* Add a tip about prefixing with sudo for TCP sample
This adds a note about using sudo while running the TCP Traffic Shifting
sample on certain platforms.
Signed-off-by: Venil Noronha <veniln@vmware.com>
* Switch from a tip to a warning
This updates the help text to a warning.
Signed-off-by: Venil Noronha <veniln@vmware.com>
* First round of mesh expansion doc updates.
* Bash syntax works now, and remove the headline to be consistent.
* fix the spelling.
* SERVICE_NAMESPACE and cleanup.
* Use more SERVICE_NAMESPACE in the cmd.
* Another round of fixing the doc by following exactly what it says.
* add gcloud ssh
* VM instance ip as a step.
* address comments. ns explaining.
* comments fixing and echo to tee.
* update meshexpansion.enabled
* applied my zone, project in scp.
* add istio-sys ns crtn.
* Fix frank suggestion.
* gce instance ip
* Verfied manually: use helm template for CRD.
* Verfied manually: use helm template for CRD.
* for example comma.
* Add tips to disclaim GCE.
* Update content/docs/setup/kubernetes/mesh-expansion/index.md
Co-Authored-By: incfly <jianfeih@google.com>
* Update content/docs/setup/kubernetes/mesh-expansion/index.md
Co-Authored-By: incfly <jianfeih@google.com>
* address taos comments.
* fix the link for cert life config.
* Change to require helm in prerequisite.
* fix lint
* congrats section and cleanup vm model section.
* Apply 23 suggestions to code review from github.
Co-Authored-By: incfly <jianfeih@google.com>
* remove tip section.
* fix trailing spaces lint.
* fix lint.
* remove duplicate sentence.
* remove duplicate the the.
so that users don't need to download istio archive.
confirmed these files exist for me:
```
~/istio-fetch/istio ⌚ 13:55:51
$ ls
Chart.yaml templates values-istio-remote.yaml
README.md values-istio-demo-auth.yaml values-istio-sds-auth.yaml
charts values-istio-demo-common.yaml values.yaml
example-values values-istio-demo.yaml
requirements.yaml values-istio-minimal.yaml
```
* Implement consitent term for installation related flows
Replaced "paths", "instructions", and other similar terms
with the term "flow" to ensure readers from different
Geos are not confused by multiple meanings or idiomatic use.
Signed-off-by: Rigs Caballero <grca@google.com>
* Implement consistent term for installation related flows
Replaced "paths", "instructions", and other similar terms
with the term "flow" to ensure readers from different
Geos are not confused by multiple meanings or idiomatic use.
Signed-off-by: Rigs Caballero <grca@google.com>
* Fix typos and lint issue.
Signed-off-by: Rigs Caballero <grca@google.com>
* Clarify that egress gateway isn't present with Helm
Values.yaml has been updated to disable the egress gateway if the Helm installation option is used. Currently, we don't indicate that egress gateway should not be present if you used Helm.
* Clarify that egress gateway is disabled by default in Helm
* CR comments. Also moved notice up since it covers both services and podsw
* Cleand up wording
* Added links to relevant installer sections for egress gateway
* Added links to appropriate sections
* added blank line
* Paths have changed. Updated link
* Removed section as per code review comments
* add access log task
* change config map to configuration map to prevent spelling errors
* add an empty line between two boilerplates
seems to be required, otherwise a redundant <p> tag is generated
* make the task's title Getting Envoy's Access Logs
* mind escaping -> be sure to escape
* check the log of sleep, httpbin -> check sleep's, httpbin's log
* change -> customize
* to do it, edit -> by editing
* use a separate gateway for bookinfo in the case of multiple hosts
* set the name parameter to be "istio" instead of "istio-ingressgateway"
Since the original istio-ingressgateway was deployed with the name parameter "istio".
Otherwise, the following error will be received:
The Deployment "istio-ingressgateway" is invalid: spec.template.metadata.labels: Invalid value: map[string]string{"chart":"gateways", "heritage":"Tiller", "istio":"ingressgateway", "release":"istio-ingressgateway", "app":"istio-ingressgateway"}: `selector` does not match template `labels`
The problem is that the "release" label contains the name parameter of helm template,
and if this label will not match in the new and the original deployments of istio-ingressgateway,
kubectl apply will fail.
* add ingress troubleshooting section
* it does not arrive to the Istio -> it does not arrive to the ingress gateway
* fix a link
* remove checking the log since access log will be removed in 1.1
* you have no other Kubernetes Ingress resources -> you have no Kubernetes Ingress resources
* fail with 503 instead of 000 for injected-app
As a bad destination rule is set to disable client side mTLS and receiving side is mTLS enabled. At this point, Running the curl command between sidecar injected Istio services all requests will fail with a 503 error code as the client side is still using plain-text.
* use a boilerplate for setting environment variables for kubectl contexts of the two clusters
share the boilerplate for gateway connectivity and for split horizon EDS clusters
* add the boilerplate file
* use the 443 port and host "*.local" for the gateway
* the Gateway -> a gateway, remote services -> services in cluster2
* rewrite instructions for setting the gateway's address
* add unsetting environment variables and removing files to cleanup
* put backticks around `istio` and `ConfigMap`
* add "i.e." before the Kubernetes DNS domain in parenthesis
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* the 443 port -> 443 port
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* add deleting n2-k8s-config in the cleanup
* set --set global.meshNetworks.network2.gateways[0].port to 443
* add unsetting CTX_CLUSTER1
* move unsetting CTX_CLUSTER1 before removing temporary files
for symmetry with CTX_CLUSTER2
* add unsetting CTX_CLUSTER2
* Change the gateway's address and port -> Update the gateway's address and port to reflect...
* wait for the pods to come up by checking their status -> wait for the pods to become ready:
* add output of get pods for cluster1
* do not check the status of the istio-ingressgateway on cluster2
before configuring watching of cluster2 by cluster1
* add waiting for istio-ingressgateway to become ready after setting watching cluster2
* combine printing ingress host and port into one line
With the upgrade of cert-manager to v0.6.2 two new CRDs are being
introduced. The total number of CRDs should now be `58`. Updating
the CRDs installation section of the documentation accordingly.
* WIP Add Kubernetes Installation landing page.
This adds the landing page and organizes the content to make it easier to navigate.
Signed-off-by: rcaballeromx <grca@google.com>
* Apply initial feedback on landing page content.
Signed-off-by: rcaballeromx <grca@google.com>
* Rename and move files to enhance navigation.
Added aliases to redirect after filename changes.
Signed-off-by: rcaballeromx <grca@google.com>
* Harmonize all installation guide titles and intros.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix all links affected by the restructure.
Fixed all internal links and added aliases to ensure external redirects.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix paths of images on the ZH content.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix additional links and apply feedback.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix link error introduced by rebase.
Signed-off-by: rcaballeromx <grca@google.com>
* Remove redundant instances of "Istio" in titles.
Signed-off-by: rcaballeromx <grca@google.com>
- Add linter support to detect internal links to aliases. Those are now flagged as
bad links so the source needs to be updated to point to the real destination,
avoiding the user a redirect.
- Fixed occurences of links to aliases.
- Now only load popper.js on pages that use popups in order to improve
load times.
* Update mutual tls deepdive doc to reflect the new authn tls-check behavior
* Also update FAQ
* Correct grammar
* Update content/docs/tasks/security/mutual-tls/index.md
Co-Authored-By: diemtvu <25132401+diemtvu@users.noreply.github.com>
* Address comment
* Also include changes to fix#11825
* Change the example to show default DR to avoid confusion
* Correct change the example to show default DR to avoid confusion
* Update content/docs/tasks/security/mutual-tls/index.md
Co-Authored-By: diemtvu <25132401+diemtvu@users.noreply.github.com>
* Update content/docs/tasks/security/mutual-tls/index.md
Co-Authored-By: diemtvu <25132401+diemtvu@users.noreply.github.com>
* Update namespace for global destination rule
* Update content/docs/tasks/security/mutual-tls/index.md
Co-Authored-By: diemtvu <25132401+diemtvu@users.noreply.github.com>
* Reference helm install docs rather than duplicating
Multicluster gateway installation docs were out of sync from install docs. This changes them to just directly reference the main install docs to make things more clear.
* Fix syntax
* Kiali jaegerURL should use jaeger-query service.
Prior to change, while using the tracing service on port 90 for the jaegerURL, kiali would never get metrics to compose the service graphs.
Switching jaegerURL to jaeger-query service on port 16686 fixes the issue. After traffic is generated the service graphs are built and visible in kiali.
* Remove clusterIP Query for grafana and jaeger-query services
* Update the IBM Cloud Quick start
- Use a demo profile for lower resources
- Update to mention tested Kubernetes releases
- use helm-service-account-yaml
- updated helm commands for CRDS, etc.
* Review comments
* Rebase to pick up a new commit
* Change tip from previous to following
* Update CRD verification text
* Update CRD verification text
Ram Vennam