The --name in helm template was istio-egressgateway. This generated a release name of istio-egressgateway. The one from the helm template was istio. This led to an error when attempting to apply.
* networking -> network connectivity
* single control plane topology -> single control plane topology with VPN connectivity
* a single control plane topology with VPN connectivity -> a single control plane with VPN connectivity topology
* Simplify instructions by using labels selector on the helloworld yaml
* Added missing local context
* Renamed secret and config names for the remote k8s api
* Wrap into a warning section
* local->cluster1 remote->cluster2
* Review comments addressed
* Review comments addressed
* Moved the gateway up to the cluster 1 setup section and make it a generic gateway
* Review comments addressed
* note HTTP-related attributes -> notice the HTTP-related attributes
* related to Istio sidecar -> related to the Istio sidecar
* rewrite the sentence about ports and the installation option
use port 8000 instead of 443, to generate less confusion
* no HTTP service or service entry -> no HTTP service and no service entry
* extend understanding what happened with the third approach
* change section titles
* split the cleanup section into cleanup subsections
* fix links
* must not -> do not need to
* rewrite the sentence about switching to the first approach
* per specific port, gaining -> for specific ports, enabling
* A caveat is that some ports, for example port 80, already have HTTP
services inside Istio by default
* In this approach, similarly to the previous one -> With this approach, like with the previous one
* approaches can be applied -> approaches can be used
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* split long lines
* split long lines
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Revert "Update content/docs/tasks/traffic-management/egress/index.md"
This reverts commit febb76edc9.
* rewrite the sentence about the installation option and add a link to installation options
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* remove duplicate text
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* remove a redundant empty line
* address the reader directly
* Updated to install istio remote using values file
* Few unrelated doc fixes
* Remove zipkin and statsd flags as they are unsupported
* Revert "Few unrelated doc fixes"
This reverts commit 038096d137.
* Few more minor updates
* Switch to port 15443
* Break on-line helm commands
* Trailing space
* Put back some default istio features after verifying mc still works
* Add remote mixer addresses
* Formatting
* Specify container for cleaner output
* Wrong place
* use port 80 with protocol HTTPS for mTLS on egress gateway
* rewrite the instructions about why to apply mutual TLS
* make the protocol of 443 HTTPS
* allow monitor -> allow to monitor
* add a step to confirm that Bookinfo is running without ingress
to verify that the app with Istio runs correctly without ingress,
to separate Istio installation errors from Ingress configuration
errors, to prevent questions like these
https://stackoverflow.com/questions/54307216/istio-proxy-unable-to-connect-to-istio-pilot
* fix the links to the renamed section (confirm the app is accessible...)
- Fix formatting for the Subscribe link on blog pages. That got broken in some refactoring I did a while back.
- Remove a few *NOTE* and _NOTE_ instances and replace with the canonical icons
- Add a link to our community repo in the Getting Involved page.
* add a tab section about mTLS
* remove leftover ";done"
* remove SNI monitoring and policy enforcement section
* add explanation why mTLS between sidecars and egress gateways is needed
* add mTLS enabled/disabled tabs to the egress MongoDB blog post
* remove placeholder SNI in logs
* add forward_downstream_sni and sni_verifier filters for wildcard TLS hosts
* add a required empty line
* make the sentence about enabling mTLS a note
* add inline comment in the yamls regarding the SNI filters
* a couple of filters -> Envoy filters
* rewrite the sentence why the SNI filters are used
* fix "so that policies will be enforced based on the original SNI value"
* prevents a possibility for deceiving Mixer -> prevents Mixer from being deceived
* will not match -> does not match
* make note ('>') one line to make lint happy
* initial version
* split a long line
* rephrase the sentence "Now, you configured..."
* add a requirement that mTLS is enabled
* remove leftover ';done'
* add monitoring and policy enforcement of SNI and source identity
* the logentry -> logentry
* that will allow -> that allows
* replace URL with Wikipedia in English
* clarify the examples in SNI monitoring, blocked vs. allowed
* Extend the introduction to monitoring/policies by source identity
* replace backticks with italics for sleep-us and sleep-canada
* the logentry -> logentry
* the sidecar proxy -> the sidecar proxies
* fix the names of the service accounts in cleanup
* it should be -> it must be
* services -> applications
* add: Access to other Wikipedia sites will be blocked
* inline the command to kill mixer pods
* add clarification about the access to Wikipedia sites from sleep-canada
* fix format of cleanup of monitoring/policies by source
* replace italics with backticks for sleep-us and sleep-canada due to spellchecker
* add a missing empty line
* Revert "inline the command to kill mixer pods"
This reverts commit 780913253d.
* of the source of traffic -> of the traffic source
* allows access -> allows to access
* delete "namely"
* Wikipedia -> the Wikipedia
* An example for configuring and verifying split horizon EDS
* Add period to end of description
* Minor change
* Minor typo
* Comments by Lin Sun addressed
* Addressed @frankbu review comments and cross referenced with the concept doc
* add before-you-begin-egress boilerplate and use it in one case
* move the boilerplate into content
* replace before-you-begin section for egress task/examples
* remove egress related details from the boilerplate
- The width value now defaults to 100%, so it doesn't need to be specified explicitly
in many cases.
- The ratio value can now be computed automatically for PNG and JPG files, so it doesn't need
to be specified explicitly.
Force merge because circleci errors are unrelated.
* which will be used -> which you will use
* note that any pod ... will do -> note that you can use any pod that ...
* add missing "example" word
* Create a shell variable to hold -> Create the `SOURCE_POD` environment variable to store
* remove "if you use the sleep sample"
* For this example -> For the sake of this example only
* by a Kubernetes service -> by the domain name of a Kubernetes service
* showed how you can -> shows how to
* Update content/docs/examples/advanced-gateways/http-proxy/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* cases when you must use -> cases require
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Simplify the sentence about using any pod with curl
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* simplify the sentence about creating SOURCE_POD
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Remove "for the sake of"
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* the pod of the proxy -> the proxy's pod
* TCP (!) -> TCP (not HTTP!)
* rewrite the sentence about Squid and HTTPS proxy
* clarify the automatic sidecar injection for the new namespace
* clarify the sentence about the IP address of the pod
* variable to hold -> variable to store
* clarified the summary after the deployment and testing of HTTPS proxy
* its traffic is controlled by Istio -> Istio controls its traffic
* by a Kubernetes service -> by the domain name of a Kubernetes service
* shows how you to -> shows how to
* remove a leftover from a previous editing
* split a long line
* though -> through
* outside the cluster -> outside of the cluster
* remove redundant whitespace
* rewrite the sentence about starting sleep sample
* HTTP CONNECT -> HTTP Connect
* rewrite the motivation for TCP service entry instead of HTTP
* rewrite another case of passive voice related to using HTTP CONNECT
* In this example -> in this case, hold -> store
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* proxy outside the cluster -> proxy being outside the cluster
* The next step is to -> Next, you must
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* has sidecar injected -> has a sidecar
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* rewrite understanding what happend section to make it as a list
* simplify Understanding what happened section
make it more high level
* remove a trailing whitespace
* rewrite the sentence about creating a namespace without labeling
* combine the sentences about not labeling for sidecar injection
When I tried testing the application with `curl`, I got `000` as response.
For my environment, escaping the braces results in the variable not being expanded.
But because of outputting to `/dev/null`, I didn't see the error message `curl: (6) Could not resolve host: ${GATEWAY_URL}`
I'm using zsh under macOS.
* initial version
* ServiceEntry -> service entry (in text)
* config map -> `ConfigMap`
* fix a link
* task -> example
* through such proxy -> through it
* elaborate what has been done after the proxy is deployed and tested
* split a long line
* explain why there is no need to define service entries for external services accessed through the proxy
* rewrite the sentence about simulating the proxy outside the cluster
* check the log and see your request -> check the log for your request
* HTTP CONNECT method -> the HTTP CONNECT method
* between the application and the proxies -> between the application and the proxy
* add explanation how this example is different from other egress examples
lei-tang
Yossi Mesika
Shriram Rajagopalan
Douglas Reid
Brian Avery
Vishal Yadav
Vadim Eisenberg
Jianfei Hu
Frank Budinsky
Martin Taillefer
Eric Van Norman
Daneyon Hansen
Chunlin Yang
Hendrik Purmann