* use a boilerplate for setting environment variables for kubectl contexts of the two clusters
share the boilerplate for gateway connectivity and for split horizon EDS clusters
* add the boilerplate file
* use the 443 port and host "*.local" for the gateway
* the Gateway -> a gateway, remote services -> services in cluster2
* rewrite instructions for setting the gateway's address
* add unsetting environment variables and removing files to cleanup
* put backticks around `istio` and `ConfigMap`
* add "i.e." before the Kubernetes DNS domain in parenthesis
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* the 443 port -> 443 port
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* add deleting n2-k8s-config in the cleanup
* set --set global.meshNetworks.network2.gateways[0].port to 443
* add unsetting CTX_CLUSTER1
* move unsetting CTX_CLUSTER1 before removing temporary files
for symmetry with CTX_CLUSTER2
* add unsetting CTX_CLUSTER2
* Change the gateway's address and port -> Update the gateway's address and port to reflect...
* wait for the pods to come up by checking their status -> wait for the pods to become ready:
* add output of get pods for cluster1
* do not check the status of the istio-ingressgateway on cluster2
before configuring watching of cluster2 by cluster1
* add waiting for istio-ingressgateway to become ready after setting watching cluster2
* combine printing ingress host and port into one line
* WIP Add Kubernetes Installation landing page.
This adds the landing page and organizes the content to make it easier to navigate.
Signed-off-by: rcaballeromx <grca@google.com>
* Apply initial feedback on landing page content.
Signed-off-by: rcaballeromx <grca@google.com>
* Rename and move files to enhance navigation.
Added aliases to redirect after filename changes.
Signed-off-by: rcaballeromx <grca@google.com>
* Harmonize all installation guide titles and intros.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix all links affected by the restructure.
Fixed all internal links and added aliases to ensure external redirects.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix paths of images on the ZH content.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix additional links and apply feedback.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix link error introduced by rebase.
Signed-off-by: rcaballeromx <grca@google.com>
* Remove redundant instances of "Istio" in titles.
Signed-off-by: rcaballeromx <grca@google.com>
The --name in helm template was istio-egressgateway. This generated a release name of istio-egressgateway. The one from the helm template was istio. This led to an error when attempting to apply.
* networking -> network connectivity
* single control plane topology -> single control plane topology with VPN connectivity
* a single control plane topology with VPN connectivity -> a single control plane with VPN connectivity topology
* Simplify instructions by using labels selector on the helloworld yaml
* Added missing local context
* Renamed secret and config names for the remote k8s api
* Wrap into a warning section
* local->cluster1 remote->cluster2
* Review comments addressed
* Review comments addressed
* Moved the gateway up to the cluster 1 setup section and make it a generic gateway
* Review comments addressed
* note HTTP-related attributes -> notice the HTTP-related attributes
* related to Istio sidecar -> related to the Istio sidecar
* rewrite the sentence about ports and the installation option
use port 8000 instead of 443, to generate less confusion
* no HTTP service or service entry -> no HTTP service and no service entry
* extend understanding what happened with the third approach
* change section titles
* split the cleanup section into cleanup subsections
* fix links
* must not -> do not need to
* rewrite the sentence about switching to the first approach
* per specific port, gaining -> for specific ports, enabling
* A caveat is that some ports, for example port 80, already have HTTP
services inside Istio by default
* In this approach, similarly to the previous one -> With this approach, like with the previous one
* approaches can be applied -> approaches can be used
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* split long lines
* split long lines
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Revert "Update content/docs/tasks/traffic-management/egress/index.md"
This reverts commit febb76edc9.
* rewrite the sentence about the installation option and add a link to installation options
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* remove duplicate text
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* remove a redundant empty line
* address the reader directly
* Updated to install istio remote using values file
* Few unrelated doc fixes
* Remove zipkin and statsd flags as they are unsupported
* Revert "Few unrelated doc fixes"
This reverts commit 038096d137.
* Few more minor updates
* Switch to port 15443
* Break on-line helm commands
* Trailing space
* Put back some default istio features after verifying mc still works
* Add remote mixer addresses
* Formatting
* Specify container for cleaner output
* Wrong place
* use port 80 with protocol HTTPS for mTLS on egress gateway
* rewrite the instructions about why to apply mutual TLS
* make the protocol of 443 HTTPS
* allow monitor -> allow to monitor
* add a step to confirm that Bookinfo is running without ingress
to verify that the app with Istio runs correctly without ingress,
to separate Istio installation errors from Ingress configuration
errors, to prevent questions like these
https://stackoverflow.com/questions/54307216/istio-proxy-unable-to-connect-to-istio-pilot
* fix the links to the renamed section (confirm the app is accessible...)
- Fix formatting for the Subscribe link on blog pages. That got broken in some refactoring I did a while back.
- Remove a few *NOTE* and _NOTE_ instances and replace with the canonical icons
- Add a link to our community repo in the Getting Involved page.
* add a tab section about mTLS
* remove leftover ";done"
* remove SNI monitoring and policy enforcement section
* add explanation why mTLS between sidecars and egress gateways is needed
* add mTLS enabled/disabled tabs to the egress MongoDB blog post
* remove placeholder SNI in logs
* add forward_downstream_sni and sni_verifier filters for wildcard TLS hosts
* add a required empty line
* make the sentence about enabling mTLS a note
* add inline comment in the yamls regarding the SNI filters
* a couple of filters -> Envoy filters
* rewrite the sentence why the SNI filters are used
* fix "so that policies will be enforced based on the original SNI value"
* prevents a possibility for deceiving Mixer -> prevents Mixer from being deceived
* will not match -> does not match
* make note ('>') one line to make lint happy
* initial version
* split a long line
* rephrase the sentence "Now, you configured..."
* add a requirement that mTLS is enabled
* remove leftover ';done'
* add monitoring and policy enforcement of SNI and source identity
* the logentry -> logentry
* that will allow -> that allows
* replace URL with Wikipedia in English
* clarify the examples in SNI monitoring, blocked vs. allowed
* Extend the introduction to monitoring/policies by source identity
* replace backticks with italics for sleep-us and sleep-canada
* the logentry -> logentry
* the sidecar proxy -> the sidecar proxies
* fix the names of the service accounts in cleanup
* it should be -> it must be
* services -> applications
* add: Access to other Wikipedia sites will be blocked
* inline the command to kill mixer pods
* add clarification about the access to Wikipedia sites from sleep-canada
* fix format of cleanup of monitoring/policies by source
* replace italics with backticks for sleep-us and sleep-canada due to spellchecker
* add a missing empty line
* Revert "inline the command to kill mixer pods"
This reverts commit 780913253d.
* of the source of traffic -> of the traffic source
* allows access -> allows to access
* delete "namely"
* Wikipedia -> the Wikipedia
* An example for configuring and verifying split horizon EDS
* Add period to end of description
* Minor change
* Minor typo
* Comments by Lin Sun addressed
* Addressed @frankbu review comments and cross referenced with the concept doc
Vadim Eisenberg
Ralf Pannemans
lei-tang
Lin Sun
Martin Taillefer
Jimmy Chen
Rigs Caballero
Yossi Mesika
Shriram Rajagopalan
Douglas Reid
Brian Avery
Vishal Yadav
Jianfei Hu
Frank Budinsky
Eric Van Norman
Daneyon Hansen
Chunlin Yang