* remove bin reference to istioctl
as all of our other tasks assume istioctl is on the path already. Having it cause me an alert on my mac:
“istioctl” can’t be opened because Apple cannot check it for malicious software.
* fix istioctl path
These fix problems encountered when switching to the new Hugo which has
a completely different markdown engine. I went through diffs of the generated
HTML and made required adjustments.
- We don't need cookies for istio.io, the few settings we do have should be
managed with browser-local storage instead. This is a better privacy posture,
and avoids sending needless data to the server for every request.
* update istioctl download instruction
```
$ curl -L https://istio.io/downloadIstioctl | ISTIO_VERSION=1.4.0 sh -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 101 100 101 0 0 261 0 --:--:-- --:--:-- --:--:-- 260
100 2339 100 2339 0 0 4524 0 --:--:-- --:--:-- --:--:-- 4524
Downloading istioctl-1.4.0-osx.tar.gz from https://github.com/istio/istio/releases/download/1.4.0/istioctl-1.4.0-osx.tar.gz ...
istioctl-1.4.0-osx.tar.gz download complete!
Add the istioctl to your path with:
export PATH=$PATH:$HOME/.istioctl/bin
Begin the Istio pre-installation verification check by running:
istioctl verify-install
Need more information? Visit https://istio.io/docs/reference/commands/istioctl/
```
* Update content/en/docs/ops/diagnostic-tools/istioctl/index.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* Added the Best Practices section with general principles.
This is the beginning of the new Best Practices section.
Our goal is to provide a section for all the best practices and recommendations
for Istio deployments. The best practices are based on the identified and
recommended deployment models.
Signed-off-by: rcaballeromx <grca@google.com>
* Change headings for clarity.
Adds clarity to some passages based on feedback.
Removes a list of recommendations that was causing some confusion.
Adds a glossary entry for failure domains and how they relate to a
platform's availability zones.
Signed-off-by: rcaballeromx <grca@google.com>
* Move Best Practices to Ops Guide
Signed-off-by: rcaballeromx <grca@google.com>
* Moved Deployment Best Practices to a new "Prepare Your Deployment" section.
Moved all deployment preparation content into a new section under "Setup".
For now the content includes the following sections:
- Deployment models
- Deployment best practices
- Pod requirements
Merged the two existing pages containing pod requirements into one single page.
Signed-off-by: rcaballeromx <grca@google.com>
* Replace example with better guidance around namespace tenancy.
Signed-off-by: Rigs Caballero <grca@google.com>
* Add links and language pointing to the Prepare section
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix minor typos and broken links.
Signed-off-by: Rigs Caballero <grca@google.com>
* Move from Setup to Operations
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix broken links
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix rebasing issues.
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix multicluster install link.
Signed-off-by: Rigs Caballero <grca@google.com>
* Added Verify Istio CNI to observability-issues.md
If using the Istio CNI to avoid granting `NET_ADMIN` to pods, the CNI
node pods must be running for metrics to be collected. The helm charts
don't include a PodSecurityPolicy, so the documentation guides users to
a non-working setup if the cluster has PodSecurityPolicy enabled.
* Markup changes to PodSecurityPolicy and NET_ADMIN
* Added backticks to `PodSecurityPolicy`
* Added backticks and link to NET_ADMIN capability requirement
* Removed trailing whitespace on line 39
* Added backticks to `istio-init`
* Use 'istioctl dashboard' instead of port-forward
* bold references to UI elements
* Cleanup dashboards
* Address comments
* Mention control-c, which is easier way to stop dashboard
* Update istioctl analyze ops doc to not recommend using master
* Apply suggestions from code review
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* fix link
* update telemetry v2 to use istio/istio test data
* Update content/en/docs/ops/telemetry/in-proxy-service-telemetry/index.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* Update content/en/docs/ops/telemetry/in-proxy-service-telemetry/index.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* Improve root transition doc.
* Small fix.
* Small fix.
* Small fix.
* Small fix.
* Update index.md
* Update index.md
* Small fix.
* Small fix.
* Small fix.
- Fix a bunch of heading capitalization.
- Remove words that shouldn't be in the dictionary
and update the text accordingly.
- Added a few @@ sequences to reference content files from text blocks.
- Used a few {{< source_branch_name >}} sequences to refer to the proper
branch in GitHub rather than master.
* migrate Deployment apiVersion from extensions/v1beta1 to apps/v1 to support k8s 1.16
* migrate Deployment, PodSecurityPolicy apiVersion to support k8s 1.16
* Add doc page for 'istioctl analyze'
* Address lint comments
* Fix spelling errors
* Use github_blob in link
* Changes based on PR feedback
* Fix lint issues
* More changes based on PR feedback
* Fix couple typos
* Remove one word
* Shorten title and use bulletted list
* Task describing new experimental 'describe pod' sub-command
* Move document to troubleshooting and address comments
* Restructured so that commands and command responses are in the same text block
* Rewrite the `istioctl describe` task.
This rewrite fixes the style, tone, and language of the content. Additionally,
it adds links to relevant pages and glossary entries. Lastly, it adds and
improves the markup used.
Signed-off-by: rcaballeromx <grca@google.com>
* Add @frankbu's syntax correction for bash block
* Remove usages of curl inside istio-proxy
Distroless builds of Istio do not contain curl, so we should not tell
users to use it. Pilot-agent handles this functionality for us
* Fix lint error
* Remove port name requirement
We now do protocol sniffing.
Note - this is definitely not safe to merge. We still need docs explaining protocol sniffing, and how to select a port type explicitly (required for things other than tcp/http, and more performant if you know its tcp/http). Not sure the path forward for this
* Add protocol selection doc
* Fix lint
* Add FAQ
When policy is set to an unrecognized value, the sidecar injector
defaults to [not injecting the pod, regardless of any other factors](https://github.com/istio/istio/blob/master/pkg/kube/inject/inject.go#L478)
This is different to the behvaior of `policy: disabled`, so the docs
should make that clear.
Signed-off-by: Maximilian Bischoff <maximilian.bischoff@inovex.de>