* Add docs for ocsp staple support
Signed-off-by: Faseela K <faseela.k@est.tech>
* Update content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* clarify the internal IP ranges for IBM Cloud Kubernetes Service
* Trigger Build
* add example of the command output
* paraphrase the text
* update snips.sh
* Enhance mTLS origination example
Signed-off-by: Faseela K <faseela.k@est.tech>
* rebase
Signed-off-by: Faseela K <faseela.k@est.tech>
---------
Signed-off-by: Faseela K <faseela.k@est.tech>
`Configure traffic through egress gateway with SNI proxy` section was removed from the docs in the 1.14 release
but that is still mentioned in the setup instructions for the task `Egress using Wildcard Hosts`.
The test waits for vs resource, that is not even created.
Wait on SE and DR is only needed.
Signed-off-by: Faseela K <faseela.k@est.tech>
Signed-off-by: Faseela K <faseela.k@est.tech>
* Improve clarity of Egress Gateway docs
Make the step 13 more clear, since it is creating a DestinationRule in the test-egress namespace and not in the default namespace.
* Update content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md
Co-authored-by: craigbox <craigbox@google.com>
Co-authored-by: craigbox <craigbox@google.com>
* Wildcard egress: remove arbitrary domain section
This doc has been a nuisance for many years. It recommends an extremely
complex and dangerous pattern, relying on deploying nginx, extremely
complex EnvoyFilters enabling unsupported, custom, alpha Envoy c++
filters, and a number of other scary practices. IMO this does not belong
in Istio docs at all, and certainly not in our top level taks.
* Add back single wildcard
* Update content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* Documentation for egress mTLS origination at sidecar using credentialName in DR
The feature is already merged. So trying to add a documentation for the same.
Signed-off-by: Faseela K <faseela.k@est.tech>
* Remove duplicate code and point to the existing documentation
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Fix test failures
Signed-off-by: Faseela K <faseela.k@est.tech>
* Add tests for mTLS origination at sidecar
Signed-off-by: Faseela K <faseela.k@est.tech>
* Typo fix for GKE
* make gen
Co-authored-by: Noah Nsimbe <37845280+NoahNsimbe@users.noreply.github.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
* Minor fix in egress mtls example cleanup
The document mentions some resources for cleanup
which are not actually created as part of this exercise.
Signed-off-by: Faseela K <faseela.k@est.tech>
* Adding make gen output files
Signed-off-by: Faseela K <faseela.k@est.tech>
* Remove file mount egress documentation
This is actively leading users down a bad practice. We previously did
the same for Ingress - the results were we got a lot less bugs about
file mount being very hard to use.
As is, users are directed here as the default - only if they happen to
know what "SDS" is (an implementation detail) will they realize the
other doc is better.
* gen snips
* fix test
* Fix inject
* Update istio test ref - fix timeout failures?
* Go back to figure out why ext cp setup is failing (samples not starting)
* Again including #31560
* After 31561
* Past #31410
* test ref sha=688973e58828ffbcff2ccd9eeab41a12527c217a
* test ref 9d5ba69765#31401
* Update test ref to latest istio and change 504/408 for egress test
* Update to get around quay.io outage
* Silence curl command
* Update more files with -sS (adding S to show errors)
* Over-agressive on the -S and causing some tests to fail.
* Remove more curl -S flags
* Update istio/istio ref to latest master
* Move to latest before testing.
* Update release in Makefile
* Fix some tests
* Update to latest isti.io/istio again
* Update to latest istio.io/istio
* Update to latest istio.io/istio
* Update ref to latest master
* Fix instioctl-analyze
* Add back @howardjohn commit I inadvertantly deleted
* Fix lint
* Pick up new stio: fix empty iop read from stdin for operator
* go mod tidy without itermediate go gets
* Update to current stats-filter's
* Needed another 'make gen'
* More go.* changes for changes in ref'd istio/istio
* Update istio to 1.9.0-beta.0
Overview of the changes:
- Adding ability to verify that expected output occurs a number of times consecutively. This is needed for https://github.com/istio/istio.io/pull/8402.
- Moving snapshot checking logic to Go code so that it can be separated out into separate test steps, which are timed and contain their own output directories/files. This makes the code cleaner and also makes the snapshot logic more transparent.
- Updating debug.sh to use newer bash syntax that allows it to dynamically select a free file descriptor. Without this, I was seeing all commands echoed to my console in goland.
* Add warning on egress gw instructions
Documentation is misleading when repeating the steps for multiple
hosts. The example breaks down. Add a warning describing how to
configuration should look like when additional hosts are configured.
* fix typo
* change to tip, make text more compact
* change other warning as well
* Try longer timeout for tasks/security/authorization/authz-ingress/test.sh
* Go back to old 5m timeout and add failure on timeout back in
* Test with individual wait_for_istio call updates
* Revert to simply changing timeout (but keep duration in output)
* Fix call
* Comment out istioctl wait call
* Add TODO remark
* Fix lint error
* Add temporary sleep until _wait_for_istio is re-enabled
* Add wait for sleep deployment to complete
* Update test reference
* Test framework changes
* Another required change
* Update Tag to 1.8
* Pick istio/istio commit that actually exists
* Disable ISTIO_META_DNS_CAPTURE
* Add --skip-confirmation to istioctl installl commands
* Increase test timeout. First pass at fixes.
* Update to later istio/istio that fixes DNS and minor fixes
* test fixes
* Pick up go.mod `replace` changes from #8118
* Fix istioctl-analayze and mirror
* Fix mtls-migration test
* Update istio to include commit to fix egress
* Re-enable verify with fix
* Update istio/istio ref for egress fix
* Fix tasks/security/authorization/authz-td-migration - remove ns
* Shorten wait timeout so tests complete in under an hr
* Let tests continue after wait timeout
* Fix --skip-confirmation to -y and use yes | in tests
* revert yes | to echo y |
* Additional echo y fix
* Code review comments
* Change verify from same to contains as k8s 1.19 has extra warning lines.
Kalya Subramanian
Frank Budinsky
ognyvrac
Faseela K
Wei Shan Sun
Mariam John
Eric Van Norman
Tong Li
Jakub Horák
John Howard
Istio Automation
Faseela K
刘旭
Meng Wang
Pengyuan Bian
Nathan Mittler
Roland Kool