* add note about istio protocol detection
* fix accidental replace
* fix extra dot in filename
* path fixes
* add note about how to field authz in effect
* fix typos and add a note on the claims
* undo file rename
* Update content/en/docs/ops/common-problems/security-issues/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/ops/common-problems/security-issues/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
This section is no longer correct, since we don't restart Envoy every
45 days, and we no longer recommend creating a separate "istio-citadel"
deployment.
* Fix links for removal of helm installation directory
* Point to archive version of istioctl upgrade instructions
* Add Aporeto to lint ignores for now.
* disclaimer about auto mtls and remove authn check.
* Update content/en/docs/ops/common-problems/network-issues/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* More base release 1.6 stuff
* Add 1.6.x to spelling
* Fix some broken links with sidecar/tls-check being removed
* Fix links pointing to install/kubernetes/helm/...
* Incorporate #6783 - Fix bug requiring placeholder release notes
* Restore some links to archive
* Fix one remainging link to archive
* Someone still pointing to current release upgrade notes. Remove.
* Fix pilot -> istiod for config validation docs
* Update content/en/docs/ops/common-problems/validation/index.md
Co-Authored-By: Eric Van Norman <ericvn@us.ibm.com>
* Update index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
These fix problems encountered when switching to the new Hugo which has
a completely different markdown engine. I went through diffs of the generated
HTML and made required adjustments.
* Added the Best Practices section with general principles.
This is the beginning of the new Best Practices section.
Our goal is to provide a section for all the best practices and recommendations
for Istio deployments. The best practices are based on the identified and
recommended deployment models.
Signed-off-by: rcaballeromx <grca@google.com>
* Change headings for clarity.
Adds clarity to some passages based on feedback.
Removes a list of recommendations that was causing some confusion.
Adds a glossary entry for failure domains and how they relate to a
platform's availability zones.
Signed-off-by: rcaballeromx <grca@google.com>
* Move Best Practices to Ops Guide
Signed-off-by: rcaballeromx <grca@google.com>
* Moved Deployment Best Practices to a new "Prepare Your Deployment" section.
Moved all deployment preparation content into a new section under "Setup".
For now the content includes the following sections:
- Deployment models
- Deployment best practices
- Pod requirements
Merged the two existing pages containing pod requirements into one single page.
Signed-off-by: rcaballeromx <grca@google.com>
* Replace example with better guidance around namespace tenancy.
Signed-off-by: Rigs Caballero <grca@google.com>
* Add links and language pointing to the Prepare section
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix minor typos and broken links.
Signed-off-by: Rigs Caballero <grca@google.com>
* Move from Setup to Operations
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix broken links
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix rebasing issues.
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix multicluster install link.
Signed-off-by: Rigs Caballero <grca@google.com>
* Added Verify Istio CNI to observability-issues.md
If using the Istio CNI to avoid granting `NET_ADMIN` to pods, the CNI
node pods must be running for metrics to be collected. The helm charts
don't include a PodSecurityPolicy, so the documentation guides users to
a non-working setup if the cluster has PodSecurityPolicy enabled.
* Markup changes to PodSecurityPolicy and NET_ADMIN
* Added backticks to `PodSecurityPolicy`
* Added backticks and link to NET_ADMIN capability requirement
* Removed trailing whitespace on line 39
* Added backticks to `istio-init`
* Use 'istioctl dashboard' instead of port-forward
* bold references to UI elements
* Cleanup dashboards
* Address comments
* Mention control-c, which is easier way to stop dashboard
- Fix a bunch of heading capitalization.
- Remove words that shouldn't be in the dictionary
and update the text accordingly.
- Added a few @@ sequences to reference content files from text blocks.
- Used a few {{< source_branch_name >}} sequences to refer to the proper
branch in GitHub rather than master.
John Howard
Frank Budinsky
Upo
Shamsher Ansari
Ed Snible
Justin Pettit
Guy Templeton
Tariq Ibrahim
Eric Van Norman
John Pape
Yangmin Zhu
Jianfei Hu
Istio Automation
Romain Lenglet
Jonh Wendell
Kuat
Martin Taillefer
Hongzhi
Rigs Caballero
Kevin Kunkel
Eric Buehl
Jesse Lumme