* Update authn policy tasks with global policy.
This is cloned from Diem's PR
https://github.com/istio/istio.github.io/pull/1600.
* Add section to use mesh-wide policy to enable mTLS globally.
* Update examples to follow naming restriction.
* Fix linter errors.
* Additional lint fix.
Accordingly with the kubectl help documentation for the logs
command, the container name is a flag and not an argument:
`
Usage:
kubectl logs [-f] [-p] (POD | TYPE/NAME) [-c CONTAINER] [options]
`
The use of an argument instead of a flag is to keep compatible
with legacy systems, but it is not recommended as it can be removed
at any time.
* Minikube 0.28.0 (latest) has deprecated localkube
Fixes: https://github.com/istio/istio/issues/6463
Instead use kubeadm (the default). Also explain how to select
the chosen VM driver. Finally expand the memory from 2gb to 4gb
so that bookinfo can start without an OOM.
* Add note about using a system without LoadBalancer
Some platforms such as minikube do not support LoadBalancers. For
these platforms, document how to install Istio with NodePort rather
than LoadBalancer.
* remove egress TCP task
the example can be implemented by HTTPS Service Entries
* remove a reference to Egress TCP Task in Egress TCP blog
* replace a reference to the Egress TCP task by the Egress TCP blog post
in About -> Feature Status -> Istio features/Traffic management
* add an alias from the removed task to Egress/TCP blog post
* updated attributes
Signed-off-by: Kuat Yessenov <kuat@google.com>
* over zealous linter
Signed-off-by: Kuat Yessenov <kuat@google.com>
* add a note about source name
Signed-off-by: Kuat Yessenov <kuat@google.com>
* typos
Signed-off-by: Kuat Yessenov <kuat@google.com>
* mention that original names will be gone
Signed-off-by: Kuat Yessenov <kuat@google.com>
* Update remote cluster RBAC instructions for kubernetes multicluster setup
Added detailed instructions for creating a service-account with RBAC
role for each remote cluster with the minimum access required for
the istio control plane.
Fixes#1477
* Update for installations with mTLS auth enabled
The docs do not provide reference to installations with mTLS auth enabled. If mTLS auth is enabled and the user goes through the instructions, they will encounter `upstream connect error or disconnect/reset before headers` when the DestinationRule is applied.
istio/issues#375 (comment) helped lead to the resolution.
* add egress-tls-origination task
* add cnn.com, edition.cnn.com an "programmatically" to .spelling
* lint fixes
* remove a page alias
* add What's next section
* HTTP2 -> HTTP in port definition
* put the output of commands as part of the "command" block
* rewrote the cleaning after HTTP ServiceEntry without TLS origination
* clarify the configuration items for TLS origination
* when talking to edition.cnn.com -> when accessing edition.cnn.com
* wild card -> wildcard
* an Service Entry -> a Service Entry
* use curl -s -o /dev/null -D - instead of curl -I
* Perform TLS Origination for Egress Traffic -> TLS Origination for Egress Traffic
Martin Taillefer
mtail
Limin Wang
Kuat
Vadim Eisenberg
Georgios Andrianakis
Jimmy Song
Tiago M. Vieira
Frank Budinsky
Steven Dake
Shriram Rajagopalan
Tao Li
Guang Ya Liu
Bruno
Yossi Mesika
Jason Young
Cesar Botti
imgbot[bot]
Miguel Angel Medina Mondragon
danielmenezesbr
Vincent
Morven Cao
Tim Swanson
Thijs Feryn
Kent Hua
Henrik Carlioth