* add ./ to the script to generate certificates
* add a step to verify the subject of the ingress gateway certificate
* add a step to verify the subject of the CA certificate
put the mutual TLS troubleshooting into a separate subsection
* fix the level of the mutual TLS troubleshooting
* remove redundant empty lines
* verify the subject is correct -> verify that the subject is correct
* another case: verify the subject is correct -> verify that the subject is correct
* Consolidate the security concept pages into a single page.
- This updates the security concept material to be on a single page, which matches the
change done last week for the rest of the concept material. This ends up being a less clicky
more directed introduction for newcomers to the platform.
- While I was there, I moved the redundant What is Istio page from our about section and stuck
the content at the top of the What is Istio page in the Concepts section.
- Add <github_file> <github_blob> and <github_tree> to make it simpler to link to the right
place on GitHub.
- Use these new sequences throughout the docs.
- Also, fix bad HTML generated for the TOC in certain cirsumstances.
- Fix extra blank line inserted at the bottom of indented code blocks.
- Remove What's next sections since we now have auto-generated See also sections
- Fix a few incorrectly capitalized headers, "istio", "kubernetes", "sidecar"
* remove egress TCP task
the example can be implemented by HTTPS Service Entries
* remove a reference to Egress TCP Task in Egress TCP blog
* replace a reference to the Egress TCP task by the Egress TCP blog post
in About -> Feature Status -> Istio features/Traffic management
* add an alias from the removed task to Egress/TCP blog post
* Update for installations with mTLS auth enabled
The docs do not provide reference to installations with mTLS auth enabled. If mTLS auth is enabled and the user goes through the instructions, they will encounter `upstream connect error or disconnect/reset before headers` when the DestinationRule is applied.
istio/issues#375 (comment) helped lead to the resolution.
* add egress-tls-origination task
* add cnn.com, edition.cnn.com an "programmatically" to .spelling
* lint fixes
* remove a page alias
* add What's next section
* HTTP2 -> HTTP in port definition
* put the output of commands as part of the "command" block
* rewrote the cleaning after HTTP ServiceEntry without TLS origination
* clarify the configuration items for TLS origination
* when talking to edition.cnn.com -> when accessing edition.cnn.com
* wild card -> wildcard
* an Service Entry -> a Service Entry
* use curl -s -o /dev/null -D - instead of curl -I
* Perform TLS Origination for Egress Traffic -> TLS Origination for Egress Traffic
Vadim Eisenberg
Yossi Mesika
Frank Budinsky
Will Witman
Martin Taillefer
Stephen Gilson
mtail
Vincent
Yangmin
Andra Cismaru
Gary Brown
Steven Dake
Arshdeep Singh Chimni
Shriram Rajagopalan
Tao Li
Cesar Botti
Guang Ya Liu
Kent Hua