* add a step to confirm that Bookinfo is running without ingress
to verify that the app with Istio runs correctly without ingress,
to separate Istio installation errors from Ingress configuration
errors, to prevent questions like these
https://stackoverflow.com/questions/54307216/istio-proxy-unable-to-connect-to-istio-pilot
* fix the links to the renamed section (confirm the app is accessible...)
* put the instructions to kill the pod after checking that the key/certificate are loaded
* add "if you created the secret, but..." before killing the pod
* the secret <secret name> -> the <secret name> secret
* kill -> delete
* Add new setup instructions about istio-cni
* Fix review nits.
* Add Istio CNI to about/features as an alpha status feature
* Reword intro and installation steps
* Add sidecar injection compatibility info
* fix review comments
* Fix wording nits from sdake
* Fix nits and formatting comments from geeknoid.
* Added general CNI spec link and Istio k8s requirements link.
* Add a user guide for Istio Vault CA integration
* Fix lint errors
* Use helm template values to simplify the config
* Address review comments
* Fix the link in a command
* Small fixes
- Fix formatting for the Subscribe link on blog pages. That got broken in some refactoring I did a while back.
- Remove a few *NOTE* and _NOTE_ instances and replace with the canonical icons
- Add a link to our community repo in the Getting Involved page.
* add a tab section about mTLS
* remove leftover ";done"
* remove SNI monitoring and policy enforcement section
* add explanation why mTLS between sidecars and egress gateways is needed
* add mTLS enabled/disabled tabs to the egress MongoDB blog post
* remove placeholder SNI in logs
* add forward_downstream_sni and sni_verifier filters for wildcard TLS hosts
* add a required empty line
* make the sentence about enabling mTLS a note
* add inline comment in the yamls regarding the SNI filters
* a couple of filters -> Envoy filters
* rewrite the sentence why the SNI filters are used
* fix "so that policies will be enforced based on the original SNI value"
* prevents a possibility for deceiving Mixer -> prevents Mixer from being deceived
* will not match -> does not match
* make note ('>') one line to make lint happy
* initial version
* split a long line
* rephrase the sentence "Now, you configured..."
* add a requirement that mTLS is enabled
* remove leftover ';done'
* add monitoring and policy enforcement of SNI and source identity
* the logentry -> logentry
* that will allow -> that allows
* replace URL with Wikipedia in English
* clarify the examples in SNI monitoring, blocked vs. allowed
* Extend the introduction to monitoring/policies by source identity
* replace backticks with italics for sleep-us and sleep-canada
* the logentry -> logentry
* the sidecar proxy -> the sidecar proxies
* fix the names of the service accounts in cleanup
* it should be -> it must be
* services -> applications
* add: Access to other Wikipedia sites will be blocked
* inline the command to kill mixer pods
* add clarification about the access to Wikipedia sites from sleep-canada
* fix format of cleanup of monitoring/policies by source
* replace italics with backticks for sleep-us and sleep-canada due to spellchecker
* add a missing empty line
* Revert "inline the command to kill mixer pods"
This reverts commit 780913253d.
* of the source of traffic -> of the traffic source
* allows access -> allows to access
* delete "namely"
* Wikipedia -> the Wikipedia
* add a bullet about the privileged mode
* change privileged mode to NET_ADMIN capability
* Rewrite the sentence: it is required for...
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Simplify the sentence about the default service account
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* remove leftover from a previous commit
* remove another leftover from a previous commit
* add a missing whitespace after a dot
* remove capitalization of Service Account and Pod Security Policy
* add a remark about pod security policies being enforced in the cluster
* split the content between spec-requirements and required-pod-capabilities in the operations guide
* Fix the link to required-pod-capabilities
* An example for configuring and verifying split horizon EDS
* Add period to end of description
* Minor change
* Minor typo
* Comments by Lin Sun addressed
* Addressed @frankbu review comments and cross referenced with the concept doc
Eric Van Norman
mtail
Frank Budinsky
Lin Sun
Vadim Eisenberg
banix
Rigs Caballero
Yossi Mesika
Martin Taillefer
Morven Cao
Tim Swanson
lei-tang
Quanjie Lin
Daneyon Hansen
John Mazzitelli
Joe Searcy
Zefool
LisaFC
Lv Jiawei
Jesse Butler
Chunlin Yang
Megan O'Keefe