* Expand the gateway-api docs for 1.12
This introduces a lot more details, highlights changes in 1.12, and
discusses the differences between Istio and Gateway-API.
* erics comments
* clarify
* gen
* Update to latest istio/istio commit for istio.io tests
* Update to latest istio commit
* Additional istioctl analyze output
* Fix istioctl-analyze test
* Fix gateway doc
* Fix setting of INGRESS_HOST and more cleanup
* Fixes for unbound INGRESS_HOST
* lint fix
Co-authored-by: John Howard <howardjohn@google.com>
* Update test reference to latest istio
* Update helm output
* Update install/operator test to allow <pending> IP for running locally.
* fix lint
* Gateway changes
* Fix gateway
* Remove remaining webhook to make tests pass
* Change to use istioctl tag remove
* Add the information that you can concatenate CA certs
Add the information that you can concatenate CA certs if you want to accept MTLS from client providing certificate signed by different CAs
* english review comments
* adding back key and also adding "value"
Co-authored-by: Laurent Demailly <ldemailly@gmail.com>
* Update Gateway API doc
This patch updates Gateway API doc to use:
- Gateway CRD v0.3.0
- Remove `PILOT_ENABLED_SERVICE_APIS` as it is enabled by default.
* Run make gen
* Add info about SNI routing
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* add to common problems
* address comments
* fix lint
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Rename Service APIs to Gateway API
* update alias
Co-authored-by: craigbox <craigbox@google.com>
* fix missing url
Co-authored-by: craigbox <craigbox@google.com>
* Silence curl command
* Update more files with -sS (adding S to show errors)
* Over-agressive on the -S and causing some tests to fail.
* Remove more curl -S flags
* mark as tested
* generate snips
* test progress
* add -I to curl output in command
* regenerate snips
* doc test fixes
* Add HTTP/1.1 to expected output
* change to use verify_elided
* Add documentation for experimental service APIs integration
The intent of this doc is to show users that Istio supports
service-apis, and the few steps needed to use them with Istio. It is NOT
intended as a source of truth for documentation for the APIs, deferring
to the upstream for all details
(https://kubernetes-sigs.github.io/service-apis/).
* apply suggestions
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
This required some other changes WRT verification:
- Change __cmp_like to allow for not accepting <pending> for an IP address.
- Change __verify_with_retry to use a timeout rathan than number of retries. This is a more intuitive interface and aligns with the way we do retries in istio/istio. I also got rid of exponential backoff and allow both the timeout and delay between retries to be configured.
* Try longer timeout for tasks/security/authorization/authz-ingress/test.sh
* Go back to old 5m timeout and add failure on timeout back in
* Test with individual wait_for_istio call updates
* Revert to simply changing timeout (but keep duration in output)
* Fix call
* Comment out istioctl wait call
* Add TODO remark
* Fix lint error
* Add temporary sleep until _wait_for_istio is re-enabled
* Add wait for sleep deployment to complete
* Update test reference
* Test framework changes
* Another required change
* Update Tag to 1.8
* Pick istio/istio commit that actually exists
* Disable ISTIO_META_DNS_CAPTURE
* Add --skip-confirmation to istioctl installl commands
* Increase test timeout. First pass at fixes.
* Update to later istio/istio that fixes DNS and minor fixes
* test fixes
* Pick up go.mod `replace` changes from #8118
* Fix istioctl-analayze and mirror
* Fix mtls-migration test
* Update istio to include commit to fix egress
* Re-enable verify with fix
* Update istio/istio ref for egress fix
* Fix tasks/security/authorization/authz-td-migration - remove ns
* Shorten wait timeout so tests complete in under an hr
* Let tests continue after wait timeout
* Fix --skip-confirmation to -y and use yes | in tests
* revert yes | to echo y |
* Additional echo y fix
* Code review comments
* Change verify from same to contains as k8s 1.19 has extra warning lines.
* automated test for viewing traces from zipkin dashboard (expectation is that traces are seen correctly)
* fix shellcheck linting errors
* remove verification of traces and just check if zipkin dashboard is accessible through port-forward
* Modify snippet generation logic to take {{< boilerplate >}} into account
* snippets for boilerplate
* fix shellcheck (linting) issues
* snippets generated with new logic
* automated test - check if zipkin dashboard is accessible by port-forwarding (as we cannot verify screenshot and the trace is already verified in istio/istio integration test
* clean up ZIPKIN_URL comment
* Address code review comments
1. Simplify boilerplate snippet filenames (remove .md_snips)
2. Sourced filenames should be in double quote(") instead of single quote(')
* fix gencheck_istio flake
* do not generate or include boilerplate snippets if there is not {{<text>}} in them
* fix linting errors in snip.py
* fix bug - filter out boilerplates without snippets very early
* Add IBM Cloud Kubernetes Service specific instructions for Ingress Host
The previous instruction put IBM cloud under other environments, and the command set the Ingress Host to the wrong address.
* Update content/en/docs/setup/getting-started/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Moved IBM Cloud instructions above Docker
* Add IBM Cloud Node port Ingress host instructions to same documentation
* Update Ingress Control Tests
* Update content/en/docs/tasks/traffic-management/ingress/ingress-control/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* update snips.sh
* Update content/en/docs/tasks/traffic-management/ingress/ingress-control/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/traffic-management/ingress/ingress-control/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/traffic-management/ingress/ingress-control/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* add an example task to test
* main test function: save progress
* a working example: routing request
* improve log info and error handling
* introduce makefile
* run each test as a subtest; remove common setup from test.sh
* add another test.sh: fault-injection
* improve error handling
* check test environment
* add two more test.sh files
* fix make command for istio setup
* update two test.sh files from upstream
* add comments and update README.md
* update test.sh files from upstream
* support multiple test names
* update README
* update README.md for new framework
* remove documentation of migration steps
* undo format changes
* change separation line to '# @cleanup'
* move go code and makefile from content/ to tests/
* change package name
* make for loop more readable
* change the set of auto-sourced scripts
* add docs for all functions
* approach to deal with folders with the same name
* minor fixes to ensure everything still runs
* fix make gen error
* add a TIMEOUT argument
* make sure util/debug.sh works with new framework
* make lint-go happy
* [BIG CHANGE] allow different istio setup configs
* make linters happy
* make linters happier
* changed wording and function orders
* make error return as the 2nd argument
* add TODOs
* Update content/en/docs/tasks/traffic-management/traffic-shifting/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* only test english docs
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* allow test.sh as suffix
* move adding setup configs to tests/setup
* recommend full paths
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* require full test paths
* converting old tests to new tests: traffic-management and misc
* converting old tests to new tests: security
* remove old tests
* Update content/en/docs/tasks/security/cert-management/dns-cert/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* simplify setup configs
* Update content/en/docs/tasks/security/authentication/authn-policy/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authentication/mtls-migration/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authorization/authz-http/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* do not let istioctl prompt y/n
* Update content/en/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/traffic-management/ingress/secure-ingress/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/cert-management/plugin-ca-cert/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* simplify stuff
* rename dns-cert test.sh to test_broken.sh
* fix dns-cert doc and test
* remove egress=disabled
* fix test
* Update content/en/docs/tasks/observability/logs/access-log/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authentication/authn-policy/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Refactor Secure Ingress tasks
Ingress SDS is now the default and recommended. This removes the file
mount task, which is no longer recommended and will avoid confusion, and
cleans up the task a bit. I also documented the new supported secret
formats.
* use archive
* Add documentation on Ingress support
Istio has supported Ingress for quite a while, but its not documented.
This explains how to use it and configure it.
Note to docs reviewers: Gateway is Istio's alternative to Kubernetes'
Inrgess object, and we prefer users to use Gateway. However, for reasons
like legacy users, we also support Ingress.
* fix lint
* fix lint
* fix lint
* improvements
.
* Apply suggestions from code review
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* rewrite Secure Gateways (SDS) to use openssl for generating certs/keys
additional improvements:
1. Generate and use client certificate/private key for mutual TLS
2. Do not use quotes in YAMLs where not required
* add removing csr files and client.example.com files
* delete the directories with the certificates -> delete the certificates and the keys
These fix problems encountered when switching to the new Hugo which has
a completely different markdown engine. I went through diffs of the generated
HTML and made required adjustments.
刘旭
John Howard
Eric Van Norman
Istio Automation
Brian Avery
Kenjiro Nakayama
Frank Budinsky
Shamsher Ansari
craigbox
jacob-delgado
Sam Naser
carolynhu
Nathan Mittler
Suchith J N
Ram Vennam
Albert Sun
Hongyi Zhang
Navraj Singh Chhina
Lin Sun
Jonh Wendell
Jimmy Chen
Vadim Eisenberg
Bryant Hagadorn
Martin Taillefer