* update chart requirements
adding `helm dep up` which is required for the install to succeed
* note about relative refs
* remove redundant space
* grammer and passive voice
Co-Authored-By: itaysk <itay@itaysk.com>
* helm repo add
* documentation for end-user authencation on ingress-gateway (#2243)
* documentation for end-user authencation on ingress-gateway
* address comments
* address comments
* address comment
* Move end user authentication on Ingress section to securtity.
* Minor text change.
* Revert edit in traffic management doc.
* Remove Ingress example. Replace it with a single sentence.
* Addressed comment.
* This removes the canned credentials in the instructions. So a user can't just copy-n-paste the instructions and always get the same credentials - they have to enter their own username and passphrase.
* remove reference to the helm readme
* use text-bash
* changes as per review
* need the -n option to echo to correctly base64 encode the creds
This adds a new Task under the Traffic Management module for showcasing
Istio's Weighted TCP Routing feature.
Signed-off-by: Venil Noronha <veniln@vmware.com>
* Edit and clean the multicluster installation.
Performed a major edit to enhance the clarity and accuracy of the content.
The edits include:
* Consistency and quality-of-content improvements including expanding
abbreviations on first use, adding or modifying markup for emphasis, and
adding lists.
* Grammar and spelling fixes including fixing passive voice and missing
articles.
* Content structure improvements to improve the readability and flow of the
content.
* Introduced heading tags to make identifying cross-references easier to
identify and maintain.
Signed-off-by: rcaballeromx <grca@google.com>
* Address typos
Signed-off-by: rcaballeromx <grca@google.com>
* Fix broken links with IDs.
Signed-off-by: rcaballeromx <grca@google.com>
* Implemented tabs for procedural options.
Alongside the tabs implementation, a warning and a note were added based on
comments.
* add initial sceleton of the wildcard https egress gateway blog post
* fixed the links and bare URLs
* add missing 'the'
* complete the Background section
* add before you begin and cleanup sections
* add initial configuration items and their cleanup
* add SNI with placeholder
* assume Istio with mutual TLS
* use two virtual services for the egress traffic
required due to https://github.com/istio/istio/issues/7361
* add wikipedia subset to the VirtualService
* add a step to check Envoy's statistics
* move the blog post to tasks
* convert blog post to task
fix weight, remove attribution and publish date, replace "blog post" with "task" in text
* change the title of the section for configuring the HTTPS traffic
* route the traffic from the gateway to www.wikipedia.org
* add a motivation for an additional forward proxy
* add instructions for deploying a new egress gateway
* add a config map for Nginx configuration
* escape $ signs in nginx config
* add empty events section to the nginx config
* create nginx config map in istio-system, use nginx.conf key
* add instructions to add nginx container to an egress gateway
* add directing the traffic in egress gateway to localhost
* replace istioctl by kubectl
* add missing apiVersion fields
* unite two virtual services into one
* use ISTIO_MUTUAL instead of MUTUAL
* move wildcard egress task to the advanced egress examples
* fix links and rename task to example
* run the SNI proxy on port 8443
* use full url of the sni-proxy and port 8443
* use ServiceEntry with static IP endpoint 127.0.0.1 for sni-proxy.local
* drop nginx prefix from sni-proxy items
* add a destination rule to disable mTLS to sni-proxy
* fix the logs of the Istio proxy and the SNI proxy
* remove deleting the SNI proxy
* make the name of the SNI proxy's ServiceEntry name to be sni-proxy
* unite the editing steps of the egress gateway with SNI proxy into one step with substeps
* restructure creating/deleting configuration items for egress gateway with SNI proxy
* clarify the virtual rule for egress gateway with SNI proxy
* add wildcarded to .spelling
https://en.wiktionary.org/wiki/wildcarded
* add "hostnames" to .spelling
* put localhost in backticks
* add 127.0.0.1 and localhost in parentheses
* mTLS -> mutual TLS
* add wikipedia to .spelling
* put *.com and *.org and * in backticks
* remove redundant empty line
* add using helm template configVolumes and additionalContainers
* add an explanation about Nginx
* move creating nginx configuration before creating egressgateway with sni proxy deployment
* add a comment about manual editing of the deployment yaml before Istio 1.1
* add a step for verifying that the sni proxy runs
* Configure Egress Gateway -> Configure an Egress Gateway
* we -> you
* remove double "mutual"
* add semicolon, "and", "also" to a sentence about multiple configuration items
* remove redundant the
* This could not always be the case -> However, this may not...
* IP -> IP address
* split the explanation about the requirement for SNI proxy into two paragraphs
* add a link to Envoy proxy
* IP -> IP address, host -> hosts
* split the motivation for the SNI proxy into one more paragraph
* remove two redundant commas
* requests to -> requests sent to
* request -> requests
* Let's reconfigure -> In this section you will configure
* arbitrary -> arbitrary, not preconfigured
* for that functionality -> to achieve that functionality
* split long lines
* add explanation about the port to listen and port to forward for the SNI proxy
* add an explanation about the Nginx configuration
* fix the name of the config map volume, add a link to Config Map Volume kubernetes description
* sent to, destined to -> destined for
* gateway's proxy -> gateway's Envoy proxy
* the counter for the SNI proxy -> the counter for traffic to the SNI proxy
* replace the cleanup section with a reference to the Egress Gateway's cleanup section
* add setting istio.globalNamespace option
* fix a typo in the name parameter of helm template
* add cpu.targetAverageUtilization to the egressgateway deployment
* remove the part: for Istio before 1.1
* rename the egressgateway proxy to be "istio-proxy"
* add printing mixer log
* in cleanup rename nginx-sni-proxy-config to sni-proxy-config
* split a long line
* add configuration for traffic without mTLS
* set-sni-for-egress-gateway -> egressgateway-for-wikipedia
* use local directory instead of $HOME
* create virtual service together with gateway and destination rule
they are depenedant on mTLS between the sidecar and the egress gateway
* add monitoring and policy subsection
* change connection event from close to open
* Cleanup of the monitoring and policy -> Cleanup of monitoring and policy enforcement
* move wildcard egress gateway into advanced gateways examples
* add missing dot at the end of the example description
* replace cat <<EOF | kubectl apply/create -f - with kubectl apply/create -f - <<EOF
* use -l with kubectl logs for the mixer log
* add egress gateway with SNI proxy diagram
* remove mTLS for TLS
* remove mTLS from the first part (without SNI proxy)
* make the section titles shorter
* fix the links to advanced gateway examples
* remove a redundant empty line
* our requests -> your requests
* send requests -> send requests to
* remove mentioning a destination rule to set destination SNI
* add explanation about SNI monitoring and policies
Tao Li
Martin Taillefer
Tiago Moreira Vieira
Itay Shakury
agmsb
Limin Wang
SataQiu
Vadim Eisenberg
Venil Noronha
Frank Budinsky
Linus Li
Chunlin Yang
l10xbin
Julian Griggs
John Mazzitelli
Douglas Reid
Shriram Rajagopalan
mtail
Jonh Wendell
Brian Avery
Rigs Caballero
xavierbaude
Quanjie Lin
x15zhang
Jinming Yue
Yangmin Zhu