* Clarify auth variant
This makes it clear that sds-auth is already the 'auth' variant. It
also tries to be more specific about what it does, rather than just
saying 'auth by default'
* Add incompatibility between SDS and control plane auth
* Remove unneeded aside
* Clarify status of control plane security with SDS
No technical issues apparently, just timeline. Also moved to before the
table for clarity.
* Simplify additional security feature table
This improves the clarity of this table by:
* Removing default and minimal , since -auth doesn't add any security
features
* Labeling the first column as security feature
* Changing the names of the profiles to reflect the final profile name
including the -auth, instead of without
* Patch the ingress-gateway deployment instead of recreating it
Patching it by just adding what is missing - a volume - is better in the
sense that it doesn't matter how the user created it - the template used,
the options used when creating it, etc.
* Apply suggestions from code review
Co-Authored-By: Rigs Caballero <grca@google.com>
* Replace oc with kubectl
* Remove a trailing space
* fix(telemetry docs): replace p&t concept doc with observability doc
* Fixed broken links
* Fixed one internal and one external link
* Added links and fixed two typos
* Title and links changes
* Added Policies conceptual section
* Fixed broken links in commands reference and traffic mnanagement
Cat-ing the crds into a single file along with the istio mainfests
leads to a race to install the crds. This applies the crds as a
separate step to avoid this.
* Refine the upgrade steps.
These could use a third party validation. The upgrade instructions
are mostly generic at this point, although the MTLS handling is not
necessarily generic between releases. I had thought we removed the
mtls global setting in this release, yet the existing docs state
this config option should be used.
* Update content/docs/setup/kubernetes/upgrade/steps/index.md
Co-Authored-By: Rigs Caballero <grca@google.com>
* Update content/docs/setup/kubernetes/upgrade/steps/index.md
Co-Authored-By: Rigs Caballero <grca@google.com>
Update the installation options for release-1.2 and the installation
option changes between release 1.1 and release 1.2. These changes have
been generated by the updated changes to tablegen.py in the
PR: https://github.com/istio/istio.io/pull/4402Fixes: #4374
* Add new Traffic management concept.
Wrote a new "Traffic management" concept to include the latest developments.
Organized the content into smaller pages to make it easier to consume. The new
structure improves visibility and each page includes keywords to improve the
"See Also" pieces of suggested content and SEO. The new concept includes
diagrams and examples. Each section starts with the larger picture and then
moves to explain the specifics.
Signed-off-by: rcaballeromx <grca@google.com>
* Improved based on review comments.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix Hugo front matter.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix false positives in links test.
Signed-off-by: rcaballeromx <grca@google.com>
* Remove terms from exceptions file.
Signed-off-by: rcaballeromx <grca@google.com>
* Revert "Add new Traffic management concept."
This reverts commit de9d0e0225.
Having back-ticks at the beginning of the lines was causing Hugo not to generate
the pages at build time. Moved the content with backticks away from the start of
the lines seems to fix the issue.
Signed-off-by: rcaballeromx <grca@google.com>
* add missing cleanup step for authn policy task section 1
The "*.local" rule created in "Globally enabling Istio mutual TLS"
was not removed during the cleanup section, leading to unexpected
503s for users continuing on to the next section (enabling
per-namespace).
* Note that jwcrypto needs to be present to run gen_jwt.py
* Apply suggestions from code review
Co-Authored-By: Rigs Caballero <grca@google.com>
* Fix the flow and language of the Getting started doc.
Signed-off-by: rcaballeromx <grca@google.com>
* Add cross-reference on the k8s install guide.
Signed-off-by: rcaballeromx <grca@google.com>
* Rework concluding paragraph to clarify timeline.
Signed-off-by: rcaballeromx <grca@google.com>
* Move cross-reference to landing page.
Signed-off-by: rcaballeromx <grca@google.com>
* Add new Traffic management concept.
Wrote a new "Traffic management" concept to include the latest developments.
Organized the content into smaller pages to make it easier to consume. The new
structure improves visibility and each page includes keywords to improve the
"See Also" pieces of suggested content and SEO. The new concept includes
diagrams and examples. Each section starts with the larger picture and then
moves to explain the specifics.
* fix the egress gateway example
need to change static because one address was host the other was ip.
* update to make it cleaner
* minor typo
* minor tweaks
* fix lint
* format change
* fix lint
* fix lint
* clean up tips per frank and shriram's suggestion
* fix lint
Nik Skoufis
Jonh Wendell
Martin Taillefer
Adam Miller
Tao Li
Lin Sun
John Howard
Dan Ciruli
Rigs Caballero
Diem Vu
Frank Budinsky
Ed Snible
imgbot[bot]
Steven Dake
Jan von Löwenstein
Yangmin Zhu
Martin Ostrowski
Matthew Wringe
Mariam John
Chris Wilson
Romain Lenglet
Oliver Liu
Jianfei Hu
Phil Rud
mtail
Morven Cao