* note HTTP-related attributes -> notice the HTTP-related attributes
* related to Istio sidecar -> related to the Istio sidecar
* rewrite the sentence about ports and the installation option
use port 8000 instead of 443, to generate less confusion
* no HTTP service or service entry -> no HTTP service and no service entry
* extend understanding what happened with the third approach
* change section titles
* split the cleanup section into cleanup subsections
* fix links
* must not -> do not need to
* rewrite the sentence about switching to the first approach
* per specific port, gaining -> for specific ports, enabling
* A caveat is that some ports, for example port 80, already have HTTP
services inside Istio by default
* In this approach, similarly to the previous one -> With this approach, like with the previous one
* approaches can be applied -> approaches can be used
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* split long lines
* split long lines
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Revert "Update content/docs/tasks/traffic-management/egress/index.md"
This reverts commit febb76edc9.
* rewrite the sentence about the installation option and add a link to installation options
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* remove duplicate text
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* Update content/docs/tasks/traffic-management/egress/index.md
Co-Authored-By: vadimeisenbergibm <vadime@il.ibm.com>
* remove a redundant empty line
* address the reader directly
- Ensure that references to GitHub content use the proper annotations so
we get links to the correct branches.
- Added a check to make sure content is not using blockquotes (instead of
{{< warning >}}, {{< tip >}}, and {{< idea >}}. This check is currently
disabled, pending the Chinese content being updated.
- Fix a few violations of these new checks.
* add Install Istio with access to all the external services by default
* fix a typo: copule -> couple
* add a call to cnn
* instal -> install
* replace ; with ,
* add a couple of requests to HTTPS services before changing the config map
to show that they are blocked
* do not delete pilot, it listens to the changes of the config map
* no need to reinstall/update -> no need to update
* add 'Change back to the blocking-by-default policy' section
* perfromed -> performed
* all the services -> all services
* instruct Istio proxy -> instruct the Istio proxy
* no HTTP service exist -> no HTTP service exists
* all the access ... will be blocked -> all accesses ... is blocked
* Unindent the block content
* blocked now -> now blocked
* Revert "add a couple of requests to HTTPS services before changing the config map"
This reverts commit 848171c041.
* put the instructions to kill the pod after checking that the key/certificate are loaded
* add "if you created the secret, but..." before killing the pod
* the secret <secret name> -> the <secret name> secret
* kill -> delete
* Update index.md
In order to better distinguish between the two ways to call external services from an Istio mesh, we should remove the rules about `ServiceEntry`.
* Update index.md
Add a warning icon
* Update index.md
* add before-you-begin-egress boilerplate and use it in one case
* move the boilerplate into content
* replace before-you-begin section for egress task/examples
* remove egress related details from the boilerplate
Fixed in the documentation command
- Typo, the `jsonpath` contain extra dot char: `.items[0]..metadata.name` instead of `.items[0].metadata.name`
- The jsonpath without a weapping in quote chars won't work on all the systems and could lead to some errors of type: `no matches found: jsonpath={.items[0].metadata.name}`
This adds a new Task under the Traffic Management module for showcasing
Istio's Weighted TCP Routing feature.
Signed-off-by: Venil Noronha <veniln@vmware.com>
* Add docker-for-desktop installation note
A default istio helm install under kubernetes running in docker-for-desktop wasn't working because pilot was reserving too much memory. Added documentation to work around this
* Update index.md
* Create index.md
* Update index.md
* Update index.md
* Update index.md
* Rename content/docs/setup/kubernetes/platform-setup/index.md to content/docs/setup/kubernetes/platform-setup/docker-for-desktop/index.md
* Update index.md
* Update index.md
quoted memory allocation, capitalized Kubernetes
If mTLS is enabled we need an additional instruction in the
DestinationRule object, otherwise we break traffic to httpbin
service.
While on that, also change the Mirroring task note to be the same.
* generate certificates in httpbin.example.com directory
* add initial section for ingress for multiple hosts
* add a cleanup step for the directories related to certificates
* fix formatting
* add subsection: Redeploy istio-ingressgateway with the new certificates
* rename httpbin-gateway into mygateway
* add redeployment of Gateway for two hosts
* add -o /dev/null -s -w "%{http_code}\n" to the bookinfo's curl
* fix italics in sending a request to bookinfo
* add verify that httpbin.example.com is accessible as previously
* add -v to curl to bookinfo, show certificates printed
* remove -n istio-system from virtualservice bookinfo
* add Host header to curl requests
* put empty lines around the code blocks
* fix spell checker errors
- We now detect text blocks that are incorrectly indented.
- We now detect image captions that end in a period.
- We now detect page descriptions that don't end in a period.
- CircleCi now runs linting without minifying HTML first, improving perf and
improving error output.
- In CircleCi, we now have a per-build cache for HTML proofer output. This
helps reduce the frequency of link timeout errors.
- Fix errors flagged by the above new lint checks.
* add Advanced Egress Control section in Examples
* move egress gateway and egress tls origination tasks to advanced egress examples
* fix the links and replace task with example
* use subsets for cnn in destination rules and virtual services
* remove trailing spaces
* separate virtual services for traffic to and from egress gateway
to egress gateway: TLS match
from egress gateway: TCP match
* put back tls match for HTTPS egress for Istio without Auth
combine defining the Gateway and the VirtualServices
* use ISTIO_MUTUAL with sni in destination rules
* update the log message to print HTTP/2 as the protocol
* make two VirtualServices into one
* remove redundant explanation about SNI setting in a destination rule
* use different virtual service matches for Istio with and without SNI
* fix the case of HTTP traffic for Istio without Auth
Remove a bunch of entries that shouldn't have been in the spelling dictionary
and correct content aoocrdingly.
I'm disabling the Chinese spell checking for now, since I'm not able to fix the
spelling errors that emerged there. Once this PR is in, I'll file an issue to get
those spelling errors addressed and checking reenabled.
* use kubectl consistently throughout for Istio API resource C.R.U.D operations
xref: https://github.com/istio/istio.github.io/issues/1843
* fix typo
* review comments
* remove unnecessary instructions to use `replace` instead of `create`
* fix linter in `zh` content
* initial version of Egress Gateway for 1.0
* use HTTPS protocol for the egress gateway ports
* change troubleshouting section regarding mutual TLS
just direct users to read the mutual TLS page regarding troubleshooting
* add egressgateway to .spelling
* remove "let's" prevent the "we language"
* fix lint errors
* rename Cleanup section names to more detailed names, to prevent lint errors
* add a section about directing HTTPS traffic thru egress gateway
* remove istio-system namespace from the HTTPS-related artifacts
* add a section for mutual TLS over HTTPS
* disable mTLS on Istio with mTLS between a sidecar and the egress gateway
* use * as a host in the gateway's definition
* clarify the fact that in HTTPS the original traffic is already encrypted
* use mTLS between sidecar and egress gateway
* use explicit host in gateways instead of *
* add subjectAltNames to the upstream of the sidecar proxy
* unite creating a gateway for mTLS and a destination to set SNI
* add a missing dot
* add destination rule for setting SNI for mTLS to all cases
* add deleting the destination rule for mTLS
* split a long line
* Rewrite the steps to create a service entry in a separate step
* use port 80 in the destionation rule for direct HTTP traffic without TLS origination
* remove redundant ServiceEntry definition
* mention DestinationRule for TLS origination
* rename port tls to tls-cnn
for future definition of multiple servers on the same port
* describe getting Envoy's stastics of istio-egressgateway
* Update authentication concept doc.
* Fix lint errors.
* Address comments and fixed some links.
* Remove feature stages change from this PR.
I will make a separate PR for it.
* add ./ to the script to generate certificates
* add a step to verify the subject of the ingress gateway certificate
* add a step to verify the subject of the CA certificate
put the mutual TLS troubleshooting into a separate subsection
* fix the level of the mutual TLS troubleshooting
* remove redundant empty lines
* verify the subject is correct -> verify that the subject is correct
* another case: verify the subject is correct -> verify that the subject is correct
* Consolidate the security concept pages into a single page.
- This updates the security concept material to be on a single page, which matches the
change done last week for the rest of the concept material. This ends up being a less clicky
more directed introduction for newcomers to the platform.
- While I was there, I moved the redundant What is Istio page from our about section and stuck
the content at the top of the What is Istio page in the Concepts section.
Shriram Rajagopalan
Frank Budinsky
Vadim Eisenberg
Martin Taillefer
Jianfei Hu
banix
buptliuwei
Serge Bishyr
l10xbin
Venil Noronha
x15zhang
Jonh Wendell
Jinming Yue
sshucker
Matthieu Maquevice
Tiago M. Vieira
Vincent
Christoph Held
Diem Vu
Oliver Liu
Andra Cismaru
Jason Young
Gregory Hanson
mtail
Kent Rancourt
Limin Wang
Yossi Mesika
Will Witman
Stephen Gilson
Yangmin
Gary Brown
Steven Dake