Update "Collecting Metrics and Logs" task with new source and destination attributes
Updated based on reviews and added tcp metrics changes too
Update Prometheus Task
Update Using-Istio-Dashboard task
Updated fluentd and servicegraph tasks.
Also update distributed tracing and using-istio-dashboards tasks based
on feedback
Add new picture for servicegraph and indent using-istio-dashboard again
Fixed Linting Errors
Updating based on review
Updating based on review
Adding destination-rule-all-mtls for tcp metrics routing too
Add explanation for Inbound Workloads and Outbound Services for Workload Dashboards
* Update authentication concept doc.
* Fix lint errors.
* Address comments and fixed some links.
* Remove feature stages change from this PR.
I will make a separate PR for it.
* Chinese community translation and fix a markdown error
- Translate community page into Chinese
- Fix https overlay markdown style check error
* fix CI errors
- update Quick Start with Kubernetes
- update Prerequisites and Installation steps
- fix some broken links
* Multicluster: add details on enabling mTLS for control plane and app pods
- describes deployment steps and includes an example deployment with commands
* fix review comments on wording
* Extract platform prerequisites
* Reorg
* Remove the inner pages from the menu
* Conform to the site directory structure
* Fix the link wording to match the title of the link and the uppercase
* Fix lint errors
* more lint errors
Remove warning that prior to Istio 0.8 Helm was unstable.
Since we are on 1.0, and can expect people to upgrade from 0.8,
this warning doesn't seem relevant.
Also, Helm upgrade from 0.8 to 1.0 has been validated. Also
remove that warning.
* Edit Kubernetes Quick Start for clarity.
This edit includes among other changes:
* Consistent use of markup, line length, and command formatting.
* Grammar, spelling, and other language fixes.
* Use of ordered lists for steps.
* New clear headings for installation options.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix linter issues on Kubernetes QS edit.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix indentation to fix ordered lists.
Trying to figure out the space in links issue. So far it looks like a false
positive.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix links and code blocs for lint.
Signed-off-by: rcaballeromx <grca@google.com>
* Remove in-line markup from links.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix code-block indentation and spelling lint.
Signed-off-by: rcaballeromx <grca@google.com>
* Rewrote link text to avoid spelling lint.
Signed-off-by: rcaballeromx <grca@google.com>
* Update index.md
* Delete "basic access control" and "secure access control" pages.
These pages were there before Istio RBAC was introduced. We should
remove them now to avoid confusion.
* Added aliases for deleted pages.
Istio intends to lead with automatic sidecar injection and
as such, there is no good rationale to document how to turn
sidecar injection off. Still, as a followon PR, it may make
sense to document 5-7 different customization scenarios.
ingress v1 is gone - no sense describing it here.
* add ./ to the script to generate certificates
* add a step to verify the subject of the ingress gateway certificate
* add a step to verify the subject of the CA certificate
put the mutual TLS troubleshooting into a separate subsection
* fix the level of the mutual TLS troubleshooting
* remove redundant empty lines
* verify the subject is correct -> verify that the subject is correct
* another case: verify the subject is correct -> verify that the subject is correct
According to https://cloud.google.com/kubernetes-engine/release-notes#june-28-2018, 1.10.4-gke.0 is no longer available but 1.10.5-gke.0 now is.
With the old version I get:
```
$ gcloud container clusters create quickstart --cluster-version=1.10.4-gke.0 --zone us-east1-b --project jblatt-test
ERROR: (gcloud.container.clusters.create) ResponseError: code=400, message=master version "1.10.4-gke.0" is unsupported.
```
* Update multicluster doc with latest helm chart changes
Update the procedure
- new helm var names
- remove service account creation
- reorder sections to correct procedural order
- auto v. manual sidecar inject info
* Edit the What is Istio file for clarity.
This edit includes:
* The rewrite of all instances of passive voice
* The simplification of complex sentence structures
* The splitting of run-on-sentences
* The disambiguation of relative pronouns
* The removal of conjunctives such as should, could, and would
* The replacement of long series with lists
* The improvement of punctuation
* The addition of emphatic markup including links
The purpose behind the edits is to improve content flow and allow easier
consumption for international audiences. The simpler structures will also have a
positive impact in the translation.
* Consolidate the security concept pages into a single page.
- This updates the security concept material to be on a single page, which matches the
change done last week for the rest of the concept material. This ends up being a less clicky
more directed introduction for newcomers to the platform.
- While I was there, I moved the redundant What is Istio page from our about section and stuck
the content at the top of the What is Istio page in the Concepts section.
As part of the effort to streamline our content, this consolidates the many small
perf-and-scalability pages into a single concept page. This change is similar to what
we've done to the other concept pages.
- Add <github_file> <github_blob> and <github_tree> to make it simpler to link to the right
place on GitHub.
- Use these new sequences throughout the docs.
- Also, fix bad HTML generated for the TOC in certain cirsumstances.
- Fix extra blank line inserted at the bottom of indented code blocks.
- Remove What's next sections since we now have auto-generated See also sections
- Fix a few incorrectly capitalized headers, "istio", "kubernetes", "sidecar"
* Update authn policy tasks with global policy.
This is cloned from Diem's PR
https://github.com/istio/istio.github.io/pull/1600.
* Add section to use mesh-wide policy to enable mTLS globally.
* Update examples to follow naming restriction.
* Fix linter errors.
* Additional lint fix.
Accordingly with the kubectl help documentation for the logs
command, the container name is a flag and not an argument:
`
Usage:
kubectl logs [-f] [-p] (POD | TYPE/NAME) [-c CONTAINER] [options]
`
The use of an argument instead of a flag is to keep compatible
with legacy systems, but it is not recommended as it can be removed
at any time.
* Minikube 0.28.0 (latest) has deprecated localkube
Fixes: https://github.com/istio/istio/issues/6463
Instead use kubeadm (the default). Also explain how to select
the chosen VM driver. Finally expand the memory from 2gb to 4gb
so that bookinfo can start without an OOM.
* Add note about using a system without LoadBalancer
Some platforms such as minikube do not support LoadBalancers. For
these platforms, document how to install Istio with NodePort rather
than LoadBalancer.
* remove egress TCP task
the example can be implemented by HTTPS Service Entries
* remove a reference to Egress TCP Task in Egress TCP blog
* replace a reference to the Egress TCP task by the Egress TCP blog post
in About -> Feature Status -> Istio features/Traffic management
* add an alias from the removed task to Egress/TCP blog post
* updated attributes
Signed-off-by: Kuat Yessenov <kuat@google.com>
* over zealous linter
Signed-off-by: Kuat Yessenov <kuat@google.com>
* add a note about source name
Signed-off-by: Kuat Yessenov <kuat@google.com>
* typos
Signed-off-by: Kuat Yessenov <kuat@google.com>
* mention that original names will be gone
Signed-off-by: Kuat Yessenov <kuat@google.com>
* Update remote cluster RBAC instructions for kubernetes multicluster setup
Added detailed instructions for creating a service-account with RBAC
role for each remote cluster with the minimum access required for
the istio control plane.
Fixes#1477
* Update for installations with mTLS auth enabled
The docs do not provide reference to installations with mTLS auth enabled. If mTLS auth is enabled and the user goes through the instructions, they will encounter `upstream connect error or disconnect/reset before headers` when the DestinationRule is applied.
istio/issues#375 (comment) helped lead to the resolution.
* add egress-tls-origination task
* add cnn.com, edition.cnn.com an "programmatically" to .spelling
* lint fixes
* remove a page alias
* add What's next section
* HTTP2 -> HTTP in port definition
* put the output of commands as part of the "command" block
* rewrote the cleaning after HTTP ServiceEntry without TLS origination
* clarify the configuration items for TLS origination
* when talking to edition.cnn.com -> when accessing edition.cnn.com
* wild card -> wildcard
* an Service Entry -> a Service Entry
* use curl -s -o /dev/null -D - instead of curl -I
* Perform TLS Origination for Egress Traffic -> TLS Origination for Egress Traffic
- We now automatically generate a See Also section on pages when possible.
The links are determined by a reverse index based on the keywords
assigned to each page in its front-matter.
- Do a pass to assign keywords to all our pages to populate the See Also
links.
- Leverage the keywords in the front-matter to generate a keyword metadata entry for each
generated page.
LillyWu
Pengyuan Bian
Matthew Wringe
mtail
Frank Budinsky
gargnupur
Limin Wang
Yossi Mesika
imgbot[bot]
David Tesar
Vincent
Yangmin
Georgios Andrianakis
Jimmy Song
Tim Swanson
Spike Curtis
Douglas Reid
Andra Cismaru
Tiago M. Vieira
Rocky Shang
Axel Siebenborn
Vadim Eisenberg
Dan Ciruli
Sven Mawson
Daneyon Hansen
Will Witman
jnativio
Martin Taillefer
lei-tang
Tao Li
Dmitri Dolguikh
navinger
Stephen Gilson
Brian Avery
Steven Dake
Rigs Caballero
Ozben Evren
duderino
Jianfei Hu
Isaiah Snell-Feikema
john-a-joyce
Gary Brown
Kuat
danielmenezesbr
Arshdeep Singh Chimni
Shriram Rajagopalan
Guang Ya Liu
Bruno
Jason Young
Cesar Botti
Miguel Angel Medina Mondragon
Morven Cao
Thijs Feryn
Kent Hua
Henrik Carlioth
Zack Butcher
salrashid123
Christian Alexander