Force merge because of netlify flaky failure.
* Remove Galley Architecture section
Galley no longer exists as a command, and the information documented in this section has not been true since the introduction of IstioD. We should probably look at the information in the Citadel section as well, but I am less certain of that.
* Fix broken section links
Reverted the actual mirror test script, because mirror test seems to have some subtle failure when running with what seems to be the exact same commands via snips. Will investigate further in followup PR. Merging this one to get the generator changes.
Pilot is now a part of istiod, so rename it to istiod as the title of the page the link refers to.
Co-authored-by: Koki Tomoshige <36136133+tomocy@users.noreply.github.com>
* Retire helm documentation as we use a protobuf
The new rendered source of truth is:
https://preliminary.istio.io/docs/reference/config/istio.operator.v1alpha1/
This is rendered from the API repo protobuf which (may) need description fields
set. That protobuf is here:
https://github.com/istio/api/blob/master/operator/v1alpha1/operator.proto
* Follow the flowchart
The flowchart is not quite right and could use some improvement.
* Update content/en/blog/2019/performance-best-practices/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Use standard ports for telemetry exposure
Blocker for https://github.com/istio/istio/issues/22911
* Full update and include HTTPS
* Fix link
* Remove from ports table
* Apply suggestions from code review
Co-Authored-By: Rachael Graham <rachael.graham@ibm.com>
Co-authored-by: Rachael Graham <rachael.graham@ibm.com>
* Fix links for removal of helm installation directory
* Point to archive version of istioctl upgrade instructions
* Add Aporeto to lint ignores for now.
* Add cert-manager integration doc
This starts the new "Integrations" page, which will include many other
integrations in the future. For now, I have added cert-manager
integration. We have an existing doc for this at
https://istio.io/docs/tasks/traffic-management/ingress/ingress-certmgr/
which I think we can remove, but I did not do that in this PR.
Note to the reviewer: this is explicitly not a task, as we do not
control cert-manager. Having an explicit set of steps and verifications
requires an exact working directions, which is maintained as
cert-manager evolves, etc. The goal here was to link out to cert-manager
docs wherever possible, and just document the very minimal amount needed
to actually get things integrated with Istio. As you can see from the
doc this is fairly minimal - for the most part, its just referencing a
secret crated by cert-manager.
* Update content/en/docs/ops/integrations/_index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* disclaimer about auto mtls and remove authn check.
* Update content/en/docs/ops/common-problems/network-issues/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* More base release 1.6 stuff
* Add 1.6.x to spelling
* Fix some broken links with sidecar/tls-check being removed
* Fix links pointing to install/kubernetes/helm/...
* Incorporate #6783 - Fix bug requiring placeholder release notes
* Restore some links to archive
* Fix one remainging link to archive
* Someone still pointing to current release upgrade notes. Remove.
* Update architecture diagram to show istiod.
Signed-off-by: Rigs Caballero <grca@google.com>
* Include the old components within Istiod in the diagram.
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix pilot -> istiod for config validation docs
* Update content/en/docs/ops/common-problems/validation/index.md
Co-Authored-By: Eric Van Norman <ericvn@us.ibm.com>
* Update index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* fix(architecture): remove mixer mentions from architecture doc
Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com>
* remove outdated link
Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com>
* wip: setup observability tasks for v2
Signed-off-by: Douglas Reid <dougreid@google.com>
* continue work
Signed-off-by: Douglas Reid <dougreid@google.com>
* lint fix
Signed-off-by: Douglas Reid <dougreid@google.com>
* remove mixer ref from what-is-istio
Signed-off-by: Douglas Reid <dougreid@google.com>
* further cleanup
Signed-off-by: Douglas Reid <dougreid@google.com>
* lint fix
Signed-off-by: Douglas Reid <dougreid@google.com>
* when will the linting stop?
Signed-off-by: Douglas Reid <dougreid@google.com>
* Update content/en/docs/tasks/observability/mixer/_index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Add note about JWT policies
This will be linked to from the istioctl apply output, which currently
has a warning if 1p jwt tokens are used.
* fix lint
* Document suppression arguments for istioctl analyze
* Use correct syntax/plain rather than bash
* Quote MisplacedAnnotation to avoid spelling error
* Proper spacing between block elements
* Fixed bash snippet rendering problems
Co-authored-by: Adam Miller <1402860+adammil2000@users.noreply.github.com>
* remove bin reference to istioctl
as all of our other tasks assume istioctl is on the path already. Having it cause me an alert on my mac:
“istioctl” can’t be opened because Apple cannot check it for malicious software.
* fix istioctl path
These fix problems encountered when switching to the new Hugo which has
a completely different markdown engine. I went through diffs of the generated
HTML and made required adjustments.
- We don't need cookies for istio.io, the few settings we do have should be
managed with browser-local storage instead. This is a better privacy posture,
and avoids sending needless data to the server for every request.
* update istioctl download instruction
```
$ curl -L https://istio.io/downloadIstioctl | ISTIO_VERSION=1.4.0 sh -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 101 100 101 0 0 261 0 --:--:-- --:--:-- --:--:-- 260
100 2339 100 2339 0 0 4524 0 --:--:-- --:--:-- --:--:-- 4524
Downloading istioctl-1.4.0-osx.tar.gz from https://github.com/istio/istio/releases/download/1.4.0/istioctl-1.4.0-osx.tar.gz ...
istioctl-1.4.0-osx.tar.gz download complete!
Add the istioctl to your path with:
export PATH=$PATH:$HOME/.istioctl/bin
Begin the Istio pre-installation verification check by running:
istioctl verify-install
Need more information? Visit https://istio.io/docs/reference/commands/istioctl/
```
* Update content/en/docs/ops/diagnostic-tools/istioctl/index.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* Added the Best Practices section with general principles.
This is the beginning of the new Best Practices section.
Our goal is to provide a section for all the best practices and recommendations
for Istio deployments. The best practices are based on the identified and
recommended deployment models.
Signed-off-by: rcaballeromx <grca@google.com>
* Change headings for clarity.
Adds clarity to some passages based on feedback.
Removes a list of recommendations that was causing some confusion.
Adds a glossary entry for failure domains and how they relate to a
platform's availability zones.
Signed-off-by: rcaballeromx <grca@google.com>
* Move Best Practices to Ops Guide
Signed-off-by: rcaballeromx <grca@google.com>
* Moved Deployment Best Practices to a new "Prepare Your Deployment" section.
Moved all deployment preparation content into a new section under "Setup".
For now the content includes the following sections:
- Deployment models
- Deployment best practices
- Pod requirements
Merged the two existing pages containing pod requirements into one single page.
Signed-off-by: rcaballeromx <grca@google.com>
* Replace example with better guidance around namespace tenancy.
Signed-off-by: Rigs Caballero <grca@google.com>
* Add links and language pointing to the Prepare section
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix minor typos and broken links.
Signed-off-by: Rigs Caballero <grca@google.com>
* Move from Setup to Operations
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix broken links
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix rebasing issues.
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix multicluster install link.
Signed-off-by: Rigs Caballero <grca@google.com>
* Added Verify Istio CNI to observability-issues.md
If using the Istio CNI to avoid granting `NET_ADMIN` to pods, the CNI
node pods must be running for metrics to be collected. The helm charts
don't include a PodSecurityPolicy, so the documentation guides users to
a non-working setup if the cluster has PodSecurityPolicy enabled.
* Markup changes to PodSecurityPolicy and NET_ADMIN
* Added backticks to `PodSecurityPolicy`
* Added backticks and link to NET_ADMIN capability requirement
* Removed trailing whitespace on line 39
* Added backticks to `istio-init`
* Use 'istioctl dashboard' instead of port-forward
* bold references to UI elements
* Cleanup dashboards
* Address comments
* Mention control-c, which is easier way to stop dashboard
* Update istioctl analyze ops doc to not recommend using master
* Apply suggestions from code review
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* fix link
* update telemetry v2 to use istio/istio test data
* Update content/en/docs/ops/telemetry/in-proxy-service-telemetry/index.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* Update content/en/docs/ops/telemetry/in-proxy-service-telemetry/index.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* Improve root transition doc.
* Small fix.
* Small fix.
* Small fix.
* Small fix.
* Update index.md
* Update index.md
* Small fix.
* Small fix.
* Small fix.
- Fix a bunch of heading capitalization.
- Remove words that shouldn't be in the dictionary
and update the text accordingly.
- Added a few @@ sequences to reference content files from text blocks.
- Used a few {{< source_branch_name >}} sequences to refer to the proper
branch in GitHub rather than master.
* migrate Deployment apiVersion from extensions/v1beta1 to apps/v1 to support k8s 1.16
* migrate Deployment, PodSecurityPolicy apiVersion to support k8s 1.16
* Add doc page for 'istioctl analyze'
* Address lint comments
* Fix spelling errors
* Use github_blob in link
* Changes based on PR feedback
* Fix lint issues
* More changes based on PR feedback
* Fix couple typos
* Remove one word
* Shorten title and use bulletted list
* Task describing new experimental 'describe pod' sub-command
* Move document to troubleshooting and address comments
* Restructured so that commands and command responses are in the same text block
* Rewrite the `istioctl describe` task.
This rewrite fixes the style, tone, and language of the content. Additionally,
it adds links to relevant pages and glossary entries. Lastly, it adds and
improves the markup used.
Signed-off-by: rcaballeromx <grca@google.com>
* Add @frankbu's syntax correction for bash block
* Remove usages of curl inside istio-proxy
Distroless builds of Istio do not contain curl, so we should not tell
users to use it. Pilot-agent handles this functionality for us
* Fix lint error
* Remove port name requirement
We now do protocol sniffing.
Note - this is definitely not safe to merge. We still need docs explaining protocol sniffing, and how to select a port type explicitly (required for things other than tcp/http, and more performant if you know its tcp/http). Not sure the path forward for this
* Add protocol selection doc
* Fix lint
* Add FAQ
When policy is set to an unrecognized value, the sidecar injector
defaults to [not injecting the pod, regardless of any other factors](https://github.com/istio/istio/blob/master/pkg/kube/inject/inject.go#L478)
This is different to the behvaior of `policy: disabled`, so the docs
should make that clear.
Signed-off-by: Maximilian Bischoff <maximilian.bischoff@inovex.de>
Frank Budinsky
Guy Templeton
Adam Miller
Mitch Connors
John Howard
Tariq Ibrahim
James Brook
Istio Automation
Steven Dake
Shamsher Ansari
Eric Van Norman
John Pape
Douglas Reid
Yangmin Zhu
Jianfei Hu
Lin Sun
Romain Lenglet
Bryant Hagadorn
Jonh Wendell
carolynhu
Theofilos Papapanagiotou
Joe Selman
Pengyuan Bian
Ignasi Barrera
Chris Wilson
chentanjun
Kuat
Johannes Scheuermann
Martin Taillefer
Hongzhi
Venil Noronha
David Ebbo
imgbot[bot]
Xinnan Wen
mtail
Rigs Caballero
Kevin Kunkel
carolynhu
Ed Snible
Eric Buehl
Jason Parraga
Oliver Liu
Neeraj Poddar
Jesse Lumme
Naoki Oketani
LisaFC
Greg Taylor
Brian Avery
Eric Van Norman
Maximilian Bischoff