* Edit and clean the multicluster installation.
Performed a major edit to enhance the clarity and accuracy of the content.
The edits include:
* Consistency and quality-of-content improvements including expanding
abbreviations on first use, adding or modifying markup for emphasis, and
adding lists.
* Grammar and spelling fixes including fixing passive voice and missing
articles.
* Content structure improvements to improve the readability and flow of the
content.
* Introduced heading tags to make identifying cross-references easier to
identify and maintain.
Signed-off-by: rcaballeromx <grca@google.com>
* Address typos
Signed-off-by: rcaballeromx <grca@google.com>
* Fix broken links with IDs.
Signed-off-by: rcaballeromx <grca@google.com>
* Implemented tabs for procedural options.
Alongside the tabs implementation, a warning and a note were added based on
comments.
- The release note index page is now rendered as a simple list rather than the normal gallery mode.
- Fix use of toc: front-matter, which should be skip_toc instead.
* add initial sceleton of the wildcard https egress gateway blog post
* fixed the links and bare URLs
* add missing 'the'
* complete the Background section
* add before you begin and cleanup sections
* add initial configuration items and their cleanup
* add SNI with placeholder
* assume Istio with mutual TLS
* use two virtual services for the egress traffic
required due to https://github.com/istio/istio/issues/7361
* add wikipedia subset to the VirtualService
* add a step to check Envoy's statistics
* move the blog post to tasks
* convert blog post to task
fix weight, remove attribution and publish date, replace "blog post" with "task" in text
* change the title of the section for configuring the HTTPS traffic
* route the traffic from the gateway to www.wikipedia.org
* add a motivation for an additional forward proxy
* add instructions for deploying a new egress gateway
* add a config map for Nginx configuration
* escape $ signs in nginx config
* add empty events section to the nginx config
* create nginx config map in istio-system, use nginx.conf key
* add instructions to add nginx container to an egress gateway
* add directing the traffic in egress gateway to localhost
* replace istioctl by kubectl
* add missing apiVersion fields
* unite two virtual services into one
* use ISTIO_MUTUAL instead of MUTUAL
* move wildcard egress task to the advanced egress examples
* fix links and rename task to example
* run the SNI proxy on port 8443
* use full url of the sni-proxy and port 8443
* use ServiceEntry with static IP endpoint 127.0.0.1 for sni-proxy.local
* drop nginx prefix from sni-proxy items
* add a destination rule to disable mTLS to sni-proxy
* fix the logs of the Istio proxy and the SNI proxy
* remove deleting the SNI proxy
* make the name of the SNI proxy's ServiceEntry name to be sni-proxy
* unite the editing steps of the egress gateway with SNI proxy into one step with substeps
* restructure creating/deleting configuration items for egress gateway with SNI proxy
* clarify the virtual rule for egress gateway with SNI proxy
* add wildcarded to .spelling
https://en.wiktionary.org/wiki/wildcarded
* add "hostnames" to .spelling
* put localhost in backticks
* add 127.0.0.1 and localhost in parentheses
* mTLS -> mutual TLS
* add wikipedia to .spelling
* put *.com and *.org and * in backticks
* remove redundant empty line
* add using helm template configVolumes and additionalContainers
* add an explanation about Nginx
* move creating nginx configuration before creating egressgateway with sni proxy deployment
* add a comment about manual editing of the deployment yaml before Istio 1.1
* add a step for verifying that the sni proxy runs
* Configure Egress Gateway -> Configure an Egress Gateway
* we -> you
* remove double "mutual"
* add semicolon, "and", "also" to a sentence about multiple configuration items
* remove redundant the
* This could not always be the case -> However, this may not...
* IP -> IP address
* split the explanation about the requirement for SNI proxy into two paragraphs
* add a link to Envoy proxy
* IP -> IP address, host -> hosts
* split the motivation for the SNI proxy into one more paragraph
* remove two redundant commas
* requests to -> requests sent to
* request -> requests
* Let's reconfigure -> In this section you will configure
* arbitrary -> arbitrary, not preconfigured
* for that functionality -> to achieve that functionality
* split long lines
* add explanation about the port to listen and port to forward for the SNI proxy
* add an explanation about the Nginx configuration
* fix the name of the config map volume, add a link to Config Map Volume kubernetes description
* sent to, destined to -> destined for
* gateway's proxy -> gateway's Envoy proxy
* the counter for the SNI proxy -> the counter for traffic to the SNI proxy
* replace the cleanup section with a reference to the Egress Gateway's cleanup section
* add setting istio.globalNamespace option
* fix a typo in the name parameter of helm template
* add cpu.targetAverageUtilization to the egressgateway deployment
* remove the part: for Istio before 1.1
* rename the egressgateway proxy to be "istio-proxy"
* add printing mixer log
* in cleanup rename nginx-sni-proxy-config to sni-proxy-config
* split a long line
* add configuration for traffic without mTLS
* set-sni-for-egress-gateway -> egressgateway-for-wikipedia
* use local directory instead of $HOME
* create virtual service together with gateway and destination rule
they are depenedant on mTLS between the sidecar and the egress gateway
* add monitoring and policy subsection
* change connection event from close to open
* Cleanup of the monitoring and policy -> Cleanup of monitoring and policy enforcement
* move wildcard egress gateway into advanced gateways examples
* add missing dot at the end of the example description
* replace cat <<EOF | kubectl apply/create -f - with kubectl apply/create -f - <<EOF
* use -l with kubectl logs for the mixer log
* add egress gateway with SNI proxy diagram
* remove mTLS for TLS
* remove mTLS from the first part (without SNI proxy)
* make the section titles shorter
* fix the links to advanced gateway examples
* remove a redundant empty line
* our requests -> your requests
* send requests -> send requests to
* remove mentioning a destination rule to set destination SNI
* add explanation about SNI monitoring and policies
* Update Task/Enabling rate limits, remove validDuration in dimension that is not in redisquota, Move redisserverurl and connectionpoolsize
* Update Task/Enabling rate limits, remove validDuration in dimension that is not in redisquota, Move redisserverurl and connectionpoolsize
* Update index.md
More pods and services have been added since this doc has been written.
* Added more verbose information
Added `Option 1` and `Option 3` outputs.
Signed-off-by: JJ Asghar <jja@ibm.com>
* Fixed formatting.
Opps.
Signed-off-by: JJ Asghar <jja@ibm.com>
* Removed the output
Put the command to verify the setup, but removed the output per
rcaballeromx's suggestion.
Signed-off-by: JJ Asghar <jja@ibm.com>
* Fixed per rcaballeromx suggestions.
- reformatted and fixed the wording.
Signed-off-by: JJ Asghar <jja@ibm.com>
* Istio, not ingress.
🤦
Signed-off-by: JJ Asghar <jja@ibm.com>
* Copy paste mess up.
Removed a dangling copy paste.
Signed-off-by: JJ Asghar <jja@ibm.com>
* Grammar, I think.
- fixed the optionally have line.
Signed-off-by: JJ Asghar <jja@ibm.com>
* More Grammar.
🤘
Signed-off-by: JJ Asghar <jja@ibm.com>
Minikube does the right thing (as of 0.28.1 at least) with creating the embedded CA. The extra-config parameters appear to have been necessary previously and were resolved to use the "right" credentials built by Minikube directly. In fact, passing those parameters appears to break current minikube deployments, making it impossible to create new service accounts and resources that rely on them. (like a tiller service account for a helm deployment of Istio...)
I found this bug that referenced this issue: https://github.com/kubernetes/minikube/issues/1647 which is now closed.
* add Kiali Task to istio.io
add deprecation notice to the SerivceGraph Task
* add some more instructions on getting the Kiali UI to help assist those on environments like minikube
* add cleanup instructions for kiali
* simplify the section to determine kiali url
* use present tense
* more present tense changes
split up the "Send traffic" item into two actions.
* more verb tense changes to get things more into present tense
* updates based on some feedback
* re-write the "determine kiali url" section
* split login step into two steps - visit with browser, then login
* reword some of the steps involving logging in and looking at the initial pages.
* reword the graph type step - use list items, not numbered, for the different types. Adds the new service graph type.
* reword the examine istio config step
* changes to the api section
* some final changes of the api section and the cleanup section
* trivial fix to capitalization
* some small trivial changes
It says its in Beta, which I think was accidental.
Given that this area is evolving a lot, demoting it to alpha as it doesn't satisfy the beta conditions (of production usage) as there is no DNS solution/doc, no Istio policy starting with DNS, lack of mixer policies, and scale issues in Pilot.
- Auto-generate tables of template->adapters and adapter->templates
- Make the "Edit this page on GitHub" menu option track the branch correctly instead of always pointing to master.
- Update the reference docs.
The destination.service attribute is being deprecated in the favor of
destination.service.host. This commit updates the match expression in
the TCP metrics guide to reflect the same.
Signed-off-by: Venil Noronha <veniln@vmware.com>
themanifold
Rigs Caballero
xavierbaude
mtail
Quanjie Lin
x15zhang
Jonh Wendell
Frank Budinsky
John Mazzitelli
l10xbin
Lee Calcote
mandarjog
Vadim Eisenberg
Jinming Yue
Yangmin Zhu
Guilherme Baufaker Rêgo
Jason Young
Julien Senon
Pedro Spagiari
JJ Asghar
Robert Starmer
Kent Hua
Vincent
Martin Taillefer
Clement Labbe
Tao Li
Shriram Rajagopalan
Fernando Carletti
Venil Noronha
hackerman