* Update the SDS doc.
* Small fix.
* Small fix.
* Small fix.
* Update content/docs/tasks/security/auth-sds/index.md
Co-Authored-By: myidpt <yonggangl@google.com>
* Apply suggestions from code review
Co-Authored-By: myidpt <yonggangl@google.com>
* Small fix according to the comments.
* add Install Istio with access to all the external services by default
* fix a typo: copule -> couple
* add a call to cnn
* instal -> install
* replace ; with ,
* add a couple of requests to HTTPS services before changing the config map
to show that they are blocked
* do not delete pilot, it listens to the changes of the config map
* no need to reinstall/update -> no need to update
* add 'Change back to the blocking-by-default policy' section
* perfromed -> performed
* all the services -> all services
* instruct Istio proxy -> instruct the Istio proxy
* no HTTP service exist -> no HTTP service exists
* all the access ... will be blocked -> all accesses ... is blocked
* Unindent the block content
* blocked now -> now blocked
* Revert "add a couple of requests to HTTPS services before changing the config map"
This reverts commit 848171c041.
* Refactor the authorization task
- Move the permissive mode to a standalone task
- Rename the group/list claim support to align with other tasks
- Re-order to put the basic HTTP/TCP task first
Signed-off-by: Yangmin Zhu <ymzhu@google.com>
* Fix links.
* resove comments.
* Address comments.
* put the instructions to kill the pod after checking that the key/certificate are loaded
* add "if you created the secret, but..." before killing the pod
* the secret <secret name> -> the <secret name> secret
* kill -> delete
* Add a user guide for Istio Vault CA integration
* Fix lint errors
* Use helm template values to simplify the config
* Address review comments
* Fix the link in a command
* Small fixes
* Update index.md
In order to better distinguish between the two ways to call external services from an Istio mesh, we should remove the rules about `ServiceEntry`.
* Update index.md
Add a warning icon
* Update index.md
* add before-you-begin-egress boilerplate and use it in one case
* move the boilerplate into content
* replace before-you-begin section for egress task/examples
* remove egress related details from the boilerplate
- The width value now defaults to 100%, so it doesn't need to be specified explicitly
in many cases.
- The ratio value can now be computed automatically for PNG and JPG files, so it doesn't need
to be specified explicitly.
Fixed in the documentation command
- Typo, the `jsonpath` contain extra dot char: `.items[0]..metadata.name` instead of `.items[0].metadata.name`
- The jsonpath without a weapping in quote chars won't work on all the systems and could lead to some errors of type: `no matches found: jsonpath={.items[0].metadata.name}`
* Correct telemetry for prometheus doc
Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com>
* Add galley,polit and policy
Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com>
* update zh doc
Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com>
* Address review comments
Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com>
* mesh to metrics
Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com>
* Add initial doc changes related to tracing provider and support for zipkin backend
* Suggestion for way to incorporate more tracing backends - using text from lightstep PR #2844
* Update based on review comments. Moved lightstep content (from #2844 to subfolder
* Add more zipkin content and images
* Remove jaeger from dt page
* Updates following comments
* Updates to address comments
* documentation for end-user authencation on ingress-gateway (#2243)
* documentation for end-user authencation on ingress-gateway
* address comments
* address comments
* address comment
* Move end user authentication on Ingress section to securtity.
* Minor text change.
* Revert edit in traffic management doc.
* Remove Ingress example. Replace it with a single sentence.
* Addressed comment.
* This removes the canned credentials in the instructions. So a user can't just copy-n-paste the instructions and always get the same credentials - they have to enter their own username and passphrase.
* remove reference to the helm readme
* use text-bash
* changes as per review
* need the -n option to echo to correctly base64 encode the creds
This adds a new Task under the Traffic Management module for showcasing
Istio's Weighted TCP Routing feature.
Signed-off-by: Venil Noronha <veniln@vmware.com>
* Update Task/Enabling rate limits, remove validDuration in dimension that is not in redisquota, Move redisserverurl and connectionpoolsize
* Update Task/Enabling rate limits, remove validDuration in dimension that is not in redisquota, Move redisserverurl and connectionpoolsize
* add Kiali Task to istio.io
add deprecation notice to the SerivceGraph Task
* add some more instructions on getting the Kiali UI to help assist those on environments like minikube
* add cleanup instructions for kiali
* simplify the section to determine kiali url
* use present tense
* more present tense changes
split up the "Send traffic" item into two actions.
* more verb tense changes to get things more into present tense
* updates based on some feedback
* re-write the "determine kiali url" section
* split login step into two steps - visit with browser, then login
* reword some of the steps involving logging in and looking at the initial pages.
* reword the graph type step - use list items, not numbered, for the different types. Adds the new service graph type.
* reword the examine istio config step
* changes to the api section
* some final changes of the api section and the cleanup section
* trivial fix to capitalization
* some small trivial changes
The destination.service attribute is being deprecated in the favor of
destination.service.host. This commit updates the match expression in
the TCP metrics guide to reflect the same.
Signed-off-by: Venil Noronha <veniln@vmware.com>
* Site improvements.
- For SVG images, authors no longer need to specify image ratios
(which is a constant source of errors)
- Move more icons into the new icons.svg file to further reduce
average page load times.
- Rationalize Istio logo file names.
- Improve underlining behavior for sidebar headers and the RSS feed
Subscribe link.
- Made the RSS feed subscribe link open in a new tab.
- Increase the constract ratio for some elements in dark mode
text blocks (namely, YAML field names)
- Reduce the "brightness" of the light bulb icon which helps it
not pop so much in dark mode.
- Optimize the fonts we load and the order we load them in so as to improve page load time and
reduce the initial render time.
* Sadly, embedding SVGs into the HTML results in duplicate element ids, which is invalid HTML :-(
- Use a new approach to managing icons. This has two primary benefits:
- It makes it possible to color the icons such that they look good in the
dark theme. Previously, the icons were rendered in black on dark grey when
using the dark theme.
- The average payload size for our web pages is reduced and we better use the
browser cache.
- The new icon approach makes it possible to remove our dependency on the fontawesome
package, which further slims down our payload requirement
- Refresh our iconography for a slightly lighter look.
- Remove the extra thick left-hand border of text blocks to lighten the
look.
- Added a "NN minutes to read" indication on top of each page. This is
only displayed if the count is > 1 minute.
- Added a calendar icon next to the blog post date.
- Exposed a bunch of strings that were buried in CSS/JS to translation.
- Add the 'keywords:' front-matter fields to the Hugo archetypes.
* Add docker-for-desktop installation note
A default istio helm install under kubernetes running in docker-for-desktop wasn't working because pilot was reserving too much memory. Added documentation to work around this
* Update index.md
* Create index.md
* Update index.md
* Update index.md
* Update index.md
* Rename content/docs/setup/kubernetes/platform-setup/index.md to content/docs/setup/kubernetes/platform-setup/docker-for-desktop/index.md
* Update index.md
* Update index.md
quoted memory allocation, capitalized Kubernetes
* check the logs of all the telemetry pods
* filter log entries
remove entries sent to pilot, telemetry, policy and unknown destinations
* use kubectl logs -l instead of applying kubectl logs on selected pods
* documentation for RBAC policy permissive mode
* update permissive mode sample for global RBAC config
* address comment
* move permissive section to the top
* add more words for expected user experience
* seperate two senarios to use permissive
1. turn on RBAC 0 -> 1
2. add new policy
* rename rbac->authorization, move to concept page
* address comment
* address comment
If mTLS is enabled we need an additional instruction in the
DestinationRule object, otherwise we break traffic to httpbin
service.
While on that, also change the Mirroring task note to be the same.
- Correct the use of OpenGraph annotations. I used the wrong attribute name, so the
annotations were never recognized.
- Added support for Twitter cards to our site, improving the experience of referencing
the site from Twitter posts.
- Added support for the twitter: front matter field for use in blog posts. Specifying this
front-matter entry will show the author's twitter address on the blog post, and will
add a Twitter card entry to the page noting the author's address.
- Renamed the page_icon front matter field to just icon to be consistent with other
entries.
- Made it so the subtitle front matter field can be used anywhere, not just on blog posts.
- Added a lint check to ensure subtitles don't end with a period.
- We now insert an "author" metadata entry whenever the attribution: front matter
field is used.
- Fixes the bug where not all of our files would get the right lastmod
time extracted from GitHub.
- Fixes most of the cases of bad HTML output around the use of {{<text>}}. There's
still a single bad case which I'll report to the Hugo folks.
- Use Hugo's new --minify option to minify HTML instead of having to use the
separate and slow html-minifier program.
- Fix some bad HTML on the landing page.
* generate certificates in httpbin.example.com directory
* add initial section for ingress for multiple hosts
* add a cleanup step for the directories related to certificates
* fix formatting
* add subsection: Redeploy istio-ingressgateway with the new certificates
* rename httpbin-gateway into mygateway
* add redeployment of Gateway for two hosts
* add -o /dev/null -s -w "%{http_code}\n" to the bookinfo's curl
* fix italics in sending a request to bookinfo
* add verify that httpbin.example.com is accessible as previously
* add -v to curl to bookinfo, show certificates printed
* remove -n istio-system from virtualservice bookinfo
* add Host header to curl requests
* put empty lines around the code blocks
* fix spell checker errors
Oliver Liu
Frank Budinsky
Vadim Eisenberg
Yangmin Zhu
Martin Taillefer
Jianfei Hu
mtail
banix
Rigs Caballero
lei-tang
Quanjie Lin
Joe Searcy
buptliuwei
Ram Vennam
Serge Bishyr
Chunlin Yang
l10xbin
Gary Brown
John Mazzitelli
Hendrik Purmann
Tao Li
Tiago Moreira Vieira
Limin Wang
SataQiu
Julian Griggs
Douglas Reid
Venil Noronha
Shriram Rajagopalan
Brian Avery
x15zhang
Jonh Wendell
Jinming Yue
Julien Senon
Kent Hua
Vincent
Dmitri Dolguikh
Steven Dake
sshucker
Matthieu Maquevice
Lin Sun
Bryant Luk
Christoph Held