* single network services/endpoints can not have duplicate address
* Update content/en/docs/ops/deployment/deployment-models/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* [WIP] add doc tests for ambient getting started guide
Signed-off-by: Faseela K <faseela.k@est.tech>
* fix cleanup
Signed-off-by: Faseela K <faseela.k@est.tech>
* fix test
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
* Update feature status for Experimental/Alpha
Based off of the feature status in features.yaml, update the
corresponding doc page.
Update navigation_level.html to only flag Experimental and Alpha
features with an asterisk '*', rather than all docs with _any_ status
set.
Add new 'alpha.md' boilerplate, similar to 'experimental.md', with a
link to https://github.com/istio/community/blob/master/FEATURE-LIFECYCLE.md
Add either 'boilerplate alpha' or 'boilerplate experimental' to all
pages which have Alpha or Experimental status set.
Tidy up pages which already had
'boilerplate experimental-feature-warning' and be consistent with
'boilerplate experimental'
Update tasks/observability/distributed-tracing/mesh-and-proxy-config
status from 'Beta/Experimental' to 'Beta', to match what's in
features.yaml (all others only have a single value here)
* Add content/zh/boilerplates/alpha.md
* Update content/en/boilerplates/alpha.md
Suggested change
Co-authored-by: Faseela K <k.faseela@gmail.com>
* Update the zh 'alpha' boilerplate to match
---------
Co-authored-by: Faseela K <k.faseela@gmail.com>
* Update Istio/SPIRE integration demo to use SPIRE Controller
Manager instead of k8s workload registration.
Signed-off-by: jaellio <jaellio@microsoft.com>
* Adds test for automatic workload registration via the SPIRE
controller manager. During cleanup, removes generated istio.yaml
and chaim.pem files. Updates label to
spiffe.io/spire-managed-identity.
Signed-off-by: jaellio <jaellio@microsoft.com>
* Adds missing newline
Signed-off-by: jaellio <jaellio@microsoft.com>
* Fix spelling error
Signed-off-by: jaellio <jaellio@microsoft.com>
* Add missing ns flag on role and rolebinding resource commands
Signed-off-by: jaellio <jaellio@microsoft.com>
* Delete sleep resources and uninstall before SPIRE
Signed-off-by: jaellio <jaellio@microsoft.com>
* Reconfigures demo so istio install is not expected to fail.
Created ClusterSPIFFEID before install istio. Previously install
would fail because the ingress gateway wasn't registered/
Signed-off-by: jaellio <jaellio@microsoft.com>
* Remove references to v1.14 and update required version to 1.14+
Signed-off-by: jaellio <jaellio@microsoft.com>
* Fix lint errors
Signed-off-by: jaellio <jaellio@microsoft.com>
---------
Signed-off-by: jaellio <jaellio@microsoft.com>
* Gloss refs and other small improvemetents in ambient docs
* Update content/en/docs/ops/ambient/architecture/index.md
Co-authored-by: John Howard <howardjohn@google.com>
---------
Co-authored-by: John Howard <howardjohn@google.com>
* Make ambient warning more extreme
* Update content/en/docs/ops/ambient/getting-started/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Co-authored-by: Lin Sun <lin.sun@solo.io>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* ambient: add traffic routing docs
This fills in part of the architecture doc for ambient.
Note this is intentionally low-level. This attempts to mirror
https://istio.io/latest/docs/ops/configuration/traffic-management/traffic-routing/
but for ambient.
* Address Frank's comments
* Update content/en/docs/ops/ambient/architecture/index.md
Co-authored-by: Lin Sun <lin.sun@solo.io>
* Update content/en/docs/ops/ambient/architecture/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Co-authored-by: Lin Sun <lin.sun@solo.io>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* doc-global-downstream-max-conn-helm
* Add instructions to set global_downstream_max_connections with Helm
* Fix https://github.com/istio/istio/issues/37443
* Fix linting errors
* Address comments
* Remove global_downstream_max_connections from .spelling and add backticks where missing
* Simplify instructions on how to set global_downstream_max_connections
* build an archive of v1.16 in master
* update data/versions.yml and archive index page
* advance master to release-1.18
* Fix lint by moving back to older files - Note automated job will fail lint.
* Temporarily disable the istioctl-analyze test
* Termporarily remove the Performance page from the website
* Update preformance links to point to doc's relese version or latest existing page.
* Fixup another link
* Add more context
* Update content/en/docs/ops/configuration/traffic-management/network-topologies/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/ops/configuration/traffic-management/network-topologies/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/ops/configuration/traffic-management/network-topologies/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/ops/configuration/traffic-management/network-topologies/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* As per discuss in https://github.com/istio/istio/pull/42962#issuecomment-1402236303
* Lint fix
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* fix: envoy statistics config documentation
* chore: make gen
* feat: sync from istio/api
* Update content/zh/docs/ops/configuration/telemetry/envoy-stats/index.md
Co-authored-by: Michael <haifeng.yao@daocloud.io>
Co-authored-by: Michael <haifeng.yao@daocloud.io>
* Add documentations for SkyWalking integration and task
* Add script to undeploy skywalking
* Clean up istio namespace
* Update index.md
* Address review comments
* Apply suggestions from code review
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* build an archive of v1.14 in master
* update data/versions.yml and archive index page
* advance master to release-1.16
* Rerun `make update_ref_docs
* Update to commit on main branch to fix tests
* Disable failing test (temporary)
* Update for Wasm contents
* Fix the wrong cleanup code
* Fix the description of `extensibility` folder's description
* Apply suggestions from code review
Co-authored-by: craigbox <craigbox@google.com>
* Update _index.md
* Regenerate snips
* Add old URL path as an alias
* Update content/en/docs/tasks/extensibility/_index.md
* Add description for the wasm pull policy
Signed-off-by: Ingwon Song <igsong@google.com>
* Apply suggestions from code review
Co-authored-by: Douglas Reid <douglas-reid@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: craigbox <craigbox@google.com>
* Applying the comment from @dgn
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: Douglas Reid <douglas-reid@users.noreply.github.com>
* Update to use the master branch of istio.io/istio for test refs
* go.* changes
* Update test and go.*
* Update to use `master` branch for make targets
* One final go mod tidy
* REmove vm test for now.
* Remove istioctl-analyze test
* Also remove using-istio-dashboard
Fixes some broken suggested recording rules that treated
`istio_tcp_sent_bytes_total` and `istio_tcp_sent_received_total` as if
they were distribution type metrics rather than counters.
I have also reordered the metrics to more closely align with the order
on the "Istio Standard Metrics" page.
Fixes#10311
* Add document on "Understanding DNS"
This is a follow-on to the recent docs "Understanding traffic routing"
and "Understanding TLS" where I attempt to give in depth explainations
of some of the implementation details of some commonly misunderstood
parts of Istio.
In particular, this aims to clear up how app DNS, DNS proxying, and
Envoy DNS resolution interact.
* Apply suggestions from code review
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Add non-success info
* Update content/en/docs/ops/configuration/traffic-management/dns/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* tie in dns proxy
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Add note about gateways to protocol selection
* Apply suggestions from code review
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Information about holdApplicationUntilProxyStarts
This is a very extended topic about networking issues with pods with the istio-proxy sidecar container and is not spread or well documented.
Many people using solutions as "curl -fsI http://localhost:15021/healthz/ready", or post start hooks, even changing logics in scripts etc.
Adding this in this related documentation can help people find this feature easily.
* Fix letfover d
Remove leftover d in added
* Apply suggestions from craigbox
Co-authored-by: craigbox <craigbox@google.com>
* Update index.md
Remove trailing space in line 245.
Co-authored-by: Adrian Rico <aseguirico@gmail.com>
Co-authored-by: craigbox <craigbox@google.com>
* Added a small section on common errors while accessing headless services
* Fixed lint errors
* Removed unnecessary config details
* Few corrections and restructuring
* Updated commands for easier copying
* build an archive of v1.11 in master
* update data/versions.yml and archive index page
* advance master to release-1.13
* ANother script update
* go get remaing istio repos to satisfy linter
* Temporarily fix link broken by istio/api #2148
* Temporarily disable istioctl analyze test.
* add authz limitation
* Apply suggestions from code review
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Update to latest istio/istio commit for istio.io tests
* Update to latest istio commit
* Additional istioctl analyze output
* Fix istioctl-analyze test
* Fix gateway doc
* Fix setting of INGRESS_HOST and more cleanup
* Fixes for unbound INGRESS_HOST
* lint fix
Co-authored-by: John Howard <howardjohn@google.com>
* Improve DestinationRule Security Best Practices
* Add instructions for improving security using subjectAltNames which is
not checked by default.
* Add instructions to turn on VERIFY_CERTIFICATE_AT_CLIENT to decrease
friction of checking certificates against a CA.
* Escalate certificate validation that is not being done to a warning to
increase visibility.
* Add Clarification to certificate validation.
* Add explanation of using system to enable OS CA certificate usage.
* Clarify subjectAltName usage and why it is important
* Fix linter error
* Clarify CA cert used and user need for an sni value
Daneyon Hansen
Frank Budinsky
NisheekaNynan1
Kevin Park
Faseela K
Zhonghu Xu
Lin Sun
Paddy Doyle
Jackie Elliott
John Howard
SRodi
Xiaopeng Han
Eric Van Norman
Michael
zirain
Peter Jausovec
Ben Leggett
Steve Zhang
Alan Wang
Max Lambrecht
Aryan Gupta
Mariam John
kezhenxu94
Darnele Pierre-Louis
Tong Li
stewartbutler
abasitt
Jacek Ewertowski
Ingwon Song
Jason Wang
Yossi Mesika
rotimiawani
Oliver Liu
yanrongshi
merusso
Alexandre Alves Alvino
Dennis Effing
Pengyuan Bian
nickgooding
keyolk
Edgar Hernández
Istio Automation
sha-rath
Steven Landow
Daniel Gospodinow
Yangmin Zhu
Andrii
Kenan O'Neal