* Clarify wording for openshift installs
* Update content/en/docs/setup/additional-setup/cni/index.md
Co-Authored-By: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Add documentation for adding sidecar injector webhook annotations in 1.4
* Add proper yaml to -f argument
* Don't mix and match set and file options
* Review comments
* Add note that docs are out of date for istio 1.4 and openshift
* Fix linting errors
* Fix linting errors
* Fix code for istioctl 1.4; update comments at end
* Review comments
* Code review comments
* Update content/en/docs/setup/additional-setup/cni/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/setup/additional-setup/cni/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* update multicluster shared control plane docs
* Merged single and multiple network instructions. They are nearly
identically except for specifying the mesh network configuration.
* Removed use of pod IPs for cross-cluster control plane. Added three
options that are more appropriate for production use.
* use `istioctl x create-remote-secret` instead of copy/paste bash
* Updated the master and remote cluster configuration examples to be
declartive instead of imperative. Users can copy/paste the examples,
edit, commit to scm, and apply to the clusters.
* Update content/en/docs/setup/install/multicluster/shared/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/setup/install/multicluster/shared/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/setup/install/multicluster/shared/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* updates
* Update content/en/docs/setup/install/multicluster/shared/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/setup/install/multicluster/shared/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* lint errors
* lint
* Update content/en/docs/setup/install/multicluster/shared/index.md
Co-Authored-By: Lin Sun <linsun@us.ibm.com>
* update networks and add selfSigned
* Apply suggestions from code review
Co-Authored-By: Lin Sun <linsun@us.ibm.com>
* Update content/en/docs/setup/install/multicluster/shared/index.md
Co-Authored-By: Lin Sun <linsun@us.ibm.com>
* fix config and remove option 3
* fix formatting and grammer
* move additional considerations after the sample services
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Lin Sun <linsun@us.ibm.com>
* update operator ref doc
* fix broken link
* Update url to archive link
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Clarifying automatic sidecar injection
Customers are having errors related to missing sidecars much too often, likely due to our confusing name "automatic sidecar injection" and our confusing language implying this is enabled by default. We have to make it more clear that automatic sidecar injection requires someone to turn it on first.
* Typo fix
* Update content/en/docs/setup/additional-setup/sidecar-injection/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/setup/additional-setup/sidecar-injection/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/setup/additional-setup/sidecar-injection/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Removed redundant phrase
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
`istioctl manifest apply --set profile=demo --set cni.enabled=true --set values.cni.cniBinDir=/home/kubernetes/bin` by default put the `istio-cni-node` daemonset in istio-system namespace. The cni pod fails to create.
According to the helm command here 3fc0e65d94/README.md (usage) `istio manifest` should set cni.namespace to kube-system on gke
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
These fix problems encountered when switching to the new Hugo which has
a completely different markdown engine. I went through diffs of the generated
HTML and made required adjustments.
- Move some info to front-matter in the different security bulletins
such that it can be used when building the security bulleting index page.
- Update the security bulletin index page to show affected relesses and
impact score.
- Make it so table headers are vertically centered, which looks a lot nicer
when there are a combination of single-line and multi-line headers in the
same table.
- Add a few checks to correctly hide draft mode documents from sight
in more cases.
- Remove a stale document that's been in draft mode since first being
created in 2017.
- Clean up a bit of text in some release notes.
* Added the Best Practices section with general principles.
This is the beginning of the new Best Practices section.
Our goal is to provide a section for all the best practices and recommendations
for Istio deployments. The best practices are based on the identified and
recommended deployment models.
Signed-off-by: rcaballeromx <grca@google.com>
* Change headings for clarity.
Adds clarity to some passages based on feedback.
Removes a list of recommendations that was causing some confusion.
Adds a glossary entry for failure domains and how they relate to a
platform's availability zones.
Signed-off-by: rcaballeromx <grca@google.com>
* Move Best Practices to Ops Guide
Signed-off-by: rcaballeromx <grca@google.com>
* Moved Deployment Best Practices to a new "Prepare Your Deployment" section.
Moved all deployment preparation content into a new section under "Setup".
For now the content includes the following sections:
- Deployment models
- Deployment best practices
- Pod requirements
Merged the two existing pages containing pod requirements into one single page.
Signed-off-by: rcaballeromx <grca@google.com>
* Replace example with better guidance around namespace tenancy.
Signed-off-by: Rigs Caballero <grca@google.com>
* Add links and language pointing to the Prepare section
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix minor typos and broken links.
Signed-off-by: Rigs Caballero <grca@google.com>
* Move from Setup to Operations
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix broken links
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix rebasing issues.
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix multicluster install link.
Signed-off-by: Rigs Caballero <grca@google.com>
- Improved look of the call to action buttons
- Removed redundant attributions on all news items, those were
leftovers from when the relesse notes were in the blog section.
- Used consistent subtitles and descriptions for all news items.
- Fix a bunch of heading capitalization.
- Remove words that shouldn't be in the dictionary
and update the text accordingly.
- Added a few @@ sequences to reference content files from text blocks.
- Used a few {{< source_branch_name >}} sequences to refer to the proper
branch in GitHub rather than master.
* migrate Deployment apiVersion from extensions/v1beta1 to apps/v1 to support k8s 1.16
* migrate Deployment, PodSecurityPolicy apiVersion to support k8s 1.16
* Update for new istioctl value requirement
* Update Sidecar Injection docs
Part of this is fixing inaccurate information, and part is trying to
simplify it a bit. If I did a bad job simplifying I'll just revert most
of this and send just the essential fixes.
* Fix typos
* Update content/en/docs/setup/additional-setup/sidecar-injection/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Remove port name requirement
We now do protocol sniffing.
Note - this is definitely not safe to merge. We still need docs explaining protocol sniffing, and how to select a port type explicitly (required for things other than tcp/http, and more performant if you know its tcp/http). Not sure the path forward for this
* Add protocol selection doc
* Fix lint
* Add FAQ
* Add Istio Deployment Models concept.
This concept replaces the old multi-cluster concept.
Includes new diagrams that comply with the diagram creation guidelines.
Updates the Chinese content to use a local copy of the previous diagrams.
Fixes all internal links to the previous version of the doc.
Signed-off-by: rcaballeromx <grca@google.com>
* Add glossary entries for needed terms.
The terms involved are:
- Cluster
- Identity
- Trust domain
Signed-off-by: rcaballeromx <grca@google.com>
* Define cluster in a platform agnostic way.
Also adds links between `identity` and `trust domain`.
Signed-off-by: rcaballeromx <grca@google.com>
* Add missing `(` in links.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix links to sections and reduce image sizes.
Signed-off-by: rcaballeromx <grca@google.com>
* Simplify the definition of `trust domain`
Signed-off-by: rcaballeromx <grca@google.com>
* Move old images to the ZH content.
Signed-off-by: rcaballeromx <grca@google.com>
* Add reworked control plane content.
Also addresses the comments left on the PR including those regarding the
diagrams.
Signed-off-by: rcaballeromx <grca@google.com>
* Add fail over example and glossary entries.
This update also reworks the control plane models section to fit the example.
Additional adjustments were made to the diagrams too.
Signed-off-by: rcaballeromx <grca@google.com>
* Move mesh models section.
Also minor fixes and edits.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix glossary entries and links.
Signed-off-by: rcaballeromx <grca@google.com>
Frank Budinsky
Shamsher Ansari
jacob-delgado
Eric Van Norman
Jason Young
Brian Avery
Istio Automation
Romain Lenglet
Jonh Wendell
Xinnan Wen
stewartbutler
Adam Miller
Yuchen Dai
Martin Taillefer
Rigs Caballero
Dirk Jablonski
Neeraj Poddar
John Mazzitelli
Martin Ostrowski
John Howard
Naoki Oketani
Johannes Scheuermann
Lin Sun
Sam Naser
Morven Cao
Romain Lenglet