* initial version of Egress Gateway for 1.0
* use HTTPS protocol for the egress gateway ports
* change troubleshouting section regarding mutual TLS
just direct users to read the mutual TLS page regarding troubleshooting
* add egressgateway to .spelling
* remove "let's" prevent the "we language"
* fix lint errors
* rename Cleanup section names to more detailed names, to prevent lint errors
* add a section about directing HTTPS traffic thru egress gateway
* remove istio-system namespace from the HTTPS-related artifacts
* add a section for mutual TLS over HTTPS
* disable mTLS on Istio with mTLS between a sidecar and the egress gateway
* use * as a host in the gateway's definition
* clarify the fact that in HTTPS the original traffic is already encrypted
* use mTLS between sidecar and egress gateway
* use explicit host in gateways instead of *
* add subjectAltNames to the upstream of the sidecar proxy
* unite creating a gateway for mTLS and a destination to set SNI
* add a missing dot
* add destination rule for setting SNI for mTLS to all cases
* add deleting the destination rule for mTLS
* split a long line
* Rewrite the steps to create a service entry in a separate step
* use port 80 in the destionation rule for direct HTTP traffic without TLS origination
* remove redundant ServiceEntry definition
* mention DestinationRule for TLS origination
* rename port tls to tls-cnn
for future definition of multiple servers on the same port
* describe getting Envoy's stastics of istio-egressgateway
* Update authentication concept doc.
* Fix lint errors.
* Address comments and fixed some links.
* Remove feature stages change from this PR.
I will make a separate PR for it.
* add ./ to the script to generate certificates
* add a step to verify the subject of the ingress gateway certificate
* add a step to verify the subject of the CA certificate
put the mutual TLS troubleshooting into a separate subsection
* fix the level of the mutual TLS troubleshooting
* remove redundant empty lines
* verify the subject is correct -> verify that the subject is correct
* another case: verify the subject is correct -> verify that the subject is correct
* Consolidate the security concept pages into a single page.
- This updates the security concept material to be on a single page, which matches the
change done last week for the rest of the concept material. This ends up being a less clicky
more directed introduction for newcomers to the platform.
- While I was there, I moved the redundant What is Istio page from our about section and stuck
the content at the top of the What is Istio page in the Concepts section.
- Add <github_file> <github_blob> and <github_tree> to make it simpler to link to the right
place on GitHub.
- Use these new sequences throughout the docs.
- Also, fix bad HTML generated for the TOC in certain cirsumstances.
- Fix extra blank line inserted at the bottom of indented code blocks.
- Remove What's next sections since we now have auto-generated See also sections
- Fix a few incorrectly capitalized headers, "istio", "kubernetes", "sidecar"
Diem Vu
mtail
Kent Rancourt
Vadim Eisenberg
Frank Budinsky
Limin Wang
Vincent
Yossi Mesika
Will Witman
Martin Taillefer
Stephen Gilson
Yangmin
Andra Cismaru
Gary Brown
Steven Dake
Arshdeep Singh Chimni