* sceleton of the post
* add creating and dropping bookinfo user
* use present tense
* add created/drop ratings collection
* add unsetting of MONGODB_HOST and MONGODB_PORT environment variables
* add a step to check that bookinfo user can get ratings
* fix command line bookinfo v2 deployment
* renamed externalMySQLRatings.png -> externalDBRatings.png
* set the ratings to 1 to provide a visual clue
* rewrite the "access the webpage" section
* add "Egress control for TLS" section
* add "Directing TLS Egress traffic through the egress gateway" section
* add the "Enable Egress MongoDB traffic to arbitrary wildcarded domains" section
* replace cat <<EOF | kubectl apply/create -f - with kubectl apply/create -f - <<EOF
* replace mysql with mongodb in the diagram
* add a section about TCP egress control
* add cleanup of egress entry for TCP
* add location: MESH_EXTERNAL to service entries
* if you have mTLS enabled -> if you want to enable mTLS
* add a section regarding TCP traffic through the egress gateway
* restructure the post to be devided into TCP and TLS sections
* removed mentioning Istio installed with Istio 1.0
* fix indentation
* extend the description of TCP egress control
* fix a link
* expand the explanation on the egress gateway, move the setting IP env variable to the common TCP section
* add unsetting MONGODB_IP to the cleanup section
* do not use a list for one entry
* bookinfo-ratings-v2-mysql-external.svg -> bookinfo-ratings-v2-mongodb-external.svg
* MySQL -> MongoDB
* fix the explanation about the DNS resolution of the TCP service entry
* add an explanation about directing TCP egress traffic thru the egress gateway
* remove future tense
* add a sentence about encrypting TCP traffic with mutual TLS
* application pods -> MongoDB clients
* add explanation about TCP egress without mutual TLS
* protocol is on top of -> protocol runs on top of
* add an explanation about the egress control for mongo protocol on TLS
* add a missing dot
* sidecar proxy directs the traffic to the host -> to the gateway
* remove redundant empty line
* add explanation about TLS through the egress gateway
* add explanation about sidecar proxy -> gateway -> mongo db routing
* subsection -> section
* HTTPS -> MongoDB
* add conclusion
* add a sentence about wildcarded domains to the conclusion
* add wildcarded to .spelling
* add 'wildcards' to .spelling
* fix a title (TCP -> TLS)
* remove a redundant empty line
* linting: do not use italics inside links
* fix the date of the blog post
* fix the weight of the blog post
* improve the titles
* controlling external services -> controlling traffic to external services
* to prevent the password being -> to prevent the password from being
* remove redundant comma
* MongoDB -> MongoDB service
* you deploy a version of ratings -> you will deploy a version... in the next subsection
* simplified description of deploying ratings v2
* simplifie TCP egress traffic alternatives description
* rewrite the motivation for egress gateway
* fix an internal link (direct egress traffic thru an egress gateway)
* to provide you -> to provide yourself
* remove redundant web page refresh instruction
* remove redundant 'to'
* remove redundant explanation about mTLS
* port for direct -> port for directing
* Revert "remove redundant web page refresh instruction"
This reverts commit 2c73a26497.
* MongoDB instance -> MongoDB service
* fix additional dead link
* add an expanation about the SNI proxy
* remove instructions for Istio before 1.0.1
* shorten a title
* our -> your
* organization security requirements -> organization's security requirements
* special -> custom, add a sentence about other TCP/TLS protocols
* move the blog post to advanced examples
* rewrite the blog post as example
* fix an internal link
* Revert "rewrite the blog post as example"
This reverts commit 5369927fd4.
* Revert "move the blog post to advanced examples"
This reverts commit 461c9f679a.
* move the "with mTLS section" after "without mTLS", for TCP egress gateway
* remove 'the' from TCP traffic
* update the date of the blog post
* add an explanation about *.com used in the example
* one per each -> one for each
* fix wording of egress traffic configuration for wildcarded domains
* for the cases -> for cases
* fix the wording of leaving multiple MongoDB hosts as an exercise for the reader
* add an explanation about TCP vs. Mongo protocols
* add "sometimes" in "sometimes the IP of the MongoDB host is not stable..."
* through an egress gateway -> from sidecars to the egress gateway
* capable to route -> capable of routing
* This removes the canned credentials in the instructions. So a user can't just copy-n-paste the instructions and always get the same credentials - they have to enter their own username and passphrase.
* remove reference to the helm readme
* use text-bash
* changes as per review
* need the -n option to echo to correctly base64 encode the creds
This adds a new Task under the Traffic Management module for showcasing
Istio's Weighted TCP Routing feature.
Signed-off-by: Venil Noronha <veniln@vmware.com>
* Improve style guide to clarify common issues.
These changes are meant to clarify some common questions I've encountered during
content review. I've also removed the exception for passive voice since there is
no need to obscure the subject of a sentence in documentation. I've also
introduced the concepts of title case and sentence case to align with other
style guides for clarity.
* Edit and clean the multicluster installation.
Performed a major edit to enhance the clarity and accuracy of the content.
The edits include:
* Consistency and quality-of-content improvements including expanding
abbreviations on first use, adding or modifying markup for emphasis, and
adding lists.
* Grammar and spelling fixes including fixing passive voice and missing
articles.
* Content structure improvements to improve the readability and flow of the
content.
* Introduced heading tags to make identifying cross-references easier to
identify and maintain.
Signed-off-by: rcaballeromx <grca@google.com>
* Address typos
Signed-off-by: rcaballeromx <grca@google.com>
* Fix broken links with IDs.
Signed-off-by: rcaballeromx <grca@google.com>
* Implemented tabs for procedural options.
Alongside the tabs implementation, a warning and a note were added based on
comments.
- The release note index page is now rendered as a simple list rather than the normal gallery mode.
- Fix use of toc: front-matter, which should be skip_toc instead.
* add initial sceleton of the wildcard https egress gateway blog post
* fixed the links and bare URLs
* add missing 'the'
* complete the Background section
* add before you begin and cleanup sections
* add initial configuration items and their cleanup
* add SNI with placeholder
* assume Istio with mutual TLS
* use two virtual services for the egress traffic
required due to https://github.com/istio/istio/issues/7361
* add wikipedia subset to the VirtualService
* add a step to check Envoy's statistics
* move the blog post to tasks
* convert blog post to task
fix weight, remove attribution and publish date, replace "blog post" with "task" in text
* change the title of the section for configuring the HTTPS traffic
* route the traffic from the gateway to www.wikipedia.org
* add a motivation for an additional forward proxy
* add instructions for deploying a new egress gateway
* add a config map for Nginx configuration
* escape $ signs in nginx config
* add empty events section to the nginx config
* create nginx config map in istio-system, use nginx.conf key
* add instructions to add nginx container to an egress gateway
* add directing the traffic in egress gateway to localhost
* replace istioctl by kubectl
* add missing apiVersion fields
* unite two virtual services into one
* use ISTIO_MUTUAL instead of MUTUAL
* move wildcard egress task to the advanced egress examples
* fix links and rename task to example
* run the SNI proxy on port 8443
* use full url of the sni-proxy and port 8443
* use ServiceEntry with static IP endpoint 127.0.0.1 for sni-proxy.local
* drop nginx prefix from sni-proxy items
* add a destination rule to disable mTLS to sni-proxy
* fix the logs of the Istio proxy and the SNI proxy
* remove deleting the SNI proxy
* make the name of the SNI proxy's ServiceEntry name to be sni-proxy
* unite the editing steps of the egress gateway with SNI proxy into one step with substeps
* restructure creating/deleting configuration items for egress gateway with SNI proxy
* clarify the virtual rule for egress gateway with SNI proxy
* add wildcarded to .spelling
https://en.wiktionary.org/wiki/wildcarded
* add "hostnames" to .spelling
* put localhost in backticks
* add 127.0.0.1 and localhost in parentheses
* mTLS -> mutual TLS
* add wikipedia to .spelling
* put *.com and *.org and * in backticks
* remove redundant empty line
* add using helm template configVolumes and additionalContainers
* add an explanation about Nginx
* move creating nginx configuration before creating egressgateway with sni proxy deployment
* add a comment about manual editing of the deployment yaml before Istio 1.1
* add a step for verifying that the sni proxy runs
* Configure Egress Gateway -> Configure an Egress Gateway
* we -> you
* remove double "mutual"
* add semicolon, "and", "also" to a sentence about multiple configuration items
* remove redundant the
* This could not always be the case -> However, this may not...
* IP -> IP address
* split the explanation about the requirement for SNI proxy into two paragraphs
* add a link to Envoy proxy
* IP -> IP address, host -> hosts
* split the motivation for the SNI proxy into one more paragraph
* remove two redundant commas
* requests to -> requests sent to
* request -> requests
* Let's reconfigure -> In this section you will configure
* arbitrary -> arbitrary, not preconfigured
* for that functionality -> to achieve that functionality
* split long lines
* add explanation about the port to listen and port to forward for the SNI proxy
* add an explanation about the Nginx configuration
* fix the name of the config map volume, add a link to Config Map Volume kubernetes description
* sent to, destined to -> destined for
* gateway's proxy -> gateway's Envoy proxy
* the counter for the SNI proxy -> the counter for traffic to the SNI proxy
* replace the cleanup section with a reference to the Egress Gateway's cleanup section
* add setting istio.globalNamespace option
* fix a typo in the name parameter of helm template
* add cpu.targetAverageUtilization to the egressgateway deployment
* remove the part: for Istio before 1.1
* rename the egressgateway proxy to be "istio-proxy"
* add printing mixer log
* in cleanup rename nginx-sni-proxy-config to sni-proxy-config
* split a long line
* add configuration for traffic without mTLS
* set-sni-for-egress-gateway -> egressgateway-for-wikipedia
* use local directory instead of $HOME
* create virtual service together with gateway and destination rule
they are depenedant on mTLS between the sidecar and the egress gateway
* add monitoring and policy subsection
* change connection event from close to open
* Cleanup of the monitoring and policy -> Cleanup of monitoring and policy enforcement
* move wildcard egress gateway into advanced gateways examples
* add missing dot at the end of the example description
* replace cat <<EOF | kubectl apply/create -f - with kubectl apply/create -f - <<EOF
* use -l with kubectl logs for the mixer log
* add egress gateway with SNI proxy diagram
* remove mTLS for TLS
* remove mTLS from the first part (without SNI proxy)
* make the section titles shorter
* fix the links to advanced gateway examples
* remove a redundant empty line
* our requests -> your requests
* send requests -> send requests to
* remove mentioning a destination rule to set destination SNI
* add explanation about SNI monitoring and policies
* Update Task/Enabling rate limits, remove validDuration in dimension that is not in redisquota, Move redisserverurl and connectionpoolsize
* Update Task/Enabling rate limits, remove validDuration in dimension that is not in redisquota, Move redisserverurl and connectionpoolsize
Linus Li