* remove bin reference to istioctl
as all of our other tasks assume istioctl is on the path already. Having it cause me an alert on my mac:
“istioctl” can’t be opened because Apple cannot check it for malicious software.
* fix istioctl path
These fix problems encountered when switching to the new Hugo which has
a completely different markdown engine. I went through diffs of the generated
HTML and made required adjustments.
- We don't need cookies for istio.io, the few settings we do have should be
managed with browser-local storage instead. This is a better privacy posture,
and avoids sending needless data to the server for every request.
* update istioctl download instruction
```
$ curl -L https://istio.io/downloadIstioctl | ISTIO_VERSION=1.4.0 sh -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 101 100 101 0 0 261 0 --:--:-- --:--:-- --:--:-- 260
100 2339 100 2339 0 0 4524 0 --:--:-- --:--:-- --:--:-- 4524
Downloading istioctl-1.4.0-osx.tar.gz from https://github.com/istio/istio/releases/download/1.4.0/istioctl-1.4.0-osx.tar.gz ...
istioctl-1.4.0-osx.tar.gz download complete!
Add the istioctl to your path with:
export PATH=$PATH:$HOME/.istioctl/bin
Begin the Istio pre-installation verification check by running:
istioctl verify-install
Need more information? Visit https://istio.io/docs/reference/commands/istioctl/
```
* Update content/en/docs/ops/diagnostic-tools/istioctl/index.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* Added the Best Practices section with general principles.
This is the beginning of the new Best Practices section.
Our goal is to provide a section for all the best practices and recommendations
for Istio deployments. The best practices are based on the identified and
recommended deployment models.
Signed-off-by: rcaballeromx <grca@google.com>
* Change headings for clarity.
Adds clarity to some passages based on feedback.
Removes a list of recommendations that was causing some confusion.
Adds a glossary entry for failure domains and how they relate to a
platform's availability zones.
Signed-off-by: rcaballeromx <grca@google.com>
* Move Best Practices to Ops Guide
Signed-off-by: rcaballeromx <grca@google.com>
* Moved Deployment Best Practices to a new "Prepare Your Deployment" section.
Moved all deployment preparation content into a new section under "Setup".
For now the content includes the following sections:
- Deployment models
- Deployment best practices
- Pod requirements
Merged the two existing pages containing pod requirements into one single page.
Signed-off-by: rcaballeromx <grca@google.com>
* Replace example with better guidance around namespace tenancy.
Signed-off-by: Rigs Caballero <grca@google.com>
* Add links and language pointing to the Prepare section
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix minor typos and broken links.
Signed-off-by: Rigs Caballero <grca@google.com>
* Move from Setup to Operations
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix broken links
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix rebasing issues.
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix multicluster install link.
Signed-off-by: Rigs Caballero <grca@google.com>
* Added Verify Istio CNI to observability-issues.md
If using the Istio CNI to avoid granting `NET_ADMIN` to pods, the CNI
node pods must be running for metrics to be collected. The helm charts
don't include a PodSecurityPolicy, so the documentation guides users to
a non-working setup if the cluster has PodSecurityPolicy enabled.
* Markup changes to PodSecurityPolicy and NET_ADMIN
* Added backticks to `PodSecurityPolicy`
* Added backticks and link to NET_ADMIN capability requirement
* Removed trailing whitespace on line 39
* Added backticks to `istio-init`
* Use 'istioctl dashboard' instead of port-forward
* bold references to UI elements
* Cleanup dashboards
* Address comments
* Mention control-c, which is easier way to stop dashboard
* Update istioctl analyze ops doc to not recommend using master
* Apply suggestions from code review
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* fix link
* update telemetry v2 to use istio/istio test data
* Update content/en/docs/ops/telemetry/in-proxy-service-telemetry/index.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* Update content/en/docs/ops/telemetry/in-proxy-service-telemetry/index.md
Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
* Improve root transition doc.
* Small fix.
* Small fix.
* Small fix.
* Small fix.
* Update index.md
* Update index.md
* Small fix.
* Small fix.
* Small fix.
- Fix a bunch of heading capitalization.
- Remove words that shouldn't be in the dictionary
and update the text accordingly.
- Added a few @@ sequences to reference content files from text blocks.
- Used a few {{< source_branch_name >}} sequences to refer to the proper
branch in GitHub rather than master.
* migrate Deployment apiVersion from extensions/v1beta1 to apps/v1 to support k8s 1.16
* migrate Deployment, PodSecurityPolicy apiVersion to support k8s 1.16
* Add doc page for 'istioctl analyze'
* Address lint comments
* Fix spelling errors
* Use github_blob in link
* Changes based on PR feedback
* Fix lint issues
* More changes based on PR feedback
* Fix couple typos
* Remove one word
* Shorten title and use bulletted list
* Task describing new experimental 'describe pod' sub-command
* Move document to troubleshooting and address comments
* Restructured so that commands and command responses are in the same text block
* Rewrite the `istioctl describe` task.
This rewrite fixes the style, tone, and language of the content. Additionally,
it adds links to relevant pages and glossary entries. Lastly, it adds and
improves the markup used.
Signed-off-by: rcaballeromx <grca@google.com>
* Add @frankbu's syntax correction for bash block
* Remove usages of curl inside istio-proxy
Distroless builds of Istio do not contain curl, so we should not tell
users to use it. Pilot-agent handles this functionality for us
* Fix lint error
* Remove port name requirement
We now do protocol sniffing.
Note - this is definitely not safe to merge. We still need docs explaining protocol sniffing, and how to select a port type explicitly (required for things other than tcp/http, and more performant if you know its tcp/http). Not sure the path forward for this
* Add protocol selection doc
* Fix lint
* Add FAQ
When policy is set to an unrecognized value, the sidecar injector
defaults to [not injecting the pod, regardless of any other factors](https://github.com/istio/istio/blob/master/pkg/kube/inject/inject.go#L478)
This is different to the behvaior of `policy: disabled`, so the docs
should make that clear.
Signed-off-by: Maximilian Bischoff <maximilian.bischoff@inovex.de>
Ignasi Barrera
Chris Wilson
Lin Sun
chentanjun
Kuat
Johannes Scheuermann
Martin Taillefer
Hongzhi
Frank Budinsky
Venil Noronha
David Ebbo
imgbot[bot]
Istio Automation
Eric Van Norman
Xinnan Wen
mtail
Rigs Caballero
Kevin Kunkel
carolynhu
Ed Snible
Eric Buehl
Jason Parraga
Pengyuan Bian
Yangmin Zhu
Oliver Liu
Neeraj Poddar
John Howard
Jesse Lumme
Naoki Oketani
LisaFC
Greg Taylor
Douglas Reid
Brian Avery
Eric Van Norman
Maximilian Bischoff
Adam Miller