* add access log task
* change config map to configuration map to prevent spelling errors
* add an empty line between two boilerplates
seems to be required, otherwise a redundant <p> tag is generated
* make the task's title Getting Envoy's Access Logs
* mind escaping -> be sure to escape
* check the log of sleep, httpbin -> check sleep's, httpbin's log
* change -> customize
* to do it, edit -> by editing
* use a separate gateway for bookinfo in the case of multiple hosts
* set the name parameter to be "istio" instead of "istio-ingressgateway"
Since the original istio-ingressgateway was deployed with the name parameter "istio".
Otherwise, the following error will be received:
The Deployment "istio-ingressgateway" is invalid: spec.template.metadata.labels: Invalid value: map[string]string{"chart":"gateways", "heritage":"Tiller", "istio":"ingressgateway", "release":"istio-ingressgateway", "app":"istio-ingressgateway"}: `selector` does not match template `labels`
The problem is that the "release" label contains the name parameter of helm template,
and if this label will not match in the new and the original deployments of istio-ingressgateway,
kubectl apply will fail.
* add ingress troubleshooting section
* it does not arrive to the Istio -> it does not arrive to the ingress gateway
* fix a link
* remove checking the log since access log will be removed in 1.1
* you have no other Kubernetes Ingress resources -> you have no Kubernetes Ingress resources
* fail with 503 instead of 000 for injected-app
As a bad destination rule is set to disable client side mTLS and receiving side is mTLS enabled. At this point, Running the curl command between sidecar injected Istio services all requests will fail with a 503 error code as the client side is still using plain-text.
* use a boilerplate for setting environment variables for kubectl contexts of the two clusters
share the boilerplate for gateway connectivity and for split horizon EDS clusters
* add the boilerplate file
* use the 443 port and host "*.local" for the gateway
* the Gateway -> a gateway, remote services -> services in cluster2
* rewrite instructions for setting the gateway's address
* add unsetting environment variables and removing files to cleanup
* put backticks around `istio` and `ConfigMap`
* add "i.e." before the Kubernetes DNS domain in parenthesis
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* the 443 port -> 443 port
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* add deleting n2-k8s-config in the cleanup
* set --set global.meshNetworks.network2.gateways[0].port to 443
* add unsetting CTX_CLUSTER1
* move unsetting CTX_CLUSTER1 before removing temporary files
for symmetry with CTX_CLUSTER2
* add unsetting CTX_CLUSTER2
* Change the gateway's address and port -> Update the gateway's address and port to reflect...
* wait for the pods to come up by checking their status -> wait for the pods to become ready:
* add output of get pods for cluster1
* do not check the status of the istio-ingressgateway on cluster2
before configuring watching of cluster2 by cluster1
* add waiting for istio-ingressgateway to become ready after setting watching cluster2
* combine printing ingress host and port into one line
With the upgrade of cert-manager to v0.6.2 two new CRDs are being
introduced. The total number of CRDs should now be `58`. Updating
the CRDs installation section of the documentation accordingly.
* initial version, copied from release-0.8, updated format
* remove the sentence about release 0.8
* remove mentioning namespaces
* fix a localhost:1313 link
* fix the links to the new examples instead of tasks
* extend the introduction into "Configure monitoring and access policies"
* fix format of the Logging section
* fix command format of "Access control by routing" section
* replace source.service with source.name
* remove 'tail -4' since the log can come from multiple mixer telemetry instances
* add subset cnn to the virtual services
* update the log output after access control by routing
* fix format of the command to send requests to cnn.com
in access control by routing
* fix format for "Access control by Mixer policy checks"
* change the error code from 404 to 403 in "Access control by Mixer policy checks"
* add 'with mutual authentication enabled'
* fix cleanup format, delete politics source
* use kubectl apply instead of istioctl/kubectl create
* add reporterUID and sourcePrincipal attributes to the log
remove source, sourceNamespace since they erroneously report egress-gateway as a source
remove user since it is unknown
document the parameters
* fix format of Access policies by mixer, part 2
* our organization -> the organization
* fix format in the Dashboard section, 404 -> 403, SOURCE_POD_IN_POLITICS -> SOURCE_POD_POLITICS
* remove the dashboard section since it does not show source
* from a certain namespace -> with a certain service account
* change future tense to present one
* add assumption about the container name being sleep
* remove additional future tense usages
* fix a link
* $SOURCE_POD -> SOURCE_POD
* remove another case of future tense
* remove the cleanup of grafana
* change summary
* fix links
* put backticks around Listchecker
* on the localhost -> inside the pod
* add 'SDKs' to .spelling
* fix another link
* more link fixing
* Egress Gateway task -> Egress Gateway example
* add the last_update field
* add IBM to attribution
* remove the weight attribute
* Update content/blog/2018/egress-monitoring-access-control/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/blog/2018/egress-monitoring-access-control/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* after you accomplish this -> after completing that example
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Remove note, must -> should
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* combine two sentences: "peformed before you begin" and "enabled traffic to edition.cnn.com"
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Now -> at this point, configure for monitoring -> configure to monitor
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* According to the scenario of this blog post -> according to our scenario
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* remove leftover from 27f2917884
* rewrite "Related tasks and examples" as a bulleted list
* extract additional bullet
- Make better use of html semantic elements to help
search & screen readers.
- Add or improve ARIA annotations for accessibility
- Improve print-time formatting.
* WIP Add Kubernetes Installation landing page.
This adds the landing page and organizes the content to make it easier to navigate.
Signed-off-by: rcaballeromx <grca@google.com>
* Apply initial feedback on landing page content.
Signed-off-by: rcaballeromx <grca@google.com>
* Rename and move files to enhance navigation.
Added aliases to redirect after filename changes.
Signed-off-by: rcaballeromx <grca@google.com>
* Harmonize all installation guide titles and intros.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix all links affected by the restructure.
Fixed all internal links and added aliases to ensure external redirects.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix paths of images on the ZH content.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix additional links and apply feedback.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix link error introduced by rebase.
Signed-off-by: rcaballeromx <grca@google.com>
* Remove redundant instances of "Istio" in titles.
Signed-off-by: rcaballeromx <grca@google.com>
Vadim Eisenberg
Idan Zach
idouba
Douglas Reid
Eric Van Norman
Ralf Pannemans
lei-tang
Andra Cismaru
Lin Sun
Frank Budinsky
Oliver Liu
John Howard
Jimmy Chen
Phil Rud
Martin Taillefer
mtail
SataQiu
Steven Dake
flydragon
Yangmin Zhu
Rigs Caballero