* docs: update to use PROXY config
Signed-off-by: Kuat Yessenov <kuat@google.com>
* gen
Signed-off-by: Kuat Yessenov <kuat@google.com>
* review
Signed-off-by: Kuat Yessenov <kuat@google.com>
---------
Signed-off-by: Kuat Yessenov <kuat@google.com>
* Change Istio Classic terminology to Istio APIs
Signed-off-by: Keith Mattix II <keithmattix@microsoft.com>
* Fix stutter
Signed-off-by: Keith Mattix II <keithmattix@microsoft.com>
* Change back parallel structure formation
Signed-off-by: Keith Mattix II <keithmattix@microsoft.com>
---------
Signed-off-by: Keith Mattix II <keithmattix@microsoft.com>
* cleanup more usages of EnvoyFilter
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fix
Signed-off-by: Kuat Yessenov <kuat@google.com>
* fix test
Signed-off-by: Kuat Yessenov <kuat@google.com>
* review
Signed-off-by: Kuat Yessenov <kuat@google.com>
---------
Signed-off-by: Kuat Yessenov <kuat@google.com>
* Reword this to better explain why a gateway on each node is recommended.
Signed-off-by: Benjamin Leggett <benjamin.leggett@solo.io>
* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Signed-off-by: Benjamin Leggett <benjamin.leggett@solo.io>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* update security doc with evaluation order, common patterns, shoter task names and some small updates
* update
* update
* add link
* update
* update
* fix lint
* Apply suggestions from code review
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* update
* Apply suggestions from code review
Co-authored-by: John Howard <howardjohn@google.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: John Howard <howardjohn@google.com>
* update proxy protocol EnvoyFilter to be consistent
Make the proxy protocol EnvoyFilter identical to the one in
docs/ops/configuration/traffic-management/network-topologies/
* fix arch mistake
* update authz docs for remote.ip
remote.ip has been added as an Authorization Condition and the Ingress
Gateway Authorization task has been updated to include it.
* fix relative link to network topologies
* add more verification and use tabs
* remove mixer reference and put LB table below tabset
* move INGRESS_HOST info to top, add LB decision-making table
* clean up bash commands
This required some other changes WRT verification:
- Change __cmp_like to allow for not accepting <pending> for an IP address.
- Change __verify_with_retry to use a timeout rathan than number of retries. This is a more intuitive interface and aligns with the way we do retries in istio/istio. I also got rid of exponential backoff and allow both the timeout and delay between retries to be configured.
* add an example task to test
* main test function: save progress
* a working example: routing request
* improve log info and error handling
* introduce makefile
* run each test as a subtest; remove common setup from test.sh
* add another test.sh: fault-injection
* improve error handling
* check test environment
* add two more test.sh files
* fix make command for istio setup
* update two test.sh files from upstream
* add comments and update README.md
* update test.sh files from upstream
* support multiple test names
* update README
* update README.md for new framework
* remove documentation of migration steps
* undo format changes
* change separation line to '# @cleanup'
* move go code and makefile from content/ to tests/
* change package name
* make for loop more readable
* change the set of auto-sourced scripts
* add docs for all functions
* approach to deal with folders with the same name
* minor fixes to ensure everything still runs
* fix make gen error
* add a TIMEOUT argument
* make sure util/debug.sh works with new framework
* make lint-go happy
* [BIG CHANGE] allow different istio setup configs
* make linters happy
* make linters happier
* changed wording and function orders
* make error return as the 2nd argument
* add TODOs
* Update content/en/docs/tasks/traffic-management/traffic-shifting/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* only test english docs
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* allow test.sh as suffix
* move adding setup configs to tests/setup
* recommend full paths
* Update tests/README.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* require full test paths
* converting old tests to new tests: traffic-management and misc
* converting old tests to new tests: security
* remove old tests
* Update content/en/docs/tasks/security/cert-management/dns-cert/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* simplify setup configs
* Update content/en/docs/tasks/security/authentication/authn-policy/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authentication/mtls-migration/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authorization/authz-http/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* do not let istioctl prompt y/n
* Update content/en/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/traffic-management/ingress/secure-ingress/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/cert-management/plugin-ca-cert/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* simplify stuff
* rename dns-cert test.sh to test_broken.sh
* fix dns-cert doc and test
* remove egress=disabled
* fix test
* Update content/en/docs/tasks/observability/logs/access-log/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authentication/authn-policy/test.sh
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* authz: add task for IP whitelist/blacklist on ingress gateway
* allow list and deny list
* Small grammar adjustments
* address comments
* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md
Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Adam Miller <1402860+adammil2000@users.noreply.github.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Frank Budinsky
Kuat
Keith Mattix II
Michael
Ben Leggett
Aryan Gupta
Istio Automation
Yangmin Zhu
lei-tang
Kyle Evans
Nathan Mittler
Eric Van Norman
Hongyi Zhang
Navraj Singh Chhina
Justin Pettit