Commit Graph

127 Commits

Author SHA1 Message Date
Martin Taillefer fbd2b162fb
Prune a few things that shouldn't have been in the dictionary. (#3622) 2019-03-11 11:35:52 -07:00
Diem Vu 423085227e Add note to explain authentication mesh policy CRD kind. (#3540)
* Add note for the mesh policy to explain the different with regular (namespace and service) policies

* Address comment
2019-03-07 14:16:32 -08:00
idouba f02b763382 fail with 503 instead of 000 for injected-app (#3157)
* fail with 503 instead of 000 for injected-app

As a bad destination rule is set to disable client side mTLS and receiving side is mTLS enabled. At this point, Running the curl command between sidecar injected Istio services  all requests will fail with a 503 error code as the client side is still using plain-text.
2019-03-06 08:48:20 -08:00
Frank Budinsky 76fc94137e Update istio-demo install instructions (#3520)
* Update istio-demo install instructions

* improve verify step

* fix circleci errors

* typo

* Change title

* Update content/docs/setup/kubernetes/install/kubernetes/index.md

Co-Authored-By: frankbu <frankb@ca.ibm.com>

* Update content/docs/setup/kubernetes/install/kubernetes/index.md

Co-Authored-By: frankbu <frankb@ca.ibm.com>

* Update content/docs/setup/kubernetes/install/kubernetes/index.md

Co-Authored-By: frankbu <frankb@ca.ibm.com>

* Update content/docs/setup/kubernetes/install/kubernetes/index.md

Co-Authored-By: frankbu <frankb@ca.ibm.com>

* Update content/docs/setup/kubernetes/install/kubernetes/index.md

Co-Authored-By: frankbu <frankb@ca.ibm.com>

* Update content/docs/tasks/security/authn-policy/index.md

Co-Authored-By: frankbu <frankb@ca.ibm.com>

* Update content/docs/tasks/security/plugin-ca-cert/index.md

Co-Authored-By: frankbu <frankb@ca.ibm.com>

* Update content/docs/setup/kubernetes/install/kubernetes/index.md

Co-Authored-By: frankbu <frankb@ca.ibm.com>

* Update content/docs/setup/kubernetes/install/kubernetes/index.md

Co-Authored-By: frankbu <frankb@ca.ibm.com>

* Update content/docs/setup/kubernetes/install/kubernetes/index.md

Co-Authored-By: frankbu <frankb@ca.ibm.com>

* spelling
2019-03-05 14:47:20 -08:00
Andra Cismaru a8aaef4afa Fix typo. (#3516)
Fixes istio.io#2981
2019-03-05 11:35:46 -08:00
Oliver Liu e866f13fb7 Update health check task. (#3435)
* Update health check task.

* Apply suggestions from code review

Co-Authored-By: myidpt <yonggangl@google.com>

* Apply suggestions from code review

Co-Authored-By: myidpt <yonggangl@google.com>

* Small fix.

* Small fix.
2019-03-05 10:50:33 -08:00
John Howard 0dabe29b28 Update references to value files (#3412) 2019-03-05 13:47:07 -05:00
Martin Taillefer 36a6514a07 Remove old comment. (#3499) 2019-03-04 16:05:31 -08:00
idouba c5937a1d70 should specify the resource type:destinationrule. (#3159)
should specify the resource type:destinationrule in the delete statement.
2019-03-01 12:19:29 -08:00
Martin Taillefer ad565871d6
Clean up keywords. (#3442) 2019-02-28 17:26:46 -08:00
Rigs Caballero 21c918fbe4 Organize the Kubernetes Installation content. (#3422)
* WIP Add Kubernetes Installation landing page.

This adds the landing page and organizes the content to make it easier to navigate.

Signed-off-by: rcaballeromx <grca@google.com>

* Apply initial feedback on landing page content.

Signed-off-by: rcaballeromx <grca@google.com>

* Rename and move files to enhance navigation.

Added aliases to redirect after filename changes.

Signed-off-by: rcaballeromx <grca@google.com>

* Harmonize all installation guide titles and intros.

Signed-off-by: rcaballeromx <grca@google.com>

* Fix all links affected by the restructure.

Fixed all internal links and added aliases to ensure external redirects.

Signed-off-by: rcaballeromx <grca@google.com>

* Fix paths of images on the ZH content.

Signed-off-by: rcaballeromx <grca@google.com>

* Fix additional links and apply feedback.

Signed-off-by: rcaballeromx <grca@google.com>

* Fix link error introduced by rebase.

Signed-off-by: rcaballeromx <grca@google.com>

* Remove redundant instances of "Istio" in titles.

Signed-off-by: rcaballeromx <grca@google.com>
2019-02-28 14:37:30 -08:00
Martin Taillefer dd0ecdf9ab
Site improvements (#3430)
- Add linter support to detect internal links to aliases. Those are now flagged as
bad links so the source needs to be updated to point to the real destination,
avoiding the user a redirect.

- Fixed occurences of links to aliases.

- Now only load popper.js on pages that use popups in order to improve
load times.
2019-02-28 13:58:54 -08:00
Diem Vu 10415287c8 Update document for `istioctl auth tls-check` command (#3343)
* Update mutual tls deepdive doc to reflect the new authn tls-check behavior

* Also update FAQ

* Correct grammar

* Update content/docs/tasks/security/mutual-tls/index.md

Co-Authored-By: diemtvu <25132401+diemtvu@users.noreply.github.com>

* Address comment

* Also include changes to fix #11825

* Change the example to show default DR to avoid confusion

* Correct change the example to show default DR to avoid confusion

* Update content/docs/tasks/security/mutual-tls/index.md

Co-Authored-By: diemtvu <25132401+diemtvu@users.noreply.github.com>

* Update content/docs/tasks/security/mutual-tls/index.md

Co-Authored-By: diemtvu <25132401+diemtvu@users.noreply.github.com>

* Update namespace for global destination rule

* Update content/docs/tasks/security/mutual-tls/index.md

Co-Authored-By: diemtvu <25132401+diemtvu@users.noreply.github.com>
2019-02-28 13:51:32 -08:00
Tao Li c4b714ec99 Remove unnecessary section to turn on permissive (#3382)
* Remove unnecessary section to turn on permissive

* Delete obsoleted file

* Add alias

* Fix comment
2019-02-26 11:35:30 -08:00
Diem Vu edcedada30 Add instruction to download gen-jwt.py script (#3378)
* Add instruction to download gen-jwt.py script

* Correct code block sequence

* Correct bash syntax

* Fix comment

* Use  {{< github_file >}} markdown
2019-02-26 11:24:30 -08:00
Yangmin Zhu 6168d4f171 Add command for manual sidecar injection (#3362) 2019-02-26 06:57:36 -08:00
Shriram Rajagopalan 2baef16e51 new networking reference docs (#3358) 2019-02-25 17:13:27 -08:00
Tao Li 4030c2503a Fix authn policy doc (#3376) 2019-02-25 13:46:26 -08:00
lei-tang fdec084fea Fix inconsistent namespace in rbac groups document (#3364) 2019-02-23 12:17:36 -08:00
lei-tang 39a370f90d Fix the failure of missing mounted cert secret (#3316) 2019-02-21 07:54:24 -08:00
Vadim Eisenberg f082496963 Fix typos in the authorization task (#3310)
* remove redundant slash

* productpager -> productpage

* remove bind-productpager-viewer from .spelling
2019-02-20 10:00:33 -08:00
Yossi Mesika 52b45b24d9 Fix two doc issues (#3278)
* Correct istio yaml file

* Mixer destination rules are expected to exist
2019-02-18 08:33:25 -08:00
Etai Lev Ran f1f79e6fbe document file names used in external certificate configuration (#3238)
* document file names used in external certificate configuration

* rephrased to clarify based on PR feedabck

* note using different names requires reconfiguration
2019-02-13 09:07:23 -08:00
Martin Taillefer d6b3bfac56
Add support for {{< quote >}} (#3237) 2019-02-12 08:22:28 -08:00
Martin Taillefer b3db41da99
Added more lint rules and fix offenders (#3227)
- Ensure that references to GitHub content use the proper annotations so
we get links to the correct branches.

- Added a check to make sure content is not using blockquotes (instead of
{{< warning >}}, {{< tip >}}, and {{< idea >}}. This check is currently
disabled, pending the Chinese content being updated.

- Fix a few violations of these new checks.
2019-02-11 12:49:47 -08:00
Oliver Liu d25753f93b Improve the SDS doc. (#3139)
* Update the SDS doc.

* Small fix.

* Small fix.

* Small fix.

* Update content/docs/tasks/security/auth-sds/index.md

Co-Authored-By: myidpt <yonggangl@google.com>

* Apply suggestions from code review

Co-Authored-By: myidpt <yonggangl@google.com>

* Small fix according to the comments.
2019-02-11 12:18:23 -08:00
Yangmin Zhu 1126638238 Refactor the authorization task (#3150)
* Refactor the authorization task

- Move the permissive mode to a standalone task
- Rename the group/list claim support to align with other tasks
- Re-order to put the basic HTTP/TCP task first

Signed-off-by: Yangmin Zhu <ymzhu@google.com>

* Fix links.

* resove comments.

* Address comments.
2019-02-05 12:49:22 -08:00
Martin Taillefer dd782b3d12
Improve the looks of warnings, info blobs, and tips. (#3181) 2019-01-31 12:11:53 -08:00
mtail 7277d79299 Fixed typo 2019-01-25 07:18:36 -08:00
Martin Taillefer 1c1242ffc4
Fix spelling and grammar stuff throughtout the site. (#3114) 2019-01-21 09:35:38 -08:00
Martin Taillefer 8a9d5cb92b
Fix a bunch of capitalization and spacing errors. (#3108) 2019-01-19 09:39:24 -08:00
lei-tang 9ca0428b40 Fix a URL (#3105) 2019-01-18 11:48:54 -08:00
lei-tang 8bf8d6611d Add a user guide for Istio Vault CA integration (#3098)
* Add a user guide for Istio Vault CA integration

* Fix lint errors

* Use helm template values to simplify the config

* Address review comments

* Fix the link in a command

* Small fixes
2019-01-17 18:47:49 -08:00
Quanjie Lin 1c967d7124 documentation for enable/use SDS in 1.1 (#3090)
* documentation for SDS in 1.1 release

* lint

* address comments

* address comments

* address comments

* grammer
2019-01-16 16:47:48 -08:00
Joe Searcy 54b0a1499b Update content/docs/tasks/security/mtls-migration/index.md (#3089)
* Reorganized text for easier readability

* Removed trailing whitespace
2019-01-15 05:17:48 -08:00
Quanjie Lin 733d6779a7 update permissive resp code value (#3051) 2019-01-10 13:06:45 -08:00
Hendrik Purmann 3e3ded3bd9 Fix typo in command (#2951) 2018-12-05 06:24:27 -08:00
Tao Li 0e96e6e945 Fix a typo in mTLS tutorial (#2934) 2018-11-30 10:23:26 -08:00
Tiago Moreira Vieira f40d7114b8 remove irrelevant output line from auth policy task (#2926) 2018-11-28 15:35:29 -08:00
Tiago Moreira Vieira d801b54a94 fix issue with dollar sign and curly brackets (#2927) 2018-11-28 15:34:30 -08:00
Limin Wang 583c40ba27 documentation for end-user authencation on ingress-gateway (#2243) (#2904)
* documentation for end-user authencation on ingress-gateway (#2243)

* documentation for end-user authencation on ingress-gateway

* address comments

* address comments

* address comment

* Move end user authentication on Ingress section to securtity.

* Minor text change.

* Revert edit in traffic management doc.

* Remove Ingress example. Replace it with a single sentence.

* Addressed comment.
2018-11-26 10:57:04 -08:00
SataQiu b4712a55c3 fix typo: oppenssl -> openssl (#2913) 2018-11-22 09:39:28 -05:00
Chunlin Yang bf264f1ae6 Delete Service Graph (#2874)
Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com>
2018-11-14 06:59:03 -08:00
Brian Avery 2d2c951563 Fixed authentication example command (#2853) 2018-11-09 11:00:25 -05:00
Quanjie Lin bfe4b926ec add note for authz permissive mode documentation (#2835) 2018-11-05 15:03:33 -08:00
Jonh Wendell 2b861520eb Use port 8000 for httpbin service everywhere (#2461) 2018-11-01 11:56:45 -07:00
Yangmin Zhu 054a7c0ad9 rbac: deprecate RbacConfig with ClusterRbacConfig (#2761) 2018-10-26 11:11:32 -07:00
Martin Taillefer a2026aab5e
Clean up a bunch of loose ends (#2745) 2018-10-05 22:21:56 -07:00
Yangmin Zhu d85999dd98 rbac: add rbac tcp task. (#2588) 2018-10-02 19:51:53 -07:00
lei-tang 0d4035b58b Add a user guide for config group-based authorization and list-typed claims authorization (#2652) 2018-10-01 11:13:26 -07:00