istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,802 Commits 97 Branches 0 Tags 726 MiB
Commit Graph

147 Commits

Author SHA1 Message Date
Istio Automation 2edbaeaf4b
Remove deep dive mtls taks. (#6706) 
* remove deep dive

* update links

* lint fixing egs gw

* more removal

* link 1.0.3 lint
 2020-03-04 13:15:26 -08:00
Istio Automation b5a4efb064
Another clean up for global.mtls.enable (#6611) 
* Another clean up for global.mtl.enable

* Update text

* Lint

* Use --set values.grafana.enabled=true as overriding operator value example

* Revert change in content/en/docs/reference/commands/istioctl/index.html

* Change example istioctl command to override grafana settings

* Lint

* Change to --set addonComponents.grafana.enabled=true

* Remove global.mtls.enable in authn task

* Update content/en/docs/setup/install/istioctl/index.md

Co-Authored-By: Rigs Caballero <grca@google.com>

* Update content/en/docs/setup/install/multicluster/shared-vpn/index.md

Co-Authored-By: Rigs Caballero <grca@google.com>

* Update content/en/docs/tasks/security/authentication/authn-policy/index.md

Co-Authored-By: Rigs Caballero <grca@google.com>

* Update content/en/docs/tasks/security/citadel-config/plugin-ca-cert/index.md

Co-Authored-By: Rigs Caballero <grca@google.com>

* Update content/en/docs/setup/install/multicluster/shared-vpn/index.md

Co-Authored-By: Rigs Caballero <grca@google.com>

* Update content/en/docs/tasks/security/citadel-config/plugin-ca-cert/index.md

Co-Authored-By: Rigs Caballero <grca@google.com>

Co-authored-by: Rigs Caballero <grca@google.com>
 2020-03-04 13:15:19 -08:00
Istio Automation ff453998a8
Spelling and add a tip to using-istio-dashboard (#6684) 
* Spelling and add a tip to using-istio-dashboard

* Update content/en/docs/tasks/observability/metrics/using-istio-dashboard/index.md

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

* Update content/en/docs/tasks/observability/metrics/using-istio-dashboard/index.md

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
 2020-03-04 11:09:15 -08:00
Yangmin Zhu fa8a1f5da1
authz: update authz JWT task (#6693) 
* authz: update authz JWT task

* address comments

* Update content/en/docs/tasks/security/authorization/authz-jwt/index.md

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

* Update content/en/docs/tasks/security/authorization/authz-jwt/index.md

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
 2020-03-03 17:42:11 -08:00
Yangmin Zhu cba7f0fdfc
authz: add task for IP allow list and black list on ingress gateway (#6692) 
* authz: add task for IP whitelist/blacklist on ingress gateway

* allow list and deny list

* Small grammar adjustments

* address comments

* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

Co-authored-by: Adam Miller <1402860+adammil2000@users.noreply.github.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
 2020-03-03 17:42:03 -08:00
John Howard f7363dea08
Updates to ExternalName doc (#6664) 
* Updates to ExternalName doc

* Update content/en/docs/tasks/traffic-management/egress/egress-kubernetes-services/index.md

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
 2020-03-03 17:41:46 -08:00
Jimmy Chen ca72d2997d
Updated guide for Authorization Policy Trust Domain Migration (#6694) 
Remove an outdated step from the guide.
 2020-03-03 16:27:45 -08:00
Eric Van Norman 10914ff01e
access log updates for command output, variable names (#6685) 2020-03-03 16:27:37 -08:00
Jimmy Chen 4cbae1d119
Update index.md (#6688) 
Remove the container specifier from troubleshooting section, as in 1.5 the gateway and sds agent are running in the same container.
 2020-03-02 14:43:10 -08:00
Diem Vu dde9ed9258
Fix per-port peer authentication command (#6682) 
* Fix command

* Correct commands for mtls migration tasks

* Lint

* Lint
 2020-03-02 14:43:03 -08:00
Eric Van Norman 50c280ef70
Fixes from community testing (#6679) 2020-03-02 13:29:13 -08:00
Eric Van Norman b8ef610695
Spelling update (#6665) 2020-03-02 13:29:04 -08:00
Yangmin Zhu e525b3b182
remove the mixer policy concept page (#6470) 
* remove the mixer policy concept page

* also remove in concept page

* update task

* update
 2020-02-28 11:06:11 -08:00
Jianfei Hu 6fb12b9c8e
Rewrite mtls migration instructions. (#6589) 
* rewrite mtls migration doc.

* migrate out the comment out ones

* more service/wl swap, one level title up

* Update content/en/docs/tasks/security/authentication/mtls-migration/index.md

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

* lint fix, lockdown

* refer ns in lckdown

* reworded beginnig  sec

* remove the global.mtls.enabled.

* lint fix

* Apply suggestions from code review

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

* suggestion batch2.

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

* address turn3

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

* ns create separtae.

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
 2020-02-27 07:20:59 -08:00
Douglas Reid 6ba9f2c86e
fix(observability docs): restructure docs for v2 telemetry (and remove problematic Mixer refs) (#6533) 
* wip: setup observability tasks for v2

Signed-off-by: Douglas Reid <dougreid@google.com>

* continue work

Signed-off-by: Douglas Reid <dougreid@google.com>

* lint fix

Signed-off-by: Douglas Reid <dougreid@google.com>

* remove mixer ref from what-is-istio

Signed-off-by: Douglas Reid <dougreid@google.com>

* further cleanup

Signed-off-by: Douglas Reid <dougreid@google.com>

* lint fix

Signed-off-by: Douglas Reid <dougreid@google.com>

* when will the linting stop?

Signed-off-by: Douglas Reid <dougreid@google.com>

* Update content/en/docs/tasks/observability/mixer/_index.md

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
 2020-02-26 14:55:17 -08:00
Diem Vu bfb8eb0fb3
Remove https overlay task (#6596) 
* Remove https overlay

* Remove ref
 2020-02-26 13:22:59 -08:00
Adam Miller f387200b5c
Typo fixes for issue #6487 (#6526) 
* Typo fixes

* Fix linter error

* Typo

* Clarification
 2020-02-25 14:58:45 -08:00
Romain Lenglet 54430797b9
Update circuit breaker task for 1.5 (#6599) 
* Document starting fortio with automatic injection enabled

* Update fortio output
 2020-02-25 14:28:09 -08:00
Diem Vu e59a1998bf
Modernize authn tasks for 1.5 API and auto-mTLS by default (#6546) 
* Modernize authn tasks for 1.5 API and auto-mTLS by default

* Also remove auto-mtls task as merge with the main task, as this mode is by default and having separate task is uneccessary

* Lint

* Update content/en/docs/tasks/security/authentication/authn-policy/index.md

Co-Authored-By: Rigs Caballero <grca@google.com>

* Update content/en/docs/tasks/security/authentication/authn-policy/index.md

Co-Authored-By: Rigs Caballero <grca@google.com>

* Update content/en/docs/tasks/security/authentication/authn-policy/index.md

Co-Authored-By: Rigs Caballero <grca@google.com>

* Address first round comments

* Lint

* Lint

* Address more review comments

* Lint

* Update content/en/docs/tasks/security/authentication/authn-policy/index.md

Co-Authored-By: Rigs Caballero <grca@google.com>

* Update content/en/docs/tasks/security/authentication/authn-policy/index.md

Co-Authored-By: Rigs Caballero <grca@google.com>

* Address comments and revert delete files to fix lint. Will remove in another PR

* Fix links

* More review

* Update content/en/faq/security/accessing-non-istio-services.md

Co-Authored-By: Rigs Caballero <grca@google.com>

* Update content/en/docs/tasks/security/authentication/authn-policy/index.md

Co-Authored-By: Rigs Caballero <grca@google.com>

Co-authored-by: Rigs Caballero <grca@google.com>
 2020-02-25 10:13:25 -08:00
Yangmin Zhu c399db1761
authz: add task for deny policy (#6552) 
* authz: add task for deny policy

* fix lint
 2020-02-25 06:16:27 -08:00
lei-tang d0e36ce175
Update the document of DNS certificate management for Istio 1.5 (#6541) 2020-02-24 09:08:29 -08:00
Xinnan Wen ae181e8274
update operator api ver and fix (#6529) 2020-02-24 08:22:26 -08:00
lei-tang 5f16efe2d0
Remove webhook task from Istio 1.5 documentation (#6515) 
* Remove webhook task from Istio 1.5 documentation

* Revision based on review comments

* Add archive.istio.io to url-ignore list
 2020-02-21 17:26:06 -08:00
Vadim Eisenberg 30f40a0e7b
rewrite Secure Gateways (SDS) to use openssl for generating certs/keys (#6190) 
* rewrite Secure Gateways (SDS) to use openssl for generating certs/keys

additional improvements:
1. Generate and use client certificate/private key for mutual TLS
2. Do not use quotes in YAMLs where not required

* add removing csr files and client.example.com files

* delete the directories with the certificates -> delete the certificates and the keys
 2020-02-21 10:54:31 -05:00
lei-tang 8f55ddbc67
Update the SDS documentation on Node Agent for Istio 1.5 (#6518) 
* Update the SDS documentation on Node Agent

* Revise based on review comments
 2020-02-21 07:44:33 -08:00
Eric Van Norman ba89d40479
Fix spelling (#6510) 2020-02-20 07:48:55 -08:00
Chunlin Yang 472d732804
Correct typo (#6463) 
Signed-off-by: clyang82 <clyang@cn.ibm.com>
 2020-02-18 00:33:27 -08:00
Adam Miller 43609130ea
Add tutorial modules for enabling Istio, mTLS, versioning, gateway, logging (#6372) 
* Added new modules

* Add more modules

* Grammar tweaks

* Tutorial fixes

* Fixed pathing errors and desc.

* Fixed broken steps and typos

* Restore download section

* fixed broken links

* Fixed more broken links

* Fixed linter issue

* PR review fixes

* Remove unwanted json file

* Lots of review fixes
 2020-02-11 13:50:44 -08:00
Bryant Hagadorn 87839e0d90
Updated cert-manager version (#6377) 
* Updated cert-manager version

As of v.10 of cert-manager the `apiVersion` has changed to `cert-manager.io/v1alpha2`

* Edit Cert as well
 2020-02-05 08:09:51 -08:00
Suchith J N 5abe1c2696
update documentation for TCP traffic shifting: use a dedicated namesp… (#6368) 
* update documentation for TCP traffic shifting: use a dedicated namespace instead of using default [istio-18285]

* fixed lint error in tcp-traffic-shifting/index.md in creating new namespace section (istio#18285)

* fix ordered list numbering to conform to MD029 configured to 'one' (istio.io/istio#18285)
 2020-02-03 07:58:48 -08:00
John Howard 7f218afb1b
Remove galley docs (#6361) 
* Cleanup validation docs

* Clean up some Galley references for istiod

* fix syntax
 2020-01-31 09:15:51 -08:00
Eric Van Norman 664b4453af
Fix URLs to fix lint link errors (#6379) 
* Fix LightStep URLs to fix lint link error

* Also fix spiffe.github.io to spiffe.io

* Update LightStep URL to match fowarded link
 2020-01-31 07:28:53 -08:00
SerenaFeng 73b9088172 certificate decode error when decoding from bash pipe by openssl (#6259) 2020-01-07 16:31:57 -05:00
LokeshAggarwal1997 b67b652561 update index.md (#6027) 
* update index.md

* Update index.md

* Updation

* updated config
 2020-01-07 09:26:54 -05:00
Vadim Eisenberg ef932a9bb7 use openssl to generate certificates and keys (#6191) 2020-01-06 14:16:28 -08:00
Oliver Liu 7e225624b8 Improve the MTLS migration task. (#6255) 
* Improve the MTLS migration task.

* Small fix.

* More improvements.

* Small fix.

* Small fix.

* Small fix.

* Small fix.

* Small fix.

* Lint fix.

* Copy edits

* Apply suggestions from code review

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

Co-authored-by: Adam Miller <1402860+adammil2000@users.noreply.github.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
 2020-01-06 08:58:25 -08:00
Yangmin Zhu 362a64cf95 add notes for enabling mTLS for authz (#6280) 2020-01-06 08:09:25 -08:00
Vadim Eisenberg b6a786ca93 Fix comments of 5262 (#6206) 
* add "for" in description: ... configure Istio for Kubernetes External Services

* add "in the default namespace" to "create a Kubernetes ExternalName Service"

* mention the Kubernetes DNS format for services
 2020-01-03 11:32:24 -08:00
SerenaFeng 8da598fdff V1/2_POD_IP error when there are other pods labelled version=v1/2 (#6245) 
* bugfix: V1/2_POD_IP set error when there are multiple pods labelled version=v1/2

* certificate decode error when decoding from bash pipe by openssl

* revert certificate decode error when decoding from bash pipe by openssl
 2020-01-03 11:14:56 -05:00
Lin Sun 7d2c7d1e21 use the new install link (#6199) 2019-12-31 08:27:22 -08:00
Lin Sun 86f642902b remove controlPlaneSecurityEnabled (#6200) 
* remove controlPlaneSecurityEnabled

as it is enabled by default now

* more update

* more updates

* more updates

* more update
 2019-12-31 08:14:30 -08:00
Lin Sun c285372359 update with correct output (#6186) 
* update with correct output

shows source and destination service

* Update index.md
 2019-12-31 08:14:22 -08:00
Frank Budinsky 23aeda36dd Add required matchLabels to deployments (#6155) 2019-12-20 10:49:06 -08:00
Lin Sun 4601017961 remove bin reference to istioctl (#6154) 
* remove bin reference to istioctl

as all of our other tasks assume istioctl is on the path already.  Having it cause me an alert on my mac:

“istioctl” can’t be opened because Apple cannot check it for malicious software.

* fix istioctl path
 2019-12-19 13:55:05 -08:00
Lin Sun 9bf0d55b26 update the cmd to retrieve token correctly (#6128) 
* update the cmd to retrieve token correctly

* update to remove empty char only

* remove tab also

* Update content/en/docs/tasks/security/authentication/authn-policy/index.md

Co-Authored-By: Eric Van Norman <ericvn@us.ibm.com>
 2019-12-18 06:24:23 -08:00
Shamsher Ansari 38a997a026 Set Kiali username and password on separate prompt (#6079) 
* Set Kiali username and password on separate prompt

* Fix linting errors

* Revert zsh prompt to single copiable box

* Fix review comment suggestions

* Remove spacing

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
 2019-12-17 07:57:50 -08:00
youmoo 633309cbbf Fix typo (#6115) 
"less than" not "less that"
 2019-12-16 06:44:48 -08:00
Jianfei Hu f2e87724f3 remove optional wording in title (#6089) 2019-12-16 09:20:05 -05:00
Shamsher Ansari 5c269c0340 Improve Mutual TLS migration example (#6035) 
As with version v1.4.0, Experimental multi-cluster setup has been added to istioctl

The following command also provides istio-multicluster-destinationrule and host information

kubectl get destinationrule --all-namespaces
 2019-12-10 13:06:43 -08:00
Shamsher Ansari 6da47574b2 Fix broken link for Configure Citadel Service Account Secret Generation (#6042) 2019-12-10 08:11:08 -08:00