Cat-ing the crds into a single file along with the istio mainfests
leads to a race to install the crds. This applies the crds as a
separate step to avoid this.
* Add new Traffic management concept.
Wrote a new "Traffic management" concept to include the latest developments.
Organized the content into smaller pages to make it easier to consume. The new
structure improves visibility and each page includes keywords to improve the
"See Also" pieces of suggested content and SEO. The new concept includes
diagrams and examples. Each section starts with the larger picture and then
moves to explain the specifics.
Signed-off-by: rcaballeromx <grca@google.com>
* Improved based on review comments.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix Hugo front matter.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix false positives in links test.
Signed-off-by: rcaballeromx <grca@google.com>
* Remove terms from exceptions file.
Signed-off-by: rcaballeromx <grca@google.com>
* Revert "Add new Traffic management concept."
This reverts commit de9d0e0225.
* add missing cleanup step for authn policy task section 1
The "*.local" rule created in "Globally enabling Istio mutual TLS"
was not removed during the cleanup section, leading to unexpected
503s for users continuing on to the next section (enabling
per-namespace).
* Note that jwcrypto needs to be present to run gen_jwt.py
* Apply suggestions from code review
Co-Authored-By: Rigs Caballero <grca@google.com>
* Add new Traffic management concept.
Wrote a new "Traffic management" concept to include the latest developments.
Organized the content into smaller pages to make it easier to consume. The new
structure improves visibility and each page includes keywords to improve the
"See Also" pieces of suggested content and SEO. The new concept includes
diagrams and examples. Each section starts with the larger picture and then
moves to explain the specifics.
* rbac: simplify and make authorization HTTP/TCP tasks consistent
* Simplify the Bookinfo deployment, the service accounts could just be
added with the default Bookinfo deployment.
* Make the `Before you begin` section more consistent for HTTP and TCP
tasks
* address comments
* fix link
The user guide for Istio Vault CA integration fails
because the cluster hosting an example Vault server was deleted.
This PR fixes the user guide with a new example Vault CA.
- We haven't been checking external links for months now due to a script error
when someone added an option that didn't work as expected. I'm fixing a bunch
of resulting broken links. I can't turn on the link checker yet since there are
some bad links in reference docs which I have to address first.
- Add a bunch of links to yaml files in our code examples using the @@ syntax.
* fail with 503 instead of 000 for injected-app
As a bad destination rule is set to disable client side mTLS and receiving side is mTLS enabled. At this point, Running the curl command between sidecar injected Istio services all requests will fail with a 503 error code as the client side is still using plain-text.
* WIP Add Kubernetes Installation landing page.
This adds the landing page and organizes the content to make it easier to navigate.
Signed-off-by: rcaballeromx <grca@google.com>
* Apply initial feedback on landing page content.
Signed-off-by: rcaballeromx <grca@google.com>
* Rename and move files to enhance navigation.
Added aliases to redirect after filename changes.
Signed-off-by: rcaballeromx <grca@google.com>
* Harmonize all installation guide titles and intros.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix all links affected by the restructure.
Fixed all internal links and added aliases to ensure external redirects.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix paths of images on the ZH content.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix additional links and apply feedback.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix link error introduced by rebase.
Signed-off-by: rcaballeromx <grca@google.com>
* Remove redundant instances of "Istio" in titles.
Signed-off-by: rcaballeromx <grca@google.com>
- Add linter support to detect internal links to aliases. Those are now flagged as
bad links so the source needs to be updated to point to the real destination,
avoiding the user a redirect.
- Fixed occurences of links to aliases.
- Now only load popper.js on pages that use popups in order to improve
load times.
* Update mutual tls deepdive doc to reflect the new authn tls-check behavior
* Also update FAQ
* Correct grammar
* Update content/docs/tasks/security/mutual-tls/index.md
Co-Authored-By: diemtvu <25132401+diemtvu@users.noreply.github.com>
* Address comment
* Also include changes to fix#11825
* Change the example to show default DR to avoid confusion
* Correct change the example to show default DR to avoid confusion
* Update content/docs/tasks/security/mutual-tls/index.md
Co-Authored-By: diemtvu <25132401+diemtvu@users.noreply.github.com>
* Update content/docs/tasks/security/mutual-tls/index.md
Co-Authored-By: diemtvu <25132401+diemtvu@users.noreply.github.com>
* Update namespace for global destination rule
* Update content/docs/tasks/security/mutual-tls/index.md
Co-Authored-By: diemtvu <25132401+diemtvu@users.noreply.github.com>
* document file names used in external certificate configuration
* rephrased to clarify based on PR feedabck
* note using different names requires reconfiguration
Tao Li
Rigs Caballero
Diem Vu
Nik Skoufis
Oliver Liu
Chris Wilson
Yangmin Zhu
lei-tang
Quanjie Lin
Michael
wxdao
Martin Taillefer
Andrew Martin
Douglas Reid
idouba
Frank Budinsky
Andra Cismaru
John Howard
Shriram Rajagopalan
Vadim Eisenberg
Yossi Mesika
Etai Lev Ran