* add san-validation documentation
Signed-off-by: Faseela K <faseela.k@est.tech>
* Apply suggestions from code review
Co-authored-by: Daniel Hawton <daniel@hawton.org>
* make gen
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
Co-authored-by: Daniel Hawton <daniel@hawton.org>
* Update istio test reference to latest commit and fix tests
* Move back two commits since some didn't have releases built
* Run go mod tidy after make clean
* Try removing metallb
* Don't remove the metallb validatingwebhookconfigurations
* Redo egress-control test to no use istio-state
* Update istio test reference to contain operator fix and revert test change
* Disable jwt-route test temporarily waiting on Envoy fix
* Upadte istio/api
* Replace uninstall
* revert chmod
* Add arbitrary host section to wildcard egress doc
* fix
* updated
* fix lint
* Update content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
---------
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Add docs for ocsp staple support
Signed-off-by: Faseela K <faseela.k@est.tech>
* Update content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* clarify the internal IP ranges for IBM Cloud Kubernetes Service
* Trigger Build
* add example of the command output
* paraphrase the text
* update snips.sh
* Enhance mTLS origination example
Signed-off-by: Faseela K <faseela.k@est.tech>
* rebase
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
`Configure traffic through egress gateway with SNI proxy` section was removed from the docs in the 1.14 release
but that is still mentioned in the setup instructions for the task `Egress using Wildcard Hosts`.
The test waits for vs resource, that is not even created.
Wait on SE and DR is only needed.
Signed-off-by: Faseela K <faseela.k@est.tech>
Signed-off-by: Faseela K <faseela.k@est.tech>
* Improve clarity of Egress Gateway docs
Make the step 13 more clear, since it is creating a DestinationRule in the test-egress namespace and not in the default namespace.
* Update content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: craigbox <craigbox@google.com>
* Wildcard egress: remove arbitrary domain section
This doc has been a nuisance for many years. It recommends an extremely
complex and dangerous pattern, relying on deploying nginx, extremely
complex EnvoyFilters enabling unsupported, custom, alpha Envoy c++
filters, and a number of other scary practices. IMO this does not belong
in Istio docs at all, and certainly not in our top level taks.
* Add back single wildcard
* Update content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Documentation for egress mTLS origination at sidecar using credentialName in DR
The feature is already merged. So trying to add a documentation for the same.
Signed-off-by: Faseela K <faseela.k@est.tech>
* Remove duplicate code and point to the existing documentation
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add tests for mTLS origination at sidecar
Signed-off-by: Faseela K <faseela.k@est.tech>
* Typo fix for GKE
* make gen
Co-authored-by: Noah Nsimbe <37845280+NoahNsimbe@users.noreply.github.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Minor fix in egress mtls example cleanup
The document mentions some resources for cleanup
which are not actually created as part of this exercise.
Signed-off-by: Faseela K <faseela.k@est.tech>
* Adding make gen output files
Signed-off-by: Faseela K <faseela.k@est.tech>
* Remove file mount egress documentation
This is actively leading users down a bad practice. We previously did
the same for Ingress - the results were we got a lot less bugs about
file mount being very hard to use.
As is, users are directed here as the default - only if they happen to
know what "SDS" is (an implementation detail) will they realize the
other doc is better.
* gen snips
* fix test
* Fix inject
* Update istio test ref - fix timeout failures?
* Go back to figure out why ext cp setup is failing (samples not starting)
* Again including #31560
* After 31561
* Past #31410
* test ref sha=688973e58828ffbcff2ccd9eeab41a12527c217a
* test ref 9d5ba69765#31401
* Update test ref to latest istio and change 504/408 for egress test
* Update to get around quay.io outage
* Silence curl command
* Update more files with -sS (adding S to show errors)
* Over-agressive on the -S and causing some tests to fail.
* Remove more curl -S flags
* Update istio/istio ref to latest master
* Move to latest before testing.
* Update release in Makefile
* Fix some tests
* Update to latest isti.io/istio again
* Update to latest istio.io/istio
* Update to latest istio.io/istio
* Update ref to latest master
* Fix instioctl-analyze
* Add back @howardjohn commit I inadvertantly deleted
* Fix lint
* Pick up new stio: fix empty iop read from stdin for operator
* go mod tidy without itermediate go gets
* Update to current stats-filter's
* Needed another 'make gen'
* More go.* changes for changes in ref'd istio/istio
* Update istio to 1.9.0-beta.0
Overview of the changes:
- Adding ability to verify that expected output occurs a number of times consecutively. This is needed for https://github.com/istio/istio.io/pull/8402.
- Moving snapshot checking logic to Go code so that it can be separated out into separate test steps, which are timed and contain their own output directories/files. This makes the code cleaner and also makes the snapshot logic more transparent.
- Updating debug.sh to use newer bash syntax that allows it to dynamically select a free file descriptor. Without this, I was seeing all commands echoed to my console in goland.
* Add warning on egress gw instructions
Documentation is misleading when repeating the steps for multiple
hosts. The example breaks down. Add a warning describing how to
configuration should look like when additional hosts are configured.
* fix typo
* change to tip, make text more compact
* change other warning as well
Frank Budinsky