* Inform users of bad builds
* move to news
* Move to security
* Fix 1.13.6 notice
* review comments
* review
* Update content/en/news/security/istio-security-2022-006/index.md
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* fix links
Co-authored-by: Jacob Delgado <jacob.delgado@volunteers.acasi.info>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Advanced Helm chart customization doc
As per the WG meeting, it was decided not to allow support for new values in istio helm charts
(unless there is substantial evidence it is needed by a large number of people); instead create an istio.io doc on last mile helm customization
Signed-off-by: Faseela K <faseela.k@est.tech>
* Update references section
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add link to the new document in the main helm install page
Signed-off-by: Faseela K <faseela.k@est.tech>
* incorporate review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix lint error
Signed-off-by: Faseela K <faseela.k@est.tech>
* Incorporate additional review comments
Signed-off-by: Faseela K <faseela.k@est.tech>
* Review comments, and fix deployment name in kustomize patch
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix helm template command
Signed-off-by: Faseela K <faseela.k@est.tech>
* specify namespace in the helm commands
Signed-off-by: Faseela K <faseela.k@est.tech>
* format helm template command output
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix intend
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add minikube in the instructions per Kubernetes environment
I was coming from https://istio.io/latest/docs/examples/bookinfo/ "Follow these instructions to set the INGRESS_HOST and INGRESS_PORT ..." and did not realize I would have to setup the minikube tunnel as explained in the [Getting Started Guide](https://istio.io/latest/docs/setup/getting-started/#determining-the-ingress-ip-and-ports)
For this reason I suggest to add it here as well.
* incorporated reviewers suggestions
* snips and tests for the new code snippet in docu
* ran make snips
* updated test.sh with the new functin names
* also the functions
snip_determining_the_ingress_ip_and_ports_{3,5,6,7,8,9} have changed
but they seem not to be used in test.sh
* followed reviewer suggestion to revert sip numbers
- used the annotation snip_id=none to skip the snippet, see https://github.com/istio/istio.io/blob/master/tests/README.md
- took back the snip renumbering
- checked that generating snips does not bring them back again: make
snips
* used custom name for generated snip
- now using minikube_tunnel as snip_id, resulting in a generated snip id snip_minikube_tunnel
- apparently still the remaining snips get renumbered
- updated test.sh with the 2 changed snip calls
Co-authored-by: Martin Knechtel <martin.knechtel@sap.com>
* SHA-1 signatures will not work with Golang 1.18
Support for SHA-1 signatures is disabled by default in Go 1.18 or newer. When generating the certificates please use OpenSSL on MacOS to make sure the certificates will work with istio.
* Lint fixes
* Lint fix
Co-authored-by: Saverio Proto <saverioproto@microsoft.com>
Co-authored-by: craigbox <craigbox@google.com>
* Update for Wasm contents
* Fix the wrong cleanup code
* Fix the description of `extensibility` folder's description
* Apply suggestions from code review
Co-authored-by: craigbox <craigbox@google.com>
* Update _index.md
* Regenerate snips
* Add old URL path as an alias
* Update content/en/docs/tasks/extensibility/_index.md
* Add description for the wasm pull policy
Signed-off-by: Ingwon Song <igsong@google.com>
* Apply suggestions from code review
Co-authored-by: Douglas Reid <douglas-reid@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: craigbox <craigbox@google.com>
* Applying the comment from @dgn
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: Douglas Reid <douglas-reid@users.noreply.github.com>
* Improve clarity of Egress Gateway docs
Make the step 13 more clear, since it is creating a DestinationRule in the test-egress namespace and not in the default namespace.
* Update content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: craigbox <craigbox@google.com>
* Fix ServiceEntry example in concepts/traffic-management (#11396)
This change replaces the incorrect mTLS egress example with a simpler,
valid example that adjusts the TCP connection timeout.
Page: Documentation / Concepts / Traffic Management
Section: Service entry example
URL: https://istio.io/latest/docs/concepts/traffic-management/#service-entry-example
* Revert apiVersion change in DestinationRule example
Change back to v1alpha3 to be consistent with rest of page
Co-authored-by: John Howard <howardjohn@google.com>
Co-authored-by: John Howard <howardjohn@google.com>
* Update to use the master branch of istio.io/istio for test refs
* go.* changes
* Update test and go.*
* Update to use `master` branch for make targets
* One final go mod tidy
* REmove vm test for now.
* Remove istioctl-analyze test
* Also remove using-istio-dashboard
* add tests to gateway setup
* manually cleanup the minimal istio install
* Add canary upgrade test
* convert rewrite-repo to a helper function
* upgrade helm test
* lint fixes
* left over validatingwebhook from a prior test
* remove boilerplate check
* undo elided pod names
* gen snip
* Remove validatingwebhookconfigurations deletion
* remove webhook configs pending fix in istio
* remove webhook configs pending fix in istio
* revert some changes
* remove temp webhook removals
* remove revision labeled mutating webhooks
* revert revision-tags-middle change
* make gen
* Wildcard egress: remove arbitrary domain section
This doc has been a nuisance for many years. It recommends an extremely
complex and dangerous pattern, relying on deploying nginx, extremely
complex EnvoyFilters enabling unsupported, custom, alpha Envoy c++
filters, and a number of other scary practices. IMO this does not belong
in Istio docs at all, and certainly not in our top level taks.
* Add back single wildcard
* Update content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Remove doc on "Istio DNS Certificate Management"
This document gives harmful advice. This feature was intended to be used
for signing control plane certificates, and actually doesn't work for
other cases (cross namespace or any modern Kubernetes version are
completely broken).
* use archive link
* name trick
* Documentation for egress mTLS origination at sidecar using credentialName in DR
The feature is already merged. So trying to add a documentation for the same.
Signed-off-by: Faseela K <faseela.k@est.tech>
* Remove duplicate code and point to the existing documentation
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add tests for mTLS origination at sidecar
Signed-off-by: Faseela K <faseela.k@est.tech>
Frank Budinsky