* Update test framework to use 1.6.0-beta.0
* Go back to copies from env var
* Add more test targets, fix mtls test (new PA added)
* Update to use Istio SHA from go.mod (convert to long SHA)
* Try and remove TAG from prow
* Debug TAG not being set
* Fix paralization issue
* Remove some extra output
* Review comments
* Updated with instructions for LightStep Tracing vs. LightStep [x]pm (#4203)
* Remove [x]PM unless necessary (#4405)
These instructions are now for both LightStep [x]PM and LightStep Tracing.
* Updated with instructions for LightStep Tracing vs. LightStep [x]pm (#4203)
* remove bad dir
* fix graphic name
* Changed spelling of Lightstep
Changed spelling of "LightStep" to "Lightstep" due to brand changes.
* Update Lightstep
Update for branding
* Change LightStep to Lightstep and removed bad link
* Change LightStep to Lightstep
* Change LightStep to Lightstep
* Change LightStep to Lightstep
* change LightStep to Lightstep
* remove changes from other langs
* merge changes from istio
* put branding changes back in
* resolve merge conflict
* fix lint issues and add LighStep back into .spelling
* Update content/en/docs/tasks/observability/distributed-tracing/lightstep/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Reverted the actual mirror test script, because mirror test seems to have some subtle failure when running with what seems to be the exact same commands via snips. Will investigate further in followup PR. Merging this one to get the generator changes.
* Add test for Request Timeouts
* Update test to extract snippets
* Apply suggestions from code review
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Fix lint error
* Use code snippets from bookinfo snips
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Remove sleep pods
* remove deprecated $snippet and use use verify func
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Skip test failure
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
The code in step 3 of Perform TLS origination with an egress gateway explains how to create egress Gateway for edition.cnn.com. port 80, so the title of this step should follow it.
Co-authored-by: Koki Tomoshige <36136133+tomocy@users.noreply.github.com>
The pod of tcp-echo which is asked its podIP is in `foo` namespace, so the `kubectl get` should specify the namespace as `foo`.
Co-authored-by: Koki Tomoshige <36136133+tomocy@users.noreply.github.com>
* Retire helm documentation as we use a protobuf
The new rendered source of truth is:
https://preliminary.istio.io/docs/reference/config/istio.operator.v1alpha1/
This is rendered from the API repo protobuf which (may) need description fields
set. That protobuf is here:
https://github.com/istio/api/blob/master/operator/v1alpha1/operator.proto
* Follow the flowchart
The flowchart is not quite right and could use some improvement.
* Update content/en/blog/2019/performance-best-practices/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* User guide tests for DNS certificate management
- Add user guide tests for DNS certificate management
- Remove user guide's dependency on jq
* Use _verify_contains function
* User guide tests and remove manual steps for plugging in CA cert
- Add user guide tests for plugging in CA cert
- Remove the manual steps in the user guide of plugging in CA cert
to make it easier for an user to try the guide.
* Fix SC2046 lint error and the trafficmanagement test errors
* Use standard ports for telemetry exposure
Blocker for https://github.com/istio/istio/issues/22911
* Full update and include HTTPS
* Fix link
* Remove from ports table
* Apply suggestions from code review
Co-Authored-By: Rachael Graham <rachael.graham@ibm.com>
Co-authored-by: Rachael Graham <rachael.graham@ibm.com>
* Update doc test README
* add sh
* tweaks
* formatting
* format
* fix comment
* wording
* convert mtls migration task
* Update tests/README.md
Co-Authored-By: Eric Van Norman <ericvn@us.ibm.com>
* Update tests/README.md
Co-Authored-By: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Refactor Secure Ingress tasks
Ingress SDS is now the default and recommended. This removes the file
mount task, which is no longer recommended and will avoid confusion, and
cleans up the task a bit. I also documented the new supported secret
formats.
* use archive
* Add documentation on Ingress support
Istio has supported Ingress for quite a while, but its not documented.
This explains how to use it and configure it.
Note to docs reviewers: Gateway is Istio's alternative to Kubernetes'
Inrgess object, and we prefer users to use Gateway. However, for reasons
like legacy users, we also support Ingress.
* fix lint
* fix lint
* fix lint
* improvements
.
* Apply suggestions from code review
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* add a tcpdump verification for mtls
* add period
* move to the migration doc.
* lint fixing
* address cmt.
* Apply suggestions from code review
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* remove mixer references from egress tasks and deprecate where needed
* lint fixes
* Update content/en/docs/tasks/traffic-management/egress/egress_sni_monitoring_and_policies/index.md
Co-Authored-By: mandarjog <mandarjog@gmail.com>
* Update content/en/docs/tasks/traffic-management/egress/egress_sni_monitoring_and_policies/index.md
Co-Authored-By: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Francois Pesce <fpesce@google.com>
Co-authored-by: mandarjog <mandarjog@gmail.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Spelling and add a tip to using-istio-dashboard
* Update content/en/docs/tasks/observability/metrics/using-istio-dashboard/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/observability/metrics/using-istio-dashboard/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* authz: add task for IP whitelist/blacklist on ingress gateway
* allow list and deny list
* Small grammar adjustments
* address comments
* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Adam Miller <1402860+adammil2000@users.noreply.github.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* wip: setup observability tasks for v2
Signed-off-by: Douglas Reid <dougreid@google.com>
* continue work
Signed-off-by: Douglas Reid <dougreid@google.com>
* lint fix
Signed-off-by: Douglas Reid <dougreid@google.com>
* remove mixer ref from what-is-istio
Signed-off-by: Douglas Reid <dougreid@google.com>
* further cleanup
Signed-off-by: Douglas Reid <dougreid@google.com>
* lint fix
Signed-off-by: Douglas Reid <dougreid@google.com>
* when will the linting stop?
Signed-off-by: Douglas Reid <dougreid@google.com>
* Update content/en/docs/tasks/observability/mixer/_index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* rewrite Secure Gateways (SDS) to use openssl for generating certs/keys
additional improvements:
1. Generate and use client certificate/private key for mutual TLS
2. Do not use quotes in YAMLs where not required
* add removing csr files and client.example.com files
* delete the directories with the certificates -> delete the certificates and the keys
* update documentation for TCP traffic shifting: use a dedicated namespace instead of using default [istio-18285]
* fixed lint error in tcp-traffic-shifting/index.md in creating new namespace section (istio#18285)
* fix ordered list numbering to conform to MD029 configured to 'one' (istio.io/istio#18285)
* Improve the MTLS migration task.
* Small fix.
* More improvements.
* Small fix.
* Small fix.
* Small fix.
* Small fix.
* Small fix.
* Lint fix.
* Copy edits
* Apply suggestions from code review
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Adam Miller <1402860+adammil2000@users.noreply.github.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* add "for" in description: ... configure Istio for Kubernetes External Services
* add "in the default namespace" to "create a Kubernetes ExternalName Service"
* mention the Kubernetes DNS format for services
* bugfix: V1/2_POD_IP set error when there are multiple pods labelled version=v1/2
* certificate decode error when decoding from bash pipe by openssl
* revert certificate decode error when decoding from bash pipe by openssl
* remove bin reference to istioctl
as all of our other tasks assume istioctl is on the path already. Having it cause me an alert on my mac:
“istioctl” can’t be opened because Apple cannot check it for malicious software.
* fix istioctl path
* update the cmd to retrieve token correctly
* update to remove empty char only
* remove tab also
* Update content/en/docs/tasks/security/authentication/authn-policy/index.md
Co-Authored-By: Eric Van Norman <ericvn@us.ibm.com>
* Set Kiali username and password on separate prompt
* Fix linting errors
* Revert zsh prompt to single copiable box
* Fix review comment suggestions
* Remove spacing
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
As with version v1.4.0, Experimental multi-cluster setup has been added to istioctl
The following command also provides istio-multicluster-destinationrule and host information
kubectl get destinationrule --all-namespaces
Frank Budinsky