* Site improvements.
- For SVG images, authors no longer need to specify image ratios
(which is a constant source of errors)
- Move more icons into the new icons.svg file to further reduce
average page load times.
- Rationalize Istio logo file names.
- Improve underlining behavior for sidebar headers and the RSS feed
Subscribe link.
- Made the RSS feed subscribe link open in a new tab.
- Increase the constract ratio for some elements in dark mode
text blocks (namely, YAML field names)
- Reduce the "brightness" of the light bulb icon which helps it
not pop so much in dark mode.
- Optimize the fonts we load and the order we load them in so as to improve page load time and
reduce the initial render time.
* Sadly, embedding SVGs into the HTML results in duplicate element ids, which is invalid HTML :-(
- Use a new approach to managing icons. This has two primary benefits:
- It makes it possible to color the icons such that they look good in the
dark theme. Previously, the icons were rendered in black on dark grey when
using the dark theme.
- The average payload size for our web pages is reduced and we better use the
browser cache.
- The new icon approach makes it possible to remove our dependency on the fontawesome
package, which further slims down our payload requirement
- Refresh our iconography for a slightly lighter look.
- Remove the extra thick left-hand border of text blocks to lighten the
look.
- Added a "NN minutes to read" indication on top of each page. This is
only displayed if the count is > 1 minute.
- Added a calendar icon next to the blog post date.
- Exposed a bunch of strings that were buried in CSS/JS to translation.
- Add the 'keywords:' front-matter fields to the Hugo archetypes.
* Add docker-for-desktop installation note
A default istio helm install under kubernetes running in docker-for-desktop wasn't working because pilot was reserving too much memory. Added documentation to work around this
* Update index.md
* Create index.md
* Update index.md
* Update index.md
* Update index.md
* Rename content/docs/setup/kubernetes/platform-setup/index.md to content/docs/setup/kubernetes/platform-setup/docker-for-desktop/index.md
* Update index.md
* Update index.md
quoted memory allocation, capitalized Kubernetes
* check the logs of all the telemetry pods
* filter log entries
remove entries sent to pilot, telemetry, policy and unknown destinations
* use kubectl logs -l instead of applying kubectl logs on selected pods
* documentation for RBAC policy permissive mode
* update permissive mode sample for global RBAC config
* address comment
* move permissive section to the top
* add more words for expected user experience
* seperate two senarios to use permissive
1. turn on RBAC 0 -> 1
2. add new policy
* rename rbac->authorization, move to concept page
* address comment
* address comment
If mTLS is enabled we need an additional instruction in the
DestinationRule object, otherwise we break traffic to httpbin
service.
While on that, also change the Mirroring task note to be the same.
- Correct the use of OpenGraph annotations. I used the wrong attribute name, so the
annotations were never recognized.
- Added support for Twitter cards to our site, improving the experience of referencing
the site from Twitter posts.
- Added support for the twitter: front matter field for use in blog posts. Specifying this
front-matter entry will show the author's twitter address on the blog post, and will
add a Twitter card entry to the page noting the author's address.
- Renamed the page_icon front matter field to just icon to be consistent with other
entries.
- Made it so the subtitle front matter field can be used anywhere, not just on blog posts.
- Added a lint check to ensure subtitles don't end with a period.
- We now insert an "author" metadata entry whenever the attribution: front matter
field is used.
- Fixes the bug where not all of our files would get the right lastmod
time extracted from GitHub.
- Fixes most of the cases of bad HTML output around the use of {{<text>}}. There's
still a single bad case which I'll report to the Hugo folks.
- Use Hugo's new --minify option to minify HTML instead of having to use the
separate and slow html-minifier program.
- Fix some bad HTML on the landing page.
* generate certificates in httpbin.example.com directory
* add initial section for ingress for multiple hosts
* add a cleanup step for the directories related to certificates
* fix formatting
* add subsection: Redeploy istio-ingressgateway with the new certificates
* rename httpbin-gateway into mygateway
* add redeployment of Gateway for two hosts
* add -o /dev/null -s -w "%{http_code}\n" to the bookinfo's curl
* fix italics in sending a request to bookinfo
* add verify that httpbin.example.com is accessible as previously
* add -v to curl to bookinfo, show certificates printed
* remove -n istio-system from virtualservice bookinfo
* add Host header to curl requests
* put empty lines around the code blocks
* fix spell checker errors
* Prep for 1.0 release
* Fix typo for 1.0 announcement. (#2081)
* Updated kubect link for IBM Cloud Private. (#2083)
* Fix generated tablegen.py (needs backport) (#2084)
Original table was dreadfully wrong.
(cherry picked from commit b3fa64fa41)
* add a VirtualService for external HTTPS ServiceEntry (#2080)
* add a VirtualService for external HTTPS ServiceEntry
* a VirtualService -> the VirtualService
(cherry picked from commit 9e57d4a5b7)
* egress gateway: use subsets for cnn in destination rules and virtual services (#1942)
* use subsets for cnn in destination rules and virtual services
* remove trailing spaces
* separate virtual services for traffic to and from egress gateway
to egress gateway: TLS match
from egress gateway: TCP match
* put back tls match for HTTPS egress for Istio without Auth
combine defining the Gateway and the VirtualServices
* use ISTIO_MUTUAL with sni in destination rules
* update the log message to print HTTP/2 as the protocol
* make two VirtualServices into one
* remove redundant explanation about SNI setting in a destination rule
* use different virtual service matches for Istio with and without SNI
* fix the case of HTTP traffic for Istio without Auth
(cherry picked from commit 81baa2e939)
* Disable Mesh Expansion page.
(cherry picked from commit dc4da48042)
* Blog fix.
* adding juspay (#2092)
* Update homepage and what is istio page (#2085)
- update the two pages
- make the links point to the Chinese document
(cherry picked from commit 993231abeb)
* Chinese: announcing istio 1.0 (#2088)
(cherry picked from commit 5301d4ea13)
* Move advanced egress tasks to examples, Advanced egress traffic control, release 1.0 (#2093)
* add advanced-egress subsection in Examples
* move egress gateway and egress tls origination tasks into advanced examples
* rename task to example and fix the links
* Tweak the HP blog post a tad.
* Another blog tweak.
* Update index.md (#2096)
Removing VM support until it's fixed
(cherry picked from commit c2e529212b)
* Make the site work when it's published to a subdirectory (for the archive) (#2095)
(cherry picked from commit 137e1d13f4)
* Change "Testing mutual TLS" tutorial to "Mutual TLS deep dive" (#1972)
(cherry picked from commit 0662e413f1)
* fix kubectl output (#2100)
fixes https://github.com/istio/istio.github.io/issues/2066
(cherry picked from commit 2a852d1408)
* Another blog tweak.
* Add section to tracing task to cover sampling. (#2097)
* Add section to tracing task to cover sampling.
* Lint fix
* Review comments.
* Review comments.
* Review comments.
* Add documentation for redisquota adapter in rate limiting doc (#2098)
* fix multicluster doc issues. (#2104)
* remove unnecessary gateway spec (#2091)
* Clarify and correct distributed tracing task (#2115)
* Cherry-pick latest changes from master (#2118)
* Translate fix zh links (#2105)
* zh: all linkes without '#' had been replaced
* translate: rewrite links to zh version if it exists.
(cherry picked from commit c4daa73dee)
* Translate Istio 1.0 canary into Chinese (#2110)
(cherry picked from commit 4d6eec754c)
* Fix typo in "Delayering Istio" blog post (#2102)
(cherry picked from commit 6bdb4605f4)
* Minikube settings (#2082)
(cherry picked from commit 9f6ebe9eeb)
* Fix single word in command (#2112)
It returned this:
```
kubectl get svc istio-ingress -n istio-system
Error from server (NotFound): services "istio-ingress" not found
```
Now it works correctly
(cherry picked from commit 2bbe9eef03)
* add initial galley intro to "what is istio" concept page (#2113)
(cherry picked from commit 2db7f5648d)
* make cmd/result match (#2117)
* make cmd/result match
* address comment
* Add Rigs to the English content owners file. (#2119)
(cherry picked from commit bd577696bf)
* Cherry-picks from master (#2122)
* Add Istio security vulnerabilities disclosure and handling page (#2114)
(cherry picked from commit dfee9b8ec0)
* Fix an error in faq page (#2120)
(cherry picked from commit d3c04a5ba7)
* More work to fix use of the site in a subdirectory. (#2123) (#2124)
(cherry picked from commit 5bd9c0f0bd)
* Cherry-pick latest changes from master (#2128)
* Add a couple entries to our prefered vocab list.
(cherry picked from commit 2cbe43aea7)
* Translate attribute-vocabulary (#2101)
* translate attribute-vocabulary
* fix Chinese link
* fix Chinese style & translate table header
(cherry picked from commit 056bf27879)
* fix the virtual-services fault injection error in the YAML (#2109)
fix the virtual-services fault injection error in the YAML
(cherry picked from commit 453012d3ab)
* Add an item to check whether mTLS is enabled for a service (#2062)
(cherry picked from commit 384f6cd8be)
* Chinese content was aliasing English content. (#2126)
Page aliases are intended to redirect users from a page old's location to a new location.
As it was, the Chinese content pages were redirect old English locations to Chinese, which
made Chinese show up on English systems that were using the old links.
(cherry picked from commit c86d357f2e)
* Fix formatting glitch in a few glossary entries.
(cherry picked from commit a6420a4475)
* Cherry pick latest changes from master (#2138)
* Translate into Chinese: docs/examples/multicluster/icp/index.md (#2129)
* Translate into Chinese: docs/examples/multicluster/icp/index.md
* fix link anchor
(cherry picked from commit eca46893fe)
* Add an icon for the security vulnerabilities page (#2132)
(cherry picked from commit 11ce2b3924)
* Fix security concept figure captions etc. (#2087)
(cherry picked from commit f83bb8ada0)
* Translate into Chinese: blog/2018/aws-nlb/index.md (#2130)
(cherry picked from commit 9e77fa4cd0)
* Translate: all keywords in front matters (#2135)
* Translate: all keywords
* fixed typo
* remvoed from terms: vm, config->configuration
(cherry picked from commit 02392ff87e)
* Initial checkin of the setup ops guide. (#2078) (#2139)
(cherry picked from commit 3b529341a1)
* Document DestinationRule mTLS conflict (#2131)
* Document TLS conflict in DRs
* spelling errors
* lint errors
* tweak title
* tweak title
* address review comments
* Cherry-pick latest changes from master (#2143)
* Add twitch livestream blog post (#2140)
This is for the all-day istio livestream on August 17th.
(cherry picked from commit 41d3caa211)
* Make the big boxes on the home page clickable.
(cherry picked from commit 387e54c299)
* Cherry-pick latest changes from master. (#2159)
* Fix broken Mixer Adapter Dev Guide links (#2144)
Signed-off-by: Venil Noronha <veniln@vmware.com>
(cherry picked from commit 5342ab2a80)
* Fix some more stale wiki links. (#2145)
(cherry picked from commit b641486002)
* translate tasks/traffic-management/egress-gateway to Chinese (#2146)
* translate tasks/traffic-management/egress-gateway to Chinese
* 修改内部链接路径
* 去掉空格
* 删除空格
(cherry picked from commit 75baef98ec)
* Improve linting (#2148)
- We now detect text blocks that are incorrectly indented.
- We now detect image captions that end in a period.
- We now detect page descriptions that don't end in a period.
- CircleCi now runs linting without minifying HTML first, improving perf and
improving error output.
- In CircleCi, we now have a per-build cache for HTML proofer output. This
helps reduce the frequency of link timeout errors.
- Fix errors flagged by the above new lint checks.
(cherry picked from commit fd290dc73e)
* translate:setup-kubernetes-requirments (#2147)
(cherry picked from commit 0d98eee9c4)
* Translate into Chinese: blog/2017/0.2-announcement/index.md (#2150)
(cherry picked from commit a34cfc063d)
* Translate into Chinese: content/blog/2018/aws-nlb/index.md Sync/Update (#2153)
* Translate into Chinese: blog/2017/0.2-announcement/index.md
* Update index.md
* Update _index.md
(cherry picked from commit 4ee8e44cb6)
* re translate /zh/blog/2018/egress-tcp/ page (#2151)
* re translate /zh/blog/2018/egress-tcp/, for changes of content/blog/2018/egress-tcp/index.md file between commit fd290dc73e and 82eb2c21a3
* fix unaviable link (#2151)
(cherry picked from commit 0b313e373b)
* Flip conditional polarity to remove useless work when linting.
(cherry picked from commit 4424563918)
* Enable extra lint stuff (#2158)
(cherry picked from commit 0b2ea1d38e)
* Fix indent, given new linting rules.
- We now detect text blocks that are incorrectly indented.
- We now detect image captions that end in a period.
- We now detect page descriptions that don't end in a period.
- CircleCi now runs linting without minifying HTML first, improving perf and
improving error output.
- In CircleCi, we now have a per-build cache for HTML proofer output. This
helps reduce the frequency of link timeout errors.
- Fix errors flagged by the above new lint checks.
* add Advanced Egress Control section in Examples
* move egress gateway and egress tls origination tasks to advanced egress examples
* fix the links and replace task with example
* use subsets for cnn in destination rules and virtual services
* remove trailing spaces
* separate virtual services for traffic to and from egress gateway
to egress gateway: TLS match
from egress gateway: TCP match
* put back tls match for HTTPS egress for Istio without Auth
combine defining the Gateway and the VirtualServices
* use ISTIO_MUTUAL with sni in destination rules
* update the log message to print HTTP/2 as the protocol
* make two VirtualServices into one
* remove redundant explanation about SNI setting in a destination rule
* use different virtual service matches for Istio with and without SNI
* fix the case of HTTP traffic for Istio without Auth
Remove a bunch of entries that shouldn't have been in the spelling dictionary
and correct content aoocrdingly.
I'm disabling the Chinese spell checking for now, since I'm not able to fix the
spelling errors that emerged there. Once this PR is in, I'll file an issue to get
those spelling errors addressed and checking reenabled.
* use kubectl consistently throughout for Istio API resource C.R.U.D operations
xref: https://github.com/istio/istio.github.io/issues/1843
* fix typo
* review comments
* remove unnecessary instructions to use `replace` instead of `create`
* fix linter in `zh` content
- Increase the size of the Copy button in preformatted blocks to make it stand out since it is the
most common used button.
- Shift the copy/download/print buttons in PRE blocks towards the left so they don't overlap the
scroll bar in large text blocks.
- Switch to new fonts.
- Instead of underlining <H2> headers, we now draw a blue bar above them.
- Add an "up level" button at the top of pages.
- Streamline the appearance of the next/previous page links at the bottom of most pages.
- Remove the right pointing arrows from index pages and see also sections. They were just
confusing.
- Add icons to the main pages.
- Slightly change the layout of the glossary page, more to come here.
* initial version of Egress Gateway for 1.0
* use HTTPS protocol for the egress gateway ports
* change troubleshouting section regarding mutual TLS
just direct users to read the mutual TLS page regarding troubleshooting
* add egressgateway to .spelling
* remove "let's" prevent the "we language"
* fix lint errors
* rename Cleanup section names to more detailed names, to prevent lint errors
* add a section about directing HTTPS traffic thru egress gateway
* remove istio-system namespace from the HTTPS-related artifacts
* add a section for mutual TLS over HTTPS
* disable mTLS on Istio with mTLS between a sidecar and the egress gateway
* use * as a host in the gateway's definition
* clarify the fact that in HTTPS the original traffic is already encrypted
* use mTLS between sidecar and egress gateway
* use explicit host in gateways instead of *
* add subjectAltNames to the upstream of the sidecar proxy
* unite creating a gateway for mTLS and a destination to set SNI
* add a missing dot
* add destination rule for setting SNI for mTLS to all cases
* add deleting the destination rule for mTLS
* split a long line
* Rewrite the steps to create a service entry in a separate step
* use port 80 in the destionation rule for direct HTTP traffic without TLS origination
* remove redundant ServiceEntry definition
* mention DestinationRule for TLS origination
* rename port tls to tls-cnn
for future definition of multiple servers on the same port
* describe getting Envoy's stastics of istio-egressgateway
Update "Collecting Metrics and Logs" task with new source and destination attributes
Updated based on reviews and added tcp metrics changes too
Update Prometheus Task
Update Using-Istio-Dashboard task
Updated fluentd and servicegraph tasks.
Also update distributed tracing and using-istio-dashboards tasks based
on feedback
Add new picture for servicegraph and indent using-istio-dashboard again
Fixed Linting Errors
Updating based on review
Updating based on review
Adding destination-rule-all-mtls for tcp metrics routing too
Add explanation for Inbound Workloads and Outbound Services for Workload Dashboards
* Update authentication concept doc.
* Fix lint errors.
* Address comments and fixed some links.
* Remove feature stages change from this PR.
I will make a separate PR for it.
* Chinese community translation and fix a markdown error
- Translate community page into Chinese
- Fix https overlay markdown style check error
* fix CI errors
- update Quick Start with Kubernetes
- update Prerequisites and Installation steps
- fix some broken links
* Delete "basic access control" and "secure access control" pages.
These pages were there before Istio RBAC was introduced. We should
remove them now to avoid confusion.
* Added aliases for deleted pages.
* add ./ to the script to generate certificates
* add a step to verify the subject of the ingress gateway certificate
* add a step to verify the subject of the CA certificate
put the mutual TLS troubleshooting into a separate subsection
* fix the level of the mutual TLS troubleshooting
* remove redundant empty lines
* verify the subject is correct -> verify that the subject is correct
* another case: verify the subject is correct -> verify that the subject is correct
* Consolidate the security concept pages into a single page.
- This updates the security concept material to be on a single page, which matches the
change done last week for the rest of the concept material. This ends up being a less clicky
more directed introduction for newcomers to the platform.
- While I was there, I moved the redundant What is Istio page from our about section and stuck
the content at the top of the What is Istio page in the Concepts section.
- Add <github_file> <github_blob> and <github_tree> to make it simpler to link to the right
place on GitHub.
- Use these new sequences throughout the docs.
- Also, fix bad HTML generated for the TOC in certain cirsumstances.
- Fix extra blank line inserted at the bottom of indented code blocks.
- Remove What's next sections since we now have auto-generated See also sections
- Fix a few incorrectly capitalized headers, "istio", "kubernetes", "sidecar"
* Update authn policy tasks with global policy.
This is cloned from Diem's PR
https://github.com/istio/istio.github.io/pull/1600.
* Add section to use mesh-wide policy to enable mTLS globally.
* Update examples to follow naming restriction.
* Fix linter errors.
* Additional lint fix.
Accordingly with the kubectl help documentation for the logs
command, the container name is a flag and not an argument:
`
Usage:
kubectl logs [-f] [-p] (POD | TYPE/NAME) [-c CONTAINER] [options]
`
The use of an argument instead of a flag is to keep compatible
with legacy systems, but it is not recommended as it can be removed
at any time.
* remove egress TCP task
the example can be implemented by HTTPS Service Entries
* remove a reference to Egress TCP Task in Egress TCP blog
* replace a reference to the Egress TCP task by the Egress TCP blog post
in About -> Feature Status -> Istio features/Traffic management
* add an alias from the removed task to Egress/TCP blog post
Yangmin Zhu
Jonh Wendell
Frank Budinsky
Martin Taillefer
Oliver Liu
Dmitri Dolguikh
Steven Dake
sshucker
Vadim Eisenberg
Quanjie Lin
Matthieu Maquevice
Lin Sun
Bryant Luk
Tiago M. Vieira
Vincent
Christoph Held
Diem Vu
mandarjog
Limin Wang
Andra Cismaru
Jason Young
Tao Li
Gregory Hanson
mtail
lei-tang
Kent Rancourt
gargnupur
imgbot[bot]
Jimmy Song
Spike Curtis
Douglas Reid
Axel Siebenborn
Yossi Mesika
Daneyon Hansen
Will Witman
navinger
Stephen Gilson
Jianfei Hu
Gary Brown
LillyWu
danielmenezesbr
Arshdeep Singh Chimni
Shriram Rajagopalan
Guang Ya Liu
Cesar Botti
Morven Cao