* telemetry: tracing with telemetry api
* Update content/en/docs/tasks/observability/distributed-tracing/gateway-api/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update content/en/docs/tasks/observability/distributed-tracing/gateway-api/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update content/en/docs/tasks/observability/distributed-tracing/gateway-api/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* change weight
* Update content/en/docs/tasks/observability/distributed-tracing/gateway-api/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* remove paragraph
---------
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Telemetry API: custom metrics
* fix lint
* update
* revert reporting interval
* Update content/en/docs/tasks/observability/metrics/telemetry-api/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update content/en/docs/tasks/observability/metrics/telemetry-api/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update content/en/docs/tasks/observability/metrics/telemetry-api/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update content/en/docs/tasks/observability/metrics/telemetry-api/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
---------
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Specify EXTERNAL_CA env under .Values.pilot.env
Signed-off-by: Faseela K <faseela.k@est.tech>
* make snips
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add docs test for custom CA k8s
Signed-off-by: Faseela K <faseela.k@est.tech>
* wait for secrets to be created
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix tests
Signed-off-by: Faseela K <faseela.k@est.tech>
* address review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
* breakout support status table to yaml file
* use k8s versions from new yaml file, based off previous ver
* same as previous commit but based off idx of yaml obj
* trim whitespace from supported k8s vers shortcode
* make verion lists arrays instead of strings
* update shortcode to read yaml data array
* rename support status shortcode to follow naming convention
* make versions in table use new arrays, update reference to support status table
* make each version in yaml file a string
* update header comment, change ext to *.yml to follow repo convention
* use prelim ternary to select k8s versions
* update supportStatus.yml heading comments
* update supported k8s shortcode to use branch name
* initial commit of python support status updater
* add null representer
* use lambda for quoted representer
* put back master population off idx 1, update comments
* working stdout version complete: use flow style for version list keys
* prepend yaml with header comments, cleanup script
* perform version check, default write errors are more helpful
* add copyright and license info
* linter has some weird tastes
* this is 100% worse but if it makes the linter happy
* call update_support_status.py from within create version
* update version matrix path since script ran from repo root
* use yq for updating the version support matrix instead of PyYAML
* Update test reference to latest istio commit
* make clean g&& go mod tidy
* Use tests/utils to delete sample
* Move some test script to use snippets
* Add _wait
* Remove extraneous source
Before the Deployment was kept as minimal as possible. This is mostly
good, because users can set any Deployment settings and things work.
However, running as non-root is a bit quirky, and very very strongly
recommended, so I think its worth calling out here.
This is one of the #1 sources of confusion we get.
* single network services/endpoints can not have duplicate address
* Update content/en/docs/ops/deployment/deployment-models/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* re-submit pr#10873
* dual-stack blog for Chinese
* sync old file
* remove CLA failed submit log
* fix lint and update dictionary
* fix lint error at Line#18
* fix lint
* fix MD002 and github_tree lint errors
* fix lint errors
* fix lint error
* fixed github tree lint error according to comments
* lint error fixing and update from en blog PR
* remove the empty line
* fix Trailing spaces error
* adjustment for blog
* update with the change for PR#12253
* fix lint
* sync with the English version PR
* update the blog based on the announcement.
* sync with the English version blog
* sync with the Englisth version
* sync with the English version blog for dual stack support
* fix based on comment
* remove unnessary dict and fix lint error
* keep the same format by using the original english version
Remove the text 'Experimental features are purposefully not listed on
this page' from the feature-stages page, as Experimental and Alpha
features _are_ listed on the page.
* [WIP] add doc tests for ambient getting started guide
Signed-off-by: Faseela K <faseela.k@est.tech>
* fix cleanup
Signed-off-by: Faseela K <faseela.k@est.tech>
* fix test
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
* Edits formatting of the long commands to improve readability
* Adds snips by make gen
* Adds back the connection rejected output
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* re-ran make gen to edit the snip
---------
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* wasm: use wasm API for attributegen
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fix links
Signed-off-by: Kuat Yessenov <kuat@google.com>
* cleanup
Signed-off-by: Kuat Yessenov <kuat@google.com>
* typo
Signed-off-by: Kuat Yessenov <kuat@google.com>
---------
Signed-off-by: Kuat Yessenov <kuat@google.com>
`Configure traffic through egress gateway with SNI proxy` section was removed from the docs in the 1.14 release
but that is still mentioned in the setup instructions for the task `Egress using Wildcard Hosts`.
* Fix minor nits on the security tasks page Plugin CA Certificate
Partially fixes: #12695
* Fix minor nits on the security tasks page for certificate management
* Update feature status for Experimental/Alpha
Based off of the feature status in features.yaml, update the
corresponding doc page.
Update navigation_level.html to only flag Experimental and Alpha
features with an asterisk '*', rather than all docs with _any_ status
set.
Add new 'alpha.md' boilerplate, similar to 'experimental.md', with a
link to https://github.com/istio/community/blob/master/FEATURE-LIFECYCLE.md
Add either 'boilerplate alpha' or 'boilerplate experimental' to all
pages which have Alpha or Experimental status set.
Tidy up pages which already had
'boilerplate experimental-feature-warning' and be consistent with
'boilerplate experimental'
Update tasks/observability/distributed-tracing/mesh-and-proxy-config
status from 'Beta/Experimental' to 'Beta', to match what's in
features.yaml (all others only have a single value here)
* Add content/zh/boilerplates/alpha.md
* Update content/en/boilerplates/alpha.md
Suggested change
Co-authored-by: Faseela K <k.faseela@gmail.com>
* Update the zh 'alpha' boilerplate to match
---------
Co-authored-by: Faseela K <k.faseela@gmail.com>
* Update Istio/SPIRE integration demo to use SPIRE Controller
Manager instead of k8s workload registration.
Signed-off-by: jaellio <jaellio@microsoft.com>
* Adds test for automatic workload registration via the SPIRE
controller manager. During cleanup, removes generated istio.yaml
and chaim.pem files. Updates label to
spiffe.io/spire-managed-identity.
Signed-off-by: jaellio <jaellio@microsoft.com>
* Adds missing newline
Signed-off-by: jaellio <jaellio@microsoft.com>
* Fix spelling error
Signed-off-by: jaellio <jaellio@microsoft.com>
* Add missing ns flag on role and rolebinding resource commands
Signed-off-by: jaellio <jaellio@microsoft.com>
* Delete sleep resources and uninstall before SPIRE
Signed-off-by: jaellio <jaellio@microsoft.com>
* Reconfigures demo so istio install is not expected to fail.
Created ClusterSPIFFEID before install istio. Previously install
would fail because the ingress gateway wasn't registered/
Signed-off-by: jaellio <jaellio@microsoft.com>
* Remove references to v1.14 and update required version to 1.14+
Signed-off-by: jaellio <jaellio@microsoft.com>
* Fix lint errors
Signed-off-by: jaellio <jaellio@microsoft.com>
---------
Signed-off-by: jaellio <jaellio@microsoft.com>
* accesslog: work with Telemetry API cluster_name
Add telemetry api example with xds.cluster_name
* removed default namespace install and fixed some linting
* Fix "spelling" error
* Update envoy filter name
* Gloss refs and other small improvemetents in ambient docs
* Update content/en/docs/ops/ambient/architecture/index.md
Co-authored-by: John Howard <howardjohn@google.com>
---------
Co-authored-by: John Howard <howardjohn@google.com>
* Make ambient warning more extreme
* Update content/en/docs/ops/ambient/getting-started/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Co-authored-by: Lin Sun <lin.sun@solo.io>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Reword this to better explain why a gateway on each node is recommended.
Signed-off-by: Benjamin Leggett <benjamin.leggett@solo.io>
* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Signed-off-by: Benjamin Leggett <benjamin.leggett@solo.io>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* ambient: add traffic routing docs
This fills in part of the architecture doc for ambient.
Note this is intentionally low-level. This attempts to mirror
https://istio.io/latest/docs/ops/configuration/traffic-management/traffic-routing/
but for ambient.
* Address Frank's comments
* Update content/en/docs/ops/ambient/architecture/index.md
Co-authored-by: Lin Sun <lin.sun@solo.io>
* Update content/en/docs/ops/ambient/architecture/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Co-authored-by: Lin Sun <lin.sun@solo.io>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* remove explicit istio-injection labeling on ns for ingress-gateway
The gateway deployment already has the annotation "sidecar.istio.io/inject=true"
Signed-off-by: Faseela K <faseela.k@est.tech>
* fix lint
Signed-off-by: Faseela K <faseela.k@est.tech>
* fix lint
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
* doc-global-downstream-max-conn-helm
* Add instructions to set global_downstream_max_connections with Helm
* Fix https://github.com/istio/istio/issues/37443
* Fix linting errors
* Address comments
* Remove global_downstream_max_connections from .spelling and add backticks where missing
* Simplify instructions on how to set global_downstream_max_connections
NisheekaNynan1