGINX -> the NGINX server
* sleep container -> sleep pod
* rephrase the text about --resolve option of curl
* rephrase the sentence about prompts
When prompted, select `y` for all the questions. ->
Select `y` for all prompts that appear.
* move egress-gateway-mtls-origination into advaanced gateway examples
* fixed links to the advanced gateways examples
- Change how the RSS feed is generated in order to avoid a crashing bug in Hugo when
used in server mode.
- Prevent the OWNERS file from leaking into the generated site.
* add "configuring NAT devices to drop packets that do not originate at the egress gateways"
* add Network Policy section
* make sentences present tense
* remove the labels
* rewrite the additional security considerations section
* Network Policy -> network policy
* add cleanup step for the configuring HTTPS egress gateway section
* a malicious application attacks -> attackers bypass
* egressgateway -> egress gateway
* kube-system DNS service -> the kube-system DNS service
* test-egress namespace -> the test-egress namespace
* no Istio sidecar was attached -> with no Istio sidecar attached
* must succeed -> will succeed
* by first enabling, then redeploy
* Add setup doc for ICP
* Modify the title "Upgrate and Rollback" to "Upgrate or Rollback"
* add diagrams to highlight action
* fix some spelling errors
* use consistent font for UI items and fix some grammatical mistake.
If mTLS is enabled we need an additional instruction in the
DestinationRule object, otherwise we break traffic to httpbin
service.
While on that, also change the Mirroring task note to be the same.
* Fixes: #2136
This is a first take at a table-creating tablegen that categorizes
the output of tablegen.py. Still needed is the actual text that
goes in the description field.
* Address review comments
- Remove the release-specific wording on the main release note page and on the docs page. This
ends up being hard to keep correct and not really useful.
- Add a full_version variable in args.yml which contains the 3 part release version
such as 1.0.1. When we release a new patch, we need to update this number in the current
release branch.
- Apply the full_version variable to the download button on the home page. It will now say "DOWNLOAD 1.0.1".
* Document DNS resolution requirements
Service names must be resolved to IP address in any cluster, regardless of endpoint location.
* document DNS requirements for multi-cluster services
* initial version
* remove deploying sleep, use the sidecar proxy of nginx itself
* add gateway configuration
* add "task" after Securing Gateways
* Secrets -> a Secret
* NGINX -> NGINX server
* add explanation of what the example will do, to the introduction
* add explanations of the output of curl (server's certificate)
* remove redundant empty line
* fix a tag
* fix a bare URL
* remove redundant whitespace
- Correct the use of OpenGraph annotations. I used the wrong attribute name, so the
annotations were never recognized.
- Added support for Twitter cards to our site, improving the experience of referencing
the site from Twitter posts.
- Added support for the twitter: front matter field for use in blog posts. Specifying this
front-matter entry will show the author's twitter address on the blog post, and will
add a Twitter card entry to the page noting the author's address.
- Renamed the page_icon front matter field to just icon to be consistent with other
entries.
- Made it so the subtitle front matter field can be used anywhere, not just on blog posts.
- Added a lint check to ensure subtitles don't end with a period.
- We now insert an "author" metadata entry whenever the attribution: front matter
field is used.
* Delete special chars and turn on HTML checking
- Refer to #2289 and issue #2290
- Delete the special chars in Chinese content
- Turn on HTML checking to highlight problems
* delete the redundant period
- Fixes the bug where not all of our files would get the right lastmod
time extracted from GitHub.
- Fixes most of the cases of bad HTML output around the use of {{<text>}}. There's
still a single bad case which I'll report to the Hugo folks.
- Use Hugo's new --minify option to minify HTML instead of having to use the
separate and slow html-minifier program.
- Fix some bad HTML on the landing page.
* generate certificates in httpbin.example.com directory
* add initial section for ingress for multiple hosts
* add a cleanup step for the directories related to certificates
* fix formatting
* add subsection: Redeploy istio-ingressgateway with the new certificates
* rename httpbin-gateway into mygateway
* add redeployment of Gateway for two hosts
* add -o /dev/null -s -w "%{http_code}\n" to the bookinfo's curl
* fix italics in sending a request to bookinfo
* add verify that httpbin.example.com is accessible as previously
* add -v to curl to bookinfo, show certificates printed
* remove -n istio-system from virtualservice bookinfo
* add Host header to curl requests
* put empty lines around the code blocks
* fix spell checker errors
* Prep for 1.0 release
* Fix typo for 1.0 announcement. (#2081)
* Updated kubect link for IBM Cloud Private. (#2083)
* Fix generated tablegen.py (needs backport) (#2084)
Original table was dreadfully wrong.
(cherry picked from commit b3fa64fa41)
* add a VirtualService for external HTTPS ServiceEntry (#2080)
* add a VirtualService for external HTTPS ServiceEntry
* a VirtualService -> the VirtualService
(cherry picked from commit 9e57d4a5b7)
* egress gateway: use subsets for cnn in destination rules and virtual services (#1942)
* use subsets for cnn in destination rules and virtual services
* remove trailing spaces
* separate virtual services for traffic to and from egress gateway
to egress gateway: TLS match
from egress gateway: TCP match
* put back tls match for HTTPS egress for Istio without Auth
combine defining the Gateway and the VirtualServices
* use ISTIO_MUTUAL with sni in destination rules
* update the log message to print HTTP/2 as the protocol
* make two VirtualServices into one
* remove redundant explanation about SNI setting in a destination rule
* use different virtual service matches for Istio with and without SNI
* fix the case of HTTP traffic for Istio without Auth
(cherry picked from commit 81baa2e939)
* Disable Mesh Expansion page.
(cherry picked from commit dc4da48042)
* Blog fix.
* adding juspay (#2092)
* Update homepage and what is istio page (#2085)
- update the two pages
- make the links point to the Chinese document
(cherry picked from commit 993231abeb)
* Chinese: announcing istio 1.0 (#2088)
(cherry picked from commit 5301d4ea13)
* Move advanced egress tasks to examples, Advanced egress traffic control, release 1.0 (#2093)
* add advanced-egress subsection in Examples
* move egress gateway and egress tls origination tasks into advanced examples
* rename task to example and fix the links
* Tweak the HP blog post a tad.
* Another blog tweak.
* Update index.md (#2096)
Removing VM support until it's fixed
(cherry picked from commit c2e529212b)
* Make the site work when it's published to a subdirectory (for the archive) (#2095)
(cherry picked from commit 137e1d13f4)
* Change "Testing mutual TLS" tutorial to "Mutual TLS deep dive" (#1972)
(cherry picked from commit 0662e413f1)
* fix kubectl output (#2100)
fixes https://github.com/istio/istio.github.io/issues/2066
(cherry picked from commit 2a852d1408)
* Another blog tweak.
* Add section to tracing task to cover sampling. (#2097)
* Add section to tracing task to cover sampling.
* Lint fix
* Review comments.
* Review comments.
* Review comments.
* Add documentation for redisquota adapter in rate limiting doc (#2098)
* fix multicluster doc issues. (#2104)
* remove unnecessary gateway spec (#2091)
* Clarify and correct distributed tracing task (#2115)
* Cherry-pick latest changes from master (#2118)
* Translate fix zh links (#2105)
* zh: all linkes without '#' had been replaced
* translate: rewrite links to zh version if it exists.
(cherry picked from commit c4daa73dee)
* Translate Istio 1.0 canary into Chinese (#2110)
(cherry picked from commit 4d6eec754c)
* Fix typo in "Delayering Istio" blog post (#2102)
(cherry picked from commit 6bdb4605f4)
* Minikube settings (#2082)
(cherry picked from commit 9f6ebe9eeb)
* Fix single word in command (#2112)
It returned this:
```
kubectl get svc istio-ingress -n istio-system
Error from server (NotFound): services "istio-ingress" not found
```
Now it works correctly
(cherry picked from commit 2bbe9eef03)
* add initial galley intro to "what is istio" concept page (#2113)
(cherry picked from commit 2db7f5648d)
* make cmd/result match (#2117)
* make cmd/result match
* address comment
* Add Rigs to the English content owners file. (#2119)
(cherry picked from commit bd577696bf)
* Cherry-picks from master (#2122)
* Add Istio security vulnerabilities disclosure and handling page (#2114)
(cherry picked from commit dfee9b8ec0)
* Fix an error in faq page (#2120)
(cherry picked from commit d3c04a5ba7)
* More work to fix use of the site in a subdirectory. (#2123) (#2124)
(cherry picked from commit 5bd9c0f0bd)
* Cherry-pick latest changes from master (#2128)
* Add a couple entries to our prefered vocab list.
(cherry picked from commit 2cbe43aea7)
* Translate attribute-vocabulary (#2101)
* translate attribute-vocabulary
* fix Chinese link
* fix Chinese style & translate table header
(cherry picked from commit 056bf27879)
* fix the virtual-services fault injection error in the YAML (#2109)
fix the virtual-services fault injection error in the YAML
(cherry picked from commit 453012d3ab)
* Add an item to check whether mTLS is enabled for a service (#2062)
(cherry picked from commit 384f6cd8be)
* Chinese content was aliasing English content. (#2126)
Page aliases are intended to redirect users from a page old's location to a new location.
As it was, the Chinese content pages were redirect old English locations to Chinese, which
made Chinese show up on English systems that were using the old links.
(cherry picked from commit c86d357f2e)
* Fix formatting glitch in a few glossary entries.
(cherry picked from commit a6420a4475)
* Cherry pick latest changes from master (#2138)
* Translate into Chinese: docs/examples/multicluster/icp/index.md (#2129)
* Translate into Chinese: docs/examples/multicluster/icp/index.md
* fix link anchor
(cherry picked from commit eca46893fe)
* Add an icon for the security vulnerabilities page (#2132)
(cherry picked from commit 11ce2b3924)
* Fix security concept figure captions etc. (#2087)
(cherry picked from commit f83bb8ada0)
* Translate into Chinese: blog/2018/aws-nlb/index.md (#2130)
(cherry picked from commit 9e77fa4cd0)
* Translate: all keywords in front matters (#2135)
* Translate: all keywords
* fixed typo
* remvoed from terms: vm, config->configuration
(cherry picked from commit 02392ff87e)
* Initial checkin of the setup ops guide. (#2078) (#2139)
(cherry picked from commit 3b529341a1)
* Document DestinationRule mTLS conflict (#2131)
* Document TLS conflict in DRs
* spelling errors
* lint errors
* tweak title
* tweak title
* address review comments
* Cherry-pick latest changes from master (#2143)
* Add twitch livestream blog post (#2140)
This is for the all-day istio livestream on August 17th.
(cherry picked from commit 41d3caa211)
* Make the big boxes on the home page clickable.
(cherry picked from commit 387e54c299)
* Cherry-pick latest changes from master. (#2159)
* Fix broken Mixer Adapter Dev Guide links (#2144)
Signed-off-by: Venil Noronha <veniln@vmware.com>
(cherry picked from commit 5342ab2a80)
* Fix some more stale wiki links. (#2145)
(cherry picked from commit b641486002)
* translate tasks/traffic-management/egress-gateway to Chinese (#2146)
* translate tasks/traffic-management/egress-gateway to Chinese
* 修改内部链接路径
* 去掉空格
* 删除空格
(cherry picked from commit 75baef98ec)
* Improve linting (#2148)
- We now detect text blocks that are incorrectly indented.
- We now detect image captions that end in a period.
- We now detect page descriptions that don't end in a period.
- CircleCi now runs linting without minifying HTML first, improving perf and
improving error output.
- In CircleCi, we now have a per-build cache for HTML proofer output. This
helps reduce the frequency of link timeout errors.
- Fix errors flagged by the above new lint checks.
(cherry picked from commit fd290dc73e)
* translate:setup-kubernetes-requirments (#2147)
(cherry picked from commit 0d98eee9c4)
* Translate into Chinese: blog/2017/0.2-announcement/index.md (#2150)
(cherry picked from commit a34cfc063d)
* Translate into Chinese: content/blog/2018/aws-nlb/index.md Sync/Update (#2153)
* Translate into Chinese: blog/2017/0.2-announcement/index.md
* Update index.md
* Update _index.md
(cherry picked from commit 4ee8e44cb6)
* re translate /zh/blog/2018/egress-tcp/ page (#2151)
* re translate /zh/blog/2018/egress-tcp/, for changes of content/blog/2018/egress-tcp/index.md file between commit fd290dc73e and 82eb2c21a3
* fix unaviable link (#2151)
(cherry picked from commit 0b313e373b)
* Flip conditional polarity to remove useless work when linting.
(cherry picked from commit 4424563918)
* Enable extra lint stuff (#2158)
(cherry picked from commit 0b2ea1d38e)
* Fix indent, given new linting rules.
- We now detect text blocks that are incorrectly indented.
- We now detect image captions that end in a period.
- We now detect page descriptions that don't end in a period.
- CircleCi now runs linting without minifying HTML first, improving perf and
improving error output.
- In CircleCi, we now have a per-build cache for HTML proofer output. This
helps reduce the frequency of link timeout errors.
- Fix errors flagged by the above new lint checks.
It returned this:
```
kubectl get svc istio-ingress -n istio-system
Error from server (NotFound): services "istio-ingress" not found
```
Now it works correctly
* add Advanced Egress Control section in Examples
* move egress gateway and egress tls origination tasks to advanced egress examples
* fix the links and replace task with example
* use subsets for cnn in destination rules and virtual services
* remove trailing spaces
* separate virtual services for traffic to and from egress gateway
to egress gateway: TLS match
from egress gateway: TCP match
* put back tls match for HTTPS egress for Istio without Auth
combine defining the Gateway and the VirtualServices
* use ISTIO_MUTUAL with sni in destination rules
* update the log message to print HTTP/2 as the protocol
* make two VirtualServices into one
* remove redundant explanation about SNI setting in a destination rule
* use different virtual service matches for Istio with and without SNI
* fix the case of HTTP traffic for Istio without Auth
As well as their default value. I will work more on the python
generation tool this evening after dinner and push an update, but
it makes alot of sense to just merge this as is assuming it renders
properly.
This change migrates some of the
traffic-management FAQ and all of the network
related misc (previously troubleshooting)
content to the traffic-management ops guide
Remove a bunch of entries that shouldn't have been in the spelling dictionary
and correct content aoocrdingly.
I'm disabling the Chinese spell checking for now, since I'm not able to fix the
spelling errors that emerged there. Once this PR is in, I'll file an issue to get
those spelling errors addressed and checking reenabled.
* Add GKE Istio multicluster deployment example
* Fix first round of review comments
* Followup review comments and make downloadable yaml block
* Reorg dir to gke specific subdir
* use kubectl consistently throughout for Istio API resource C.R.U.D operations
xref: https://github.com/istio/istio.github.io/issues/1843
* fix typo
* review comments
* remove unnecessary instructions to use `replace` instead of `create`
* fix linter in `zh` content
- Increase the size of the Copy button in preformatted blocks to make it stand out since it is the
most common used button.
- Shift the copy/download/print buttons in PRE blocks towards the left so they don't overlap the
scroll bar in large text blocks.
- Switch to new fonts.
- Instead of underlining <H2> headers, we now draw a blue bar above them.
- Add an "up level" button at the top of pages.
- Streamline the appearance of the next/previous page links at the bottom of most pages.
- Remove the right pointing arrows from index pages and see also sections. They were just
confusing.
- Add icons to the main pages.
- Slightly change the layout of the glossary page, more to come here.
* Clean up of the platform section
This cleans up the platform section into its own subdirectory.
I am not all that happy about how "see-also" works, but maybe that
is how it is meant to work, or alternatively I'm doing it wrong :)
* Apply reviewer comments and add the index file
_index.md was missing from prior commit accidentally.
Removed all "Platform setup for" text in all platform docs.
* Apply reviewer comments
Some wordsmithing.
weight = 3 is intentional to fit alphabet. Assuming nobody
will require ASCIIbetical.
* Fix US English lint errors
* Revert the Chinese translation of the platforms PR
The Chinese language version needs to be ported. This PR
was merged manually which probably has broken the gate.
* Fixed:
Broken link to the old platform-setup document.
code block in openshift setup.
* fixed: md005
recovered: code block for openshift.
Unexpected end tag : p (line 12)
* Edit Security section for clarity.
The edit includes:
* Rewrite of every passive voice instance.
* Consistent use markup to reference code from the examples in the text.
* Added emphasis to make key concepts clearer.
* Added links to the Identity section of the docs.
* un-split command lines
* split long text lines
* CA -> Citadel
* update the first paragraph, "you-language" and Service Entries instead of Egress Rules
* fix the subtitle: Egress Rules -> Mesh-external Service Entries
* ServiceEntry -> Service Entry
* add a note that the blog was updated
* Istio 0.3+ -> Istio 0.8+
* changed we/I-language into you-language
* remove mentioning HTTPS as a motivation for TCP egress control
HTTPS is handled now separately by TLS egress control
* replace route/egress rules by virtual services/service entries
* add using MYSQL_DB_HOST and MYSQL_DB_PORT environment variables
* put 1 into backticks
* add an output from the update table command
* instruct the users to apply the default destination rules
* do not use kube-inject in the commands
* add a reminder for users to make sure they applied the default destination rules
* use istioctl replace, update the output
* use bash-inlined service entry with bash variables
* specify a single IP address as a CIDR block with suffix 32
* update the output of deleting the virtual services
* remove kube-inject from deleting a deployment
* instruct the user how to set MYSQL_DB_IP for a local database
* change the update date to 23 of July
* I demonstrate you -> I demonstrate
* add a comma before respectively
* releasearchive -> release archive
* TLS -> HTTPS
* egress rule -> service entry
* remove a redundant empty line
* put the configuration item's path in backticks
* remove future work
* remove "Note:", remove the sentence of the old API to be removed
* data, outside -> data outside
* initial version of Egress Gateway for 1.0
* use HTTPS protocol for the egress gateway ports
* change troubleshouting section regarding mutual TLS
just direct users to read the mutual TLS page regarding troubleshooting
* add egressgateway to .spelling
* remove "let's" prevent the "we language"
* fix lint errors
* rename Cleanup section names to more detailed names, to prevent lint errors
* add a section about directing HTTPS traffic thru egress gateway
* remove istio-system namespace from the HTTPS-related artifacts
* add a section for mutual TLS over HTTPS
* disable mTLS on Istio with mTLS between a sidecar and the egress gateway
* use * as a host in the gateway's definition
* clarify the fact that in HTTPS the original traffic is already encrypted
* use mTLS between sidecar and egress gateway
* use explicit host in gateways instead of *
* add subjectAltNames to the upstream of the sidecar proxy
* unite creating a gateway for mTLS and a destination to set SNI
* add a missing dot
* add destination rule for setting SNI for mTLS to all cases
* add deleting the destination rule for mTLS
* split a long line
* Rewrite the steps to create a service entry in a separate step
* use port 80 in the destionation rule for direct HTTP traffic without TLS origination
* remove redundant ServiceEntry definition
* mention DestinationRule for TLS origination
* rename port tls to tls-cnn
for future definition of multiple servers on the same port
* describe getting Envoy's stastics of istio-egressgateway
Update "Collecting Metrics and Logs" task with new source and destination attributes
Updated based on reviews and added tcp metrics changes too
Update Prometheus Task
Update Using-Istio-Dashboard task
Updated fluentd and servicegraph tasks.
Also update distributed tracing and using-istio-dashboards tasks based
on feedback
Add new picture for servicegraph and indent using-istio-dashboard again
Fixed Linting Errors
Updating based on review
Updating based on review
Adding destination-rule-all-mtls for tcp metrics routing too
Add explanation for Inbound Workloads and Outbound Services for Workload Dashboards
* Update authentication concept doc.
* Fix lint errors.
* Address comments and fixed some links.
* Remove feature stages change from this PR.
I will make a separate PR for it.
* Chinese community translation and fix a markdown error
- Translate community page into Chinese
- Fix https overlay markdown style check error
* fix CI errors
- update Quick Start with Kubernetes
- update Prerequisites and Installation steps
- fix some broken links
* Multicluster: add details on enabling mTLS for control plane and app pods
- describes deployment steps and includes an example deployment with commands
* fix review comments on wording
* Extract platform prerequisites
* Reorg
* Remove the inner pages from the menu
* Conform to the site directory structure
* Fix the link wording to match the title of the link and the uppercase
* Fix lint errors
* more lint errors
* add envoy version info into troubleshooting guide
* add envoy version info into troubleshooting guide
* add envoy version info into troubleshooting guide
Remove warning that prior to Istio 0.8 Helm was unstable.
Since we are on 1.0, and can expect people to upgrade from 0.8,
this warning doesn't seem relevant.
Also, Helm upgrade from 0.8 to 1.0 has been validated. Also
remove that warning.
* Edit Kubernetes Quick Start for clarity.
This edit includes among other changes:
* Consistent use of markup, line length, and command formatting.
* Grammar, spelling, and other language fixes.
* Use of ordered lists for steps.
* New clear headings for installation options.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix linter issues on Kubernetes QS edit.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix indentation to fix ordered lists.
Trying to figure out the space in links issue. So far it looks like a false
positive.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix links and code blocs for lint.
Signed-off-by: rcaballeromx <grca@google.com>
* Remove in-line markup from links.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix code-block indentation and spelling lint.
Signed-off-by: rcaballeromx <grca@google.com>
* Rewrote link text to avoid spelling lint.
Signed-off-by: rcaballeromx <grca@google.com>
* Update index.md
* Delete "basic access control" and "secure access control" pages.
These pages were there before Istio RBAC was introduced. We should
remove them now to avoid confusion.
* Added aliases for deleted pages.
Istio intends to lead with automatic sidecar injection and
as such, there is no good rationale to document how to turn
sidecar injection off. Still, as a followon PR, it may make
sense to document 5-7 different customization scenarios.
ingress v1 is gone - no sense describing it here.
* add ./ to the script to generate certificates
* add a step to verify the subject of the ingress gateway certificate
* add a step to verify the subject of the CA certificate
put the mutual TLS troubleshooting into a separate subsection
* fix the level of the mutual TLS troubleshooting
* remove redundant empty lines
* verify the subject is correct -> verify that the subject is correct
* another case: verify the subject is correct -> verify that the subject is correct
According to https://cloud.google.com/kubernetes-engine/release-notes#june-28-2018, 1.10.4-gke.0 is no longer available but 1.10.5-gke.0 now is.
With the old version I get:
```
$ gcloud container clusters create quickstart --cluster-version=1.10.4-gke.0 --zone us-east1-b --project jblatt-test
ERROR: (gcloud.container.clusters.create) ResponseError: code=400, message=master version "1.10.4-gke.0" is unsupported.
```
* Update multicluster doc with latest helm chart changes
Update the procedure
- new helm var names
- remove service account creation
- reorder sections to correct procedural order
- auto v. manual sidecar inject info
* Edit the What is Istio file for clarity.
This edit includes:
* The rewrite of all instances of passive voice
* The simplification of complex sentence structures
* The splitting of run-on-sentences
* The disambiguation of relative pronouns
* The removal of conjunctives such as should, could, and would
* The replacement of long series with lists
* The improvement of punctuation
* The addition of emphatic markup including links
The purpose behind the edits is to improve content flow and allow easier
consumption for international audiences. The simpler structures will also have a
positive impact in the translation.
* Consolidate the security concept pages into a single page.
- This updates the security concept material to be on a single page, which matches the
change done last week for the rest of the concept material. This ends up being a less clicky
more directed introduction for newcomers to the platform.
- While I was there, I moved the redundant What is Istio page from our about section and stuck
the content at the top of the What is Istio page in the Concepts section.
As part of the effort to streamline our content, this consolidates the many small
perf-and-scalability pages into a single concept page. This change is similar to what
we've done to the other concept pages.
* Edit Collaboration Guide to include forking info.
Made a light editorial pass including adding additional information regarding
how to create a fork. I also ensured the content wrapped at an 80 character
length. Ideally, I would like to reference the standard GitHub flow instead of
maintaining the process here.
* Revert "Add download & print buttons to all PRE blocks. (#1680)"
This reverts commit 512fdb5b61.
* Revert "Remove link annotations from command paths (#1690)"
This reverts commit 26113b3b5b.
* Revert "503 and Gateway troubleshooting (#1642)"
This reverts commit 3314115d65.
- Add <github_file> <github_blob> and <github_tree> to make it simpler to link to the right
place on GitHub.
- Use these new sequences throughout the docs.
- Also, fix bad HTML generated for the TOC in certain cirsumstances.
- Fix extra blank line inserted at the bottom of indented code blocks.
- Remove What's next sections since we now have auto-generated See also sections
- Fix a few incorrectly capitalized headers, "istio", "kubernetes", "sidecar"
* Update authn policy tasks with global policy.
This is cloned from Diem's PR
https://github.com/istio/istio.github.io/pull/1600.
* Add section to use mesh-wide policy to enable mTLS globally.
* Update examples to follow naming restriction.
* Fix linter errors.
* Additional lint fix.
- Workaround the fact some of the styles for code blocks were being overriden by
Bootstrap.
- Align table indent and code indent so things look nicer.
- Fix missing "sidebar button" when on mobile in the help and about sections. I forgot to set a
variable to trigger the thing to be present in those cases.
- Improve footer layout for mobile.
- Get a nicer looking light bulb icon.
- Add the {{< text >}} shortcode as a way to declare code blocks. This shortcode
is intended to hide the subtleties around code blocks. More specifically, it
provides a transparent workaround for the Hugo bug around converting indented
code blocks with lines starting with dashes. It also deals with the special
formatting case we have around command-lines that start with `cat <<EOF`.
- Rename the {{< file_content >}} shortcode to {{< text_file >}} and the
{{< fetch_content >}} shortcode to {{< text_dynamic >}} for consistency in naming.
Accordingly with the kubectl help documentation for the logs
command, the container name is a flag and not an argument:
`
Usage:
kubectl logs [-f] [-p] (POD | TYPE/NAME) [-c CONTAINER] [options]
`
The use of an argument instead of a flag is to keep compatible
with legacy systems, but it is not recommended as it can be removed
at any time.
* Minikube 0.28.0 (latest) has deprecated localkube
Fixes: https://github.com/istio/istio/issues/6463
Instead use kubeadm (the default). Also explain how to select
the chosen VM driver. Finally expand the memory from 2gb to 4gb
so that bookinfo can start without an OOM.
* Add note about using a system without LoadBalancer
Some platforms such as minikube do not support LoadBalancers. For
these platforms, document how to install Istio with NodePort rather
than LoadBalancer.
- You can now use {{< file_content >}} to pull in files from the doc repo
into generated documentation. If you include the `snippet` attribute, you can
pull in only pieces of the file instead. This makes it possible to annotate
scripts and yaml files and extract those annotated bits and pieces into the
docs. This should let us have fully tested examples which are then incorporated
into the docs
- The previous {{< file_content >}} feature that lets you dynamically pull
content from a URL has been renamed to {{< fetch_content >}} instead.
* remove egress TCP task
the example can be implemented by HTTPS Service Entries
* remove a reference to Egress TCP Task in Egress TCP blog
* replace a reference to the Egress TCP task by the Egress TCP blog post
in About -> Feature Status -> Istio features/Traffic management
* add an alias from the removed task to Egress/TCP blog post
* updated attributes
Signed-off-by: Kuat Yessenov <kuat@google.com>
* over zealous linter
Signed-off-by: Kuat Yessenov <kuat@google.com>
* add a note about source name
Signed-off-by: Kuat Yessenov <kuat@google.com>
* typos
Signed-off-by: Kuat Yessenov <kuat@google.com>
* mention that original names will be gone
Signed-off-by: Kuat Yessenov <kuat@google.com>
Pod name is `istio-ingressgateway-...` so grep command should be
adjusted to match anything. Printing variable to provide way to check if
anything was matched.
* Update remote cluster RBAC instructions for kubernetes multicluster setup
Added detailed instructions for creating a service-account with RBAC
role for each remote cluster with the minimum access required for
the istio control plane.
Fixes#1477
* Update for installations with mTLS auth enabled
The docs do not provide reference to installations with mTLS auth enabled. If mTLS auth is enabled and the user goes through the instructions, they will encounter `upstream connect error or disconnect/reset before headers` when the DestinationRule is applied.
istio/issues#375 (comment) helped lead to the resolution.
- Move common stuff for the landing page and search page from the content to the
layout such that the stuff only exists once instead of being cut & pasted into
each translation.
- Fixed the Chinese search page so it works and displays correctly.
- Correctly set the "lang" attribute on the <html> element to
reflect the correct language instead of being hardcoded to "en".
* add egress-tls-origination task
* add cnn.com, edition.cnn.com an "programmatically" to .spelling
* lint fixes
* remove a page alias
* add What's next section
* HTTP2 -> HTTP in port definition
* put the output of commands as part of the "command" block
* rewrote the cleaning after HTTP ServiceEntry without TLS origination
* clarify the configuration items for TLS origination
* when talking to edition.cnn.com -> when accessing edition.cnn.com
* wild card -> wildcard
* an Service Entry -> a Service Entry
* use curl -s -o /dev/null -D - instead of curl -I
* Perform TLS Origination for Egress Traffic -> TLS Origination for Egress Traffic
- We now automatically generate a See Also section on pages when possible.
The links are determined by a reverse index based on the keywords
assigned to each page in its front-matter.
- Do a pass to assign keywords to all our pages to populate the See Also
links.
- Leverage the keywords in the front-matter to generate a keyword metadata entry for each
generated page.
- Within a code block, you can now surround a relative file path with @@. This will
cause the path to be rendered as a link to raw.githubusercontent.com/istio/istio/<path>.
This lets the user click on the link to see the content of the file, which is mighty
handy.
- Updated all code blocks to take advantage of the above.
- Introduce support for {{< branch_name >}} which returns the source code branch
name associated with the current doc site.
- Use {{< branch_name >}} in all our references to content in istio/istio on GitHub. This thus
pins our references to the correct version of the content in GitHub. This prevents errors from
gradually appearing in our doc set as content in GitHub starts to diverge from the expectation
in the site content.
(cherry picked from commit 1dcd301)
- Within a code block, you can now surround a relative file path with @@. This will
cause the path to be rendered as a link to raw.githubusercontent.com/istio/istio/<path>.
This lets the user click on the link to see the content of the file, which is mighty
handy.
- Updated all code blocks to take advantage of the above.
- Introduce support for {{< branch_name >}} which returns the source code branch
name associated with the current doc site.
- Use {{< branch_name >}} in all our references to content in istio/istio on GitHub. This thus
pins our references to the correct version of the content in GitHub. This prevents errors from
gradually appearing in our doc set as content in GitHub starts to diverge from the expectation
in the site content.
There is no admissionregistration.k8s.io/v2beta2 API, so fix it.
Signed-off-by: Guihua Zhu <z.zhuguihua@gmail.com>
Signed-off-by: Guihua Zhu <zhuguihua@cmss.chinamobile.com>
(cherry picked from commit d05c7aa)
There is no admissionregistration.k8s.io/v2beta2 API, so fix it.
Signed-off-by: Guihua Zhu <z.zhuguihua@gmail.com>
Signed-off-by: Guihua Zhu <zhuguihua@cmss.chinamobile.com>
* Some cleanup for mesh expansion.
1) Added an example ILB
2) Port 27017 is not needed.
* Fix typo.
* Address linsun's comments.
* Ignore Keepalived spell check.
(cherry picked from commit 054306e)
* Some cleanup for mesh expansion.
1) Added an example ILB
2) Port 27017 is not needed.
* Fix typo.
* Address linsun's comments.
* Ignore Keepalived spell check.
instead of 0.6
```bash
sed -e 's/https:\/\/archive.istio.io\/v0.6\/docs\/tasks\//https:\/\/archive.istio.io\/v0.7\/docs\/tasks\/traffic-management\//g' *.md
```
* add data plane update step
* small typo
* fix spelling
* delete not needed space
* another typo
* more lint fix
* Do an editing pass.
(cherry picked from commit f712e61)
* Add SNI support in release notes for 0.8
* Add SNI support in release notes for 0.8
* Add SNI support in release notes for 0.8
* Removed TBD.
* envoy apis
* Experiment with page bundles to fix image location issues.
(cherry picked from commit 6da31e2)
* Turn image URls into absolute references so they work consistently with page URLS with or without a trailing /
(cherry picked from commit da42e92)
* Add FAQ section regarding naming port convention (#1393)
(cherry picked from commit 1811057)
* Another experiment for image links.
(cherry picked from commit 61a4a6a)
* Fix the table format in expression-language.md (#1396)
Add `|` to make the table correct and use `\` to escape the `|` character inside the table. Not sure if this is the right way to fix but the preview page looks good.
(cherry picked from commit e45ae98)
* Really fix formatting of expression table.
(cherry picked from commit abb4b52)
* Add svc to the spelling table.
(cherry picked from commit 525c626)
Add `|` to make the table correct and use `\` to escape the `|` character inside the table. Not sure if this is the right way to fix but the preview page looks good.
* Switch master to 1.0 work
* format change only on quick start install section (#1387)
* format change only
* add space
* fix lint error
* ensure list is consistent with being disaplayed
* address Martin's comment
* hope to make lint happy
* another lint attempt
* fix lint error
* lint fix hope it works
* can't pass rule 36
https://github.com/DavidAnson/markdownlint/blob/master/doc/Rules.md#md036---emphasis-used-instead-of-a-heading
change to use italic for emphasis.
* remove quickly and another attempt for lint
* remove istio-policy as a service
as it is not a service, only istio-telemtry is.
* add istio-policy
* remove emphasize on OR
to pass the rule 36 test
* merge 1387 for 0.8 branch
* undo this change
* undo change
* format change only
* add space
* fix lint error
* ensure list is consistent with being disaplayed
* address Martin's comment
* hope to make lint happy
* another lint attempt
* fix lint error
* lint fix hope it works
* can't pass rule 36
https://github.com/DavidAnson/markdownlint/blob/master/doc/Rules.md#md036---emphasis-used-instead-of-a-heading
change to use italic for emphasis.
* remove quickly and another attempt for lint
* remove istio-policy as a service
as it is not a service, only istio-telemtry is.
* add istio-policy
* remove emphasize on OR
to pass the rule 36 test
* update ratelimit docs to include QuotaSpec and QuotaSpecBinding
* fix rebase issues
* add inline yaml and fix destination wording
* fix missing '
* Update syntax for Hugo
* Fix spacing and punctuation
* Fix spelling
* [wip] layout for perf and scalability section
* Some actual content for fortio including embedding result example + scalability page
* iframe border 0
* Minor typos fixed
Still need more content
* Still wip, moved out of concepts
* Still wip; some content and update
* Review feedback from daneyon
* Updates order->weight
Looks like the ordering now is called weight
* Added @ozevren provided section for ubench
and removed latin in other sections too with some early content/pointers
* Remove draft:true so preview shows the page
Even though the content is incomplete
* Add more links and data
* More explanation
* Showcase some more features
* Set ymax and ylog for first histogram
* Making spell check happy
Hopefully, as I can’t seem to run mdspell locally
* Further spell checks
* Adding diagram
* Use BluePerf consistently
* Linters...
* Adding preliminary sizing information
* Spelling/grammar
* Adding latency summary
(Feedback from Louis)
* Rephrase goal and highlight the features you get for cpu cost
* Update scalability page title to include sizing guide
Even if it’s “light” for now
* Move to new location
* Updates for hugo
* Somehow _site was removed from gitignore... fixing
* More merge/gitignore issues
* Put micro benchmark first/before scenarios
and more Hugo removals
* Remove "here" as anchor
Cc @ozevren / from
http://preliminary.istio.io/about/contribute/style-guide/#create-useful-
links
* Make spellchecker happy (Github->GitHub)
* Adding more information about logging on/off and mTLS results
* Review comments
* Switch to approx 10ms
* Hoping to solve linter/spelling
- Remove some leftover toc:false front matter from a few pages. The site now generally
figures out automatically that a TOC is not necessary.
- Enable a Hugo feature that queries Git for a last modified date on files. As a result,
instead of having the site build date in the footer, we now have a "this page was last modified"
date.
- Move the landing page's content out of the layouts directory and into the content directory
where it belongs.
- Use Hugo shortcodes for our embedded icon imagery. And make those icons scale with the
font size rather than being fixed sizes.
- Enable support for emojis in our content. Just use ⛵
and you'll get a sailboat for example.
Frank Budinsky
Jonh Wendell
Venil Noronha
Yangmin Zhu
Lin Sun
Martin Taillefer
lei-tang
mtail
AdamDang
Oliver Liu
sshucker
Dmitri Dolguikh
Steven Dake
Medya Gh
Vadim Eisenberg
Quanjie Lin
Guihua Zhu
Guang Ya Liu
lichuqiang
DreamRivulet
Fei Xu
Vincent
oreasono
Rachael Graham
Brian Marshall
Matthieu Maquevice
flydragon
skeeey
Jimmy Song
Julien Senon
Patrick Auld
Laurent Demailly
Bryant Luk
Damon Wang
cmluciano
Linus Lee
Tiago M. Vieira
Pengyuan Bian
Etai Lev Ran
Vladimir Rutsky
stevemcghee
Spencer Krum
Upkar Lidder
kahou82
Tao Li
Christoph Held
Zack Butcher
Pahlevi Fikri Auliya
Iris
Martin Ostrowski
Shunsuke Miyoshi
John Mazzitelli
imgbot[bot]
Xi Ning Wang
Jason Young
facundomedica
Andra Cismaru
Dinesh Subhraveti
Diem Vu
jasmine-jaksic
Tim Swanson
john-a-joyce
Shriram Rajagopalan
mandarjog
Limin Wang
KeZhang
Dan Ciruli
Fu Xu
Brian Avery
Gregory Hanson
Yossi Mesika
LillyWu
Rigs Caballero
duderino
Kent Rancourt
Stefan Büringer
Matthew Wringe
Tyler Berry
gargnupur
David Tesar
Douglas Reid
Georgios Andrianakis
Spike Curtis
Rocky Shang
Axel Siebenborn
Sven Mawson
Daneyon Hansen
Will Witman
jnativio
navinger
Stephen Gilson
Ozben Evren
Jianfei Hu
Liam White
Isaiah Snell-Feikema
Gary Brown
Kuat
danielmenezesbr
Arshdeep Singh Chimni
Lee Calcote
craigbox
Miguel Angel Medina Mondragon
Bruno
Cesar Botti
Tomáš Kukrál
Morven Cao
Thijs Feryn
Kent Hua
Henrik Carlioth
salrashid123
Christian Alexander
Louis Ryan
Hong Zhiguo
Mukundha Madhavan
olegchorny
Costin Manolache