* add the second part of the series about secure egress traffic control in Istio (#4196)
* requirements for your system -> requirements for a system for egress traffic control
* add links from part 1 to part 2
* add istio-identity to .spelling
* add gateway and tls as keywords
Co-Authored-By: Rigs Caballero <grca@google.com>
* This is -> Welcome to, a new series -> our new series
Co-Authored-By: Rigs Caballero <grca@google.com>
* an egress traffic control system -> a secure control system for egress traffic
Co-Authored-By: Rigs Caballero <grca@google.com>
* for controlling egress traffic securely ->to securely control the egress traffic, prevents the -> can help you prevent such
Co-Authored-By: Rigs Caballero <grca@google.com>
* Egress traffic control by Istio -> Secure control of egress traffic in Istio
Co-Authored-By: Rigs Caballero <grca@google.com>
* add bullets regarding security measures for Istio control plane
Co-Authored-By: Rigs Caballero <grca@google.com>
* you can securely monitor the traffic and define security policies on it -> you can securely monitor and define security policies for the traffic
Co-Authored-By: Rigs Caballero <grca@google.com>
* Possible attacks and their prevention -> Preventing possible attacks
Co-Authored-By: Rigs Caballero <grca@google.com>
* e.g. -> like, add a comma, split a sentence
Co-Authored-By: Rigs Caballero <grca@google.com>
* the -> said
Co-Authored-By: Rigs Caballero <grca@google.com>
* remove "for TLS traffic"
it is clear that it is TLS Traffic from TLS origination
Co-Authored-By: Rigs Caballero <grca@google.com>
* monitor SNI and the service account of the source pod -> monitor SNI and the service account of the source pod's TLS traffic
Co-Authored-By: Rigs Caballero <grca@google.com>
* L3 firewall -> an L3 firewall, remove parentheses, provided -> should be provided
* The L3 firewall can have -> you can configure the L3 firewall
Co-Authored-By: Rigs Caballero <grca@google.com>
* from pods only -> only allow. Remove "Note that"
Co-Authored-By: Rigs Caballero <grca@google.com>
* move the diagram right after its introduction
* remove parentheses
Co-Authored-By: Rigs Caballero <grca@google.com>
* emphasize the label (A, B)
Co-Authored-By: Rigs Caballero <grca@google.com>
* policy with regard -> policies as they regard
Co-Authored-By: Rigs Caballero <grca@google.com>
* rewrite the sentence about a compromised pod
Co-Authored-By: Rigs Caballero <grca@google.com>
* traffic must be monitored -> traffic is monitored
Co-Authored-By: Rigs Caballero <grca@google.com>
* Note that application A is allowed -> since application A is allowed
Co-Authored-By: Rigs Caballero <grca@google.com>
* rewrite the sentence about monitoring access of the compromised version of the application
Co-Authored-By: Rigs Caballero <grca@google.com>
* split the sentence about detecting suspicious traffic
Co-Authored-By: Rigs Caballero <grca@google.com>
* rewrite the sentence about thwarting the second goal of the attackers
Co-Authored-By: Rigs Caballero <grca@google.com>
* Istio must enforce -> enforces, forbids access of application A -> forbids application A from accessing
Co-Authored-By: Rigs Caballero <grca@google.com>
* Rewrite the sentence "let's see which attacks"
Co-Authored-By: Rigs Caballero <grca@google.com>
* rewrite the sentence "I hope that"
Co-Authored-By: Rigs Caballero <grca@google.com>
* in the next blog post -> in the next part
Co-Authored-By: Rigs Caballero <grca@google.com>
* remove mentioning wildcard domains
* rewrite the "Secure control of egress traffic in Istio" section
* remove a leftover from suggested changes
* as they regard to egress traffic -> for egress traffic
* convert security policies into bullets
* make the labels (A,B) bold
* remove the sentences about thwarting the second goal
* rewrite the paragraph about which goals of the attackers can be thwarted
* remove a leftover from the previous changes
* such attacks -> the attacks
* rewrite the section about preventing the attacks
* secure egress traffic control -> secure control of egress traffic
* sending HTTP traffic -> sending unencrypted HTTP traffic
* define security policies -> enforce security policies
* change the publish date to July 9
* formatting
Co-Authored-By: Rigs Caballero <grca@google.com>
* Kubernetes Network Policies -> Kubernetes network policies
Co-Authored-By: Rigs Caballero <grca@google.com>
* [an example for Kubernetes Network Policies configuration] -> an example of the [Kubernetes Network Policies configuration]
Co-Authored-By: Rigs Caballero <grca@google.com>
* use proper capitalization and punctuation for bullet 1
Co-Authored-By: Rigs Caballero <grca@google.com>
* use proper capitalization and punctuation for bullet 2
Co-Authored-By: Rigs Caballero <grca@google.com>
* use proper capitalization and punctuation for bullet 3
Co-Authored-By: Rigs Caballero <grca@google.com>
* use proper capitalization and punctuation for bullet 4
Co-Authored-By: Rigs Caballero <grca@google.com>
* check -> verify, access the destination, mongo1, access mongo1
Co-Authored-By: Rigs Caballero <grca@google.com>
* You can thwart the third goal -> to stop attackers from
Co-Authored-By: Rigs Caballero <grca@google.com>
* remove mentioning anomaly detection
Co-Authored-By: Rigs Caballero <grca@google.com>
* Provide context instead of "after all"
Co-Authored-By: Rigs Caballero <grca@google.com>
* split a long line
Co-Authored-By: Rigs Caballero <grca@google.com>
* connect two sentences
Co-Authored-By: Rigs Caballero <grca@google.com>
* First -> Next
Co-Authored-By: Rigs Caballero <grca@google.com>
* use - instead of * for bulleted lists
* make the first attacker's goal a bullet
Co-Authored-By: Rigs Caballero <grca@google.com>
* make the first attacker's goal a bullet
the previous commit was related to the third goal
Co-Authored-By: Rigs Caballero <grca@google.com>
* make the second attacker's goal a bullet
Co-Authored-By: Rigs Caballero <grca@google.com>
* fix indentation
Co-Authored-By: Rigs Caballero <grca@google.com>
* make the reference to prevention of the first goal a bullet
Co-Authored-By: Rigs Caballero <grca@google.com>
* make the reference to prevention of the second goal a bullet
Co-Authored-By: Rigs Caballero <grca@google.com>
* rephrase the sentence about applying additional security measures
Co-Authored-By: Rigs Caballero <grca@google.com>
* remove leftover from a previous change
Co-Authored-By: Rigs Caballero <grca@google.com>
* that will enforce -> to enforce
Co-Authored-By: Rigs Caballero <grca@google.com>
* split long lines
* rewrite the part about increasing security of the control plane pods
* fix indentation
* fix indentation and remove a leftover from a previous change
* extend the bold font from a single word to a phrase
* rewrite the prevention of the straightforward access and the attacks
* add conclusion after the attacks part
* control planes pods -> control plane pods
* control plane -> Istio control plane
* is able to access it indistinguishable -> is indistinguishable
Co-Authored-By: Rigs Caballero <grca@google.com>
* rewrite the sentence "The choice would mainly depend on"
Co-Authored-By: Rigs Caballero <grca@google.com>
* insure -> ensure
Co-Authored-By: Rigs Caballero <grca@google.com>
* update the publish date to 10-th of July
* adds blog post
* Linter revisions
* Fix links
* Remove link to github file line number
* Provides clarity on Mixer v2
* list authors alphabetically
* Resolve comments
* Typo fix
* Apply suggestions from code review
Co-Authored-By: Rigs Caballero <grca@google.com>
* Linter update
* linter fix
* Update all github permalinks
* Add RBAC link
* list latencies in increasing order
* update name listing
* remove Note next to warning icon
* Clarify no mixer settings
* update summary punctuation
* Add new Traffic management concept.
Wrote a new "Traffic management" concept to include the latest developments.
Organized the content into smaller pages to make it easier to consume. The new
structure improves visibility and each page includes keywords to improve the
"See Also" pieces of suggested content and SEO. The new concept includes
diagrams and examples. Each section starts with the larger picture and then
moves to explain the specifics.
Signed-off-by: rcaballeromx <grca@google.com>
* Improved based on review comments.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix Hugo front matter.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix false positives in links test.
Signed-off-by: rcaballeromx <grca@google.com>
* Remove terms from exceptions file.
Signed-off-by: rcaballeromx <grca@google.com>
* Revert "Add new Traffic management concept."
This reverts commit de9d0e0225.
* Add new Traffic management concept.
Wrote a new "Traffic management" concept to include the latest developments.
Organized the content into smaller pages to make it easier to consume. The new
structure improves visibility and each page includes keywords to improve the
"See Also" pieces of suggested content and SEO. The new concept includes
diagrams and examples. Each section starts with the larger picture and then
moves to explain the specifics.
* Draft 1.0 EOL blog.
* Make it clear that it's an upcoming EOL, not an EOL happening immediately.
* Add period to description.
* fix spelling error.
* Relativize URLs
* The final(?) attempt to please the gods of good documentation.
Moves the content found in examples/advanced-gateways/ to
tasks/traffic-management/edge-traffic and
the content found in examples/multicluster/ to tasks/multicluster/
Fixes all broken links caused by the move and adds aliases to the moved pages.
The changes are applied to both, English and Chinese, websites.
Signed-off-by: rcaballeromx <grca@google.com>
- Remove unnecessary ratio= attributes used with the image shortcode
- Make it so the gloss shortcode doesn't depend on the location of the glossary
within the content tree.
- Make it so the image shortcode understands languages. It will now look in the current
language's content tree, and then callback to the English tree if not found.
- Leverage the above to simplify the Chinese content and remove many absolute references from the
Chinese content to the English content.
- Substantially simplify logic that deals with releases & release notes.
- Make it easier to add a new release to the site. THere are fewer things to
change as the site infra can figure more stuff out on its own.
- Make it so release notes can be added in one language without require them
to be added in the other language.
- Replace the ugly "a new version is available" callout on older release note
pages with a popup that only shows up when you click on the download button.
- Added call-to-action buttons in the 1.1 announcements. We can use the same
buttons in future release announcements.
- Fixed broken large warning icon on the 404 error page.
- Fix oerder of blog posts in the side bar.
- Add support to not expand @@ notations in text blocks and use
it for a text blocks that's currently triggering a build failure
- Fixed broken rendering of some text blocks when syntax coloring
is turned off via the menu.
- We haven't been checking external links for months now due to a script error
when someone added an option that didn't work as expected. I'm fixing a bunch
of resulting broken links. I can't turn on the link checker yet since there are
some bad links in reference docs which I have to address first.
- Add a bunch of links to yaml files in our code examples using the @@ syntax.
* WIP Add Kubernetes Installation landing page.
This adds the landing page and organizes the content to make it easier to navigate.
Signed-off-by: rcaballeromx <grca@google.com>
* Apply initial feedback on landing page content.
Signed-off-by: rcaballeromx <grca@google.com>
* Rename and move files to enhance navigation.
Added aliases to redirect after filename changes.
Signed-off-by: rcaballeromx <grca@google.com>
* Harmonize all installation guide titles and intros.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix all links affected by the restructure.
Fixed all internal links and added aliases to ensure external redirects.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix paths of images on the ZH content.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix additional links and apply feedback.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix link error introduced by rebase.
Signed-off-by: rcaballeromx <grca@google.com>
* Remove redundant instances of "Istio" in titles.
Signed-off-by: rcaballeromx <grca@google.com>
Vadim Eisenberg
Frank Budinsky
Megan O'Keefe
Joshua Blatt
Joshua Blatt
Francois Pesce
Manish CHUGTU
Rigs Caballero
Dan Ciruli
Tao Li
Martin Taillefer
mtail
jnativio
imgbot[bot]