Add multitenancy blog #1119
Merged
Add multitenancy blog #1119
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
cc @costinm |
|
/LGTM |
geeknoid
reviewed
Mar 29, 2018
_blog/2018/soft-multitenancy.md
Outdated
| @@ -0,0 +1,298 @@ | |||
| --- | |||
| title: "Istio Multitenancy Support" | |||
| overview: Using kubernetes namespace and RBAC to create an Istio soft multitenancy environment | |||
There was a problem hiding this comment.
Done. Also in a few other places below.
_blog/2018/soft-multitenancy.md
Outdated
| {% include home.html %} | ||
| Multitenancy is commonly used in many environments across many different applications, | ||
| but the implementation details and functionality provided on a per tenant basis does not | ||
| follow one model in all environments. The Kubernetes multitenancy [working group]( |
There was a problem hiding this comment.
Include "Kubernetes multitenancy" in the link
_blog/2018/soft-multitenancy.md
Outdated
| follow one model in all environments. The Kubernetes multitenancy [working group]( | ||
| https://github.com/kubernetes/community/blob/master/wg-multitenancy/README.md) | ||
| is working to define the multitenant use cases and functionality that should be available | ||
| within Kubernetes. From their work so far it is clear that only a "soft multitenancy" is |
_blog/2018/soft-multitenancy.md
Outdated
| possible due to the inability to fully protect against malicious containers or workloads | ||
| gaining access to the other pods or kernel resources. | ||
|
|
||
| ## Defining Soft Multitenancy for Istio |
There was a problem hiding this comment.
Lowercase: "soft multitenancy"
_blog/2018/soft-multitenancy.md
Outdated
| ## Defining Soft Multitenancy for Istio | ||
| While discussing the strengths and benefits of deploying applications on top of Istio it | ||
| became apparent that there are multitenant use cases for Istio even within this "soft" | ||
| environmental that does not provide absolute protection amongst tenants. A viable use case |
There was a problem hiding this comment.
environmental -> environment
There was a problem hiding this comment.
Reworded this sentence.
_blog/2018/soft-multitenancy.md
Outdated
| #### Using Istioctl commands in a multitenant environment | ||
| When defining route rules (`RouteRule`) or destination policies (`DestinationPolicy`), it is | ||
| necessary to ensure that the `istioctl` command is scoped to | ||
| the `namespace` the Istio control plane is running in to ensure the resource is created |
There was a problem hiding this comment.
Remove the ticks around namespace
_blog/2018/soft-multitenancy.md
Outdated
|
|
||
| For example, the following command would be required to add a route rule to the *istio-system1* | ||
| namespace: | ||
| ```sh |
There was a problem hiding this comment.
Here and elsewhere, please use "bash" instead of "sh"
_blog/2018/soft-multitenancy.md
Outdated
| ``` | ||
|
|
||
| ```sh | ||
| istioctl -i istio-system1 -n ns-1 get routerule |
There was a problem hiding this comment.
Please put output into a separate block. This allows the user to easily copy the command-line to the clipboard without drgging in all the output.
_blog/2018/soft-multitenancy.md
Outdated
| prometheus-cf8456855-hdcq7 1/1 Running 0 1d | ||
| servicegraph-75ff8f7c95-wcjs7 1/1 Running 0 1d | ||
| ``` | ||
| However, accessing all the cluster's pods or pods from another tenant's namespace is not: |
There was a problem hiding this comment.
I'm describing two actions here; 'all the cluster's pods' (-n all-namespaces) and 'pods for another tenant's namespace' (-n istio-system1). However, now that I've split the bash screens (CLI, display results), I've reworked this section.
_blog/2018/soft-multitenancy.md
Outdated
| ``` | ||
| However, accessing all the cluster's pods or pods from another tenant's namespace is not: | ||
| ```sh | ||
| dev-admin:~/go/src/istio.io/istio# kubectl get pods --all-namespaces |
There was a problem hiding this comment.
Separate command-line from output in two blocks.
Don't include the prompt in the command-line.
louiscryan
reviewed
Mar 30, 2018
_blog/2018/soft-multitenancy.md
Outdated
| administrator gets control and visibility across the entire Istio control plane and all | ||
| meshes, while the tenant administrator only gets control of a specific mesh. | ||
| 1. A single Kubernetes control plane with multiple Istio control planes, one per tenant. | ||
| The cluster administrator gets control and visibility across all the Istio control planes, |
There was a problem hiding this comment.
So currently we don't provide specific affordances for operators to control or visibility over multiple control-planes. There are ways to synthesize this using RBAC and by constraining operator behaviors but it could best be described as ad-hoc. Its also not a high-priority use-case to meet based on conversations with customers so far so it's unlikely we will add specific support for this in the short term.
We're more focused on partitioning within a single control plane using the same logical notion of namespace as K8S does for partitioning. You can kind of think of a namespace as sub-mesh in this context and would act as a solution to #1 above
There was a problem hiding this comment.
Would it be appropriate to refer to this in the "future" section. Is there a pointer or reference to any type of design doc or even feature on the roadmap. I am not sure I have seen anything publicly available that would provide this functionality.
I think if the control plane (more specifically pilot-discovery) allowed the envoy xDS services to be split based on some set of user defined K8s namespaces you are most of the way there to achieving this. Is that the rough plan or has this not been worked out yet?
There was a problem hiding this comment.
I would be hesitate to put this (multiple control planes within a single k8s) in the future section before the community is willing to head to that direction and provide full support over it. We had many issues with running multiple istio control planes within 1 k8s during istio 0.2 and took us days to debug some of these issues. I think it is fine if you want to publish it as a personal view point blog somewhere else, but could be misleading to our users as an official istio io blog on this viewpoint.
There was a problem hiding this comment.
Lin Sun - I am confused by your comment. Are you saying don't add anything to the future section with respect to the functionality Louis refers too (i.e. partitioning within a single control plane using the same logical notion of namespace as K8S does) or what we are calling option 3 in the blog. Which is deployment of multiple Isito control planes on a single Kubernetes cluster. If it is the later from discussions on various threads and in the networking and environments group I thought that was the best way to provide a multitenant Istio deployment. In our testing we have not hit any serious issues, but the testing wasn't very deep. If the Istio community is concerned about claiming that is supported then I have two concerns.
- There is nothing that blocks such a deployment, nor any warning about it that I am aware of
- Without it then I would argue Istio is very much a single tenant only solution right now.
There was a problem hiding this comment.
@john-a-joyce I was referring to option 3 in the blog. I was concerned with having this in the official istio.io blog as it is not something officially supported or have automated e-2-e testing right now by istio. I didn't want to mislead users by seeing the blog that this scenario is supported now. I think we need to position that clearly within the blog, this is an experimental and POC.
louiscryan
reviewed
Mar 30, 2018
_blog/2018/soft-multitenancy.md
Outdated
| a common kubernetes control plane with which they provide as a PaaS to their tenants. | ||
| Additionally, case 4 is easily provided in many environments already. | ||
|
|
||
| Current Istio capabilities are poorly suited to support the first model as it lacks |
There was a problem hiding this comment.
I would move caveats like this to the tail of the document and focus on benefits of the solution for the intended use-case.
There was a problem hiding this comment.
Sure. We can do that. The goal here was never to hammer the current state, but intend document what is currently possible and what is not possible. If there are formal plans of any sort to address some of the caveats it would be appropriate to reference those plans or even mention what is under consideration. We are not aware of any current plans to address some of these caveats. If there are some please provide pointers or details and we can reference them appropriately.
sdake
reviewed
Mar 30, 2018
_blog/2018/soft-multitenancy.md
Outdated
| ``` | ||
| Note that the execution of these two yaml files is the responsibility of the cluster | ||
| administrator, not the tenant level adminstrator. Additional RBAC restrictions will also | ||
| be configured and applied by the cluster administator limiting the tenant administrator to only |
_blog/2018/soft-multitenancy.md
Outdated
| similar to the one below. In this example, a tenant administrator named *sales-admin* | ||
| is limited to the namespace *istio-system1*. A completed manifest would contain many | ||
| more `apiGroups` under the `Role` providing resouce access to the tenant administator. | ||
| ```yaml |
There was a problem hiding this comment.
Have a review of: http://www.yaml.org/spec/1.2/spec.html#id2760395 - this may render fine, but do these examples work as is? I'm not sure what ```yaml does in the jekyll rendering (i.e. does it make the yaml compliant with the yaml 1.2 spec?)
_blog/2018/soft-multitenancy.md
Outdated
| ## Conclusion | ||
| The evaluation performed indicates Istio has sufficient capabilities and security to meet a | ||
| small number of multitenant use cases. It also shows that Istio and Kubernetes can __not__ | ||
| provide sufficient capabilities and security for many other use cases. Especially use |
There was a problem hiding this comment.
This reads awkwardly. Remove Especially. Uppercase Use. conclude the sentence can not be served by this solution.
_blog/2018/soft-multitenancy.md
Outdated
| provide sufficient capabilities and security for many other use cases. Especially use | ||
| cases that require complete security and isolation between the tenants that may be | ||
| malicious towards each other. The improvements required to reach this next level of security | ||
| and isolation are more in Kubernetes or container technology than improvements in Istio capabilities. |
There was a problem hiding this comment.
Also reads awkwardly. Maybe -> Improvements required to reach a more secure model of security and isolation require work in Kubernetes and the underlying CRI implementaiton, rather than improvements in Istio capabilities.
There was a problem hiding this comment.
added/reworded your suggestion a bit
_blog/2018/soft-multitenancy.md
Outdated
|
|
||
| ## Future work | ||
| From the perspective of Istio improvements, the most obvious next features would be to allow | ||
| a single Istio control plane to control multiple meshes. Then possibly have a single mesh |
There was a problem hiding this comment.
Then possibly -> An additional improvement is to provide a single mesh that can...
_blog/2018/soft-multitenancy.md
Outdated
| that can host different tenants with some level of isolation and security between the | ||
| tenants. A [document](https://docs.google.com/document/d/14Hb07gSrfVt5KX9qNi7FzzGwB_6WBpAnDpPG6QEEd9Q) | ||
| has been started within the Istio community to more completely define the use cases and define | ||
| additional functionality that would be required to support those use cases. |
There was a problem hiding this comment.
reworded. (Note, John may update also.)
13ccd43 to
28159a5
Compare
geeknoid
reviewed
Mar 30, 2018
_blog/2018/soft-multitenancy.md
Outdated
| follow one model in all environments. The [Kubernetes multitenancy working group]( | ||
| https://github.com/kubernetes/community/blob/master/wg-multitenancy/README.md) | ||
| is working to define the multitenant use cases and functionality that should be available | ||
| within Kubernetes. From their work so far it is clear that only a "soft multitenancy" is |
There was a problem hiding this comment.
only a "soft -> only "soft
_blog/2018/soft-multitenancy.md
Outdated
| So option 1 won’t be further evaluated in this blog. | ||
|
|
||
| Regarding the 2nd option the current Istio paradigm assumes a single mesh per Istio control | ||
| plane. The needed changes to support this mode are substantial and would also require RBAC |
_blog/2018/soft-multitenancy.md
Outdated
| Current Istio capabilities are well suited to providing this option as namespace-based scoping | ||
| is already widely supported in most Istio modules. Best practices for deploying multiple | ||
| tenant applications per cluster require the use of a namespace. This blog will provide a | ||
| high level description on the requirements to deploy multiple Istio control planes |
_blog/2018/soft-multitenancy.md
Outdated
| plane. Although it is a simple matter to deploy multiple control planes by replacing the | ||
| *istio-system* namespace references as described above, a better approach is to split the | ||
| manifests into a common part that is deployed once for all tenants and a per tenant | ||
| specific portion. All the CustomResourceDefinitions (CRDs), the roles and the role |
There was a problem hiding this comment.
a per tenant specific -> a tenant specific
_blog/2018/soft-multitenancy.md
Outdated
| In addition to creating RBAC rules limiting the tenant administrator access to a specific Istio | ||
| control plane, the istio manifest must be updated to specify the application namespace that | ||
| Pilot should watch for creation of its xDS cache. This is done by starting the Pilot component | ||
| with the additional command line arguments, `--appNamespace, ns-1`. Where *ns-1* is the |
There was a problem hiding this comment.
arguments, -> arguments (drop the comma)
_blog/2018/soft-multitenancy.md
Outdated
|
|
||
| ### Deploying the tenant application in a namespace | ||
| Now that the cluster administrator has created the tenant's namespace (ex. *istio-system1*) and | ||
| the Pilot's service discovery has been configured to watch for a specific application |
_blog/2018/soft-multitenancy.md
Outdated
| Now that the cluster administrator has created the tenant's namespace (ex. *istio-system1*) and | ||
| the Pilot's service discovery has been configured to watch for a specific application | ||
| namespace (ex. *ns-1*), create the application manifests to deploy in that tenant's specific | ||
| namespace. Example: |
_blog/2018/soft-multitenancy.md
Outdated
| it is necessary to ensure that the `istioctl` command is scoped to | ||
| the namespace the Istio control plane is running in to ensure the resource is created | ||
| in the proper namespace. Additionally, the rule itself must be scoped to the tenant's namespace | ||
| so that it will be applied properly to that tenant's mesh. The "-i" option is used to create |
There was a problem hiding this comment.
Here you use "-i" but elsewhere you've used -i to denote options. Probably want to make everything consistent.
There was a problem hiding this comment.
done (i think :-) )
_blog/2018/soft-multitenancy.md
Outdated
| so that it will be applied properly to that tenant's mesh. The "-i" option is used to create | ||
| (or get or describe) the rule in the namespace that the istio control plane is deployed in. | ||
| The "-n" option will scope the rule to the tenant's mesh and should be set to the namespace that | ||
| the tenant's app is deployed in. Note that the -n option can be skipped on the command line if |
There was a problem hiding this comment.
Naked -n option, needs " or *
_blog/2018/soft-multitenancy.md
Outdated
| ``` | ||
|
|
||
| The tenant administrator can deploy applications in the application namespace configured for | ||
| that tenant. As an example, updating the [bookinfo]({{home}}/docs/guides/bookinfo.html) |
3914e6b to
acbeed9
Compare
linsun
reviewed
Apr 3, 2018
| namespace: | ||
| ```bash | ||
| istioctl –i istio-system1 create -n ns-1 -f route_rule_v2.yaml | ||
| ``` |
There was a problem hiding this comment.
How would this work with istio ingress yaml file, do you also specify -i to specify which ingress controller you are applying the yaml? Does k8s support multi-tenancy ingress controllers?
There was a problem hiding this comment.
Lin - each istio control plan has a corresponding istio-ingress that is deployed in the same namespace. So k8s does allow multiple ingresses and they are scoped to a namespace. The -i option is not really pertinent in regards to the ingress
There was a problem hiding this comment.
John, I was thinking for ingress yaml file, user would use -i to indicate which control plane (that includes istio-ingress) to create the ingress yaml file. No? Could you clarify how users would do that?
There was a problem hiding this comment.
Lin - I am not sure I fully understand your question. The -i option with istioctl is used to scope the istioctl command to the namespace the associated istio control plane is running in. IOW it creates the resource within the kubernetes namespace associated with the istio control plane. For route rules and destination policies the control plane is the user of those resources so it should be created in the namespace of the control plane. Ingress is a bit different. You don't create an ingress with the istioctl option. So the "-i" option doesn't apply at all. It is true that an istio-ingress should be created for each istio control plane in the same namespace as pilot, mixer and CA. The way we did that in this work was as described in the section above: "Multiple Istio control planes". If there is further clarification you would like could you please let us know.
There was a problem hiding this comment.
Thanks. I think the clarification would be explaining how ingress will be deployed in the multiple istio control planes environment, like you explained here, e.g. you should create your ingress within the namespace of your Istio control plane and watch out for potential path conflicts yourself?
There was a problem hiding this comment.
Reworked a bit. Added more content (including mentioning ingress) in "Multiple Istio control planes" section.
frankbu
reviewed
Apr 3, 2018
_blog/2018/soft-multitenancy.md
Outdated
| ## Defining soft multitenancy for Istio | ||
| While discussing the strengths and benefits of deploying applications on top of Istio, it | ||
| became apparent that there are multitenant use cases for Istio even within this Kubernetes | ||
| "soft multitenancy" definition that does not provide absolute protection amongst tenants. |
frankbu
reviewed
Apr 3, 2018
_blog/2018/soft-multitenancy.md
Outdated
| While discussing the strengths and benefits of deploying applications on top of Istio, it | ||
| became apparent that there are multitenant use cases for Istio even within this Kubernetes | ||
| "soft multitenancy" definition that does not provide absolute protection amongst tenants. | ||
| A viable use case for this scenario is shared corporate infrastructure where malicious |
frankbu
reviewed
Apr 3, 2018
_blog/2018/soft-multitenancy.md
Outdated
| (tenant controlled). | ||
|
|
||
| Options 1, 2 and 4 either can't be properly supported without code changes or don't fully | ||
| address the use cases. Current Istio capabilities are well suited to providing option 3 so |
There was a problem hiding this comment.
What are the use cases? This is a very confusing section that uses a lot of lose terminology, e.g., scenarios, use cases, models, options, without clearly explaining what they're referring to. I would suggest either elaborate, or leave out all this option stuff and just focus on what the rest of the blog is about: one way to implement multi tenancy with Istio on top of kubernetes (i.e., option 3).
There was a problem hiding this comment.
agree with @frankbu - this section is a little confusing and could be dropped.
acbeed9 to
2926032
Compare
b46d4ff to
db0f0a8
Compare
|
/assign @geeknoid |
linsun
reviewed
Apr 11, 2018
_blog/2018/soft-multitenancy.md
Outdated
|
|
||
| The evaluation performed indicates Istio has sufficient capabilities and security to meet a | ||
| small number of multi-tenant use cases. It also shows that Istio and Kubernetes __cannot__ | ||
| provide sufficient capabilities and security for many other use cases, especially those use |
There was a problem hiding this comment.
could we reword many other user cases to some other user cases?
linsun
approved these changes
Apr 11, 2018
6e464c1 to
dc28e07
Compare
|
Looks good to merge, but the publication date should be updated before merging |
5daec18 to
948b334
Compare
|
/lgtm |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: frankbu, john-a-joyce, linsun The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
john-a-joyce
added a commit
to john-a-joyce/istio.github.io
that referenced
this pull request
May 14, 2018
* add example for disabling injection (istio#1021) * Updated reference docs. (istio#1045) * Add task for Istio CA health check. (istio#1038) * Add task for Istio CA health check. * Small fix. * Small fix. * Updates troubleshooting guide to add pilot (istio#1037) * Fix misnamed link (istio#1050) * update document generation for istioctl (istio#1047) * Hack to get ownership of Google analytics account for the site. * Don't need the analytics hack no more... * Make the rake test ensure that we use {{home}} consistently. (istio#1053) We now generate the test site into a subdirectory such that we can ensure all links are correctly using {{home}}, which makes the site work correctly once archived. Fixed a bunch of broken cases. * Reduce the visual weight of code blocks so they don't break up the page so much. (istio#1054) * Introduce support for building the site in "preliminary" mode. (istio#1052) * Notes for 0.6 (istio#1048) * Refresh version selection menu given 0.6. * update instructions for mesh expansion (istio#1056) * update instructions for mesh expansion * remove ISTIO_STAGING references * Specify --debug option to use docker.io/istio/proxy_debug image for (istio#1057) deployment. * Update reference docs. * Update Quick start Doc (istio#1059) Fix Typo * Update Istio RBAC document to relfect sample changes. (istio#1062) * Fix typo in Cleanup section (istio#1061) * clarify verification of injected proxy with automatic injection (istio#1024) * Fixe wrong port number (istio#1041) * Sidecar proxy help (istio#1044) * Use same instance name in Mixer config example (istio#1051) * Add a bunch of redirects for old pages (istio#1066) The Google Crawl Engine reported a bunch of broken links pointing into istio.io. This adds redirects so that these links work. Add a hack such that the gear menu logic that lets you time travel through versions of the site will insist that if a page existed in a given version, it must also exist in subsequent versions. This will ensure we always create redirects when we move site content, and thus avoid breaking links into the site. If a page is moved or removed, this will lead to rake test errors when checking the content of archive.istio.io. * Update reference docs. * Fix bad formatting. * Fix typos. * Update reference docs. * Eliminate flickering on page load. (istio#1068) - Fix another issue with my arch-nemesis, the Copy button. My last fix for Copy button issues resulted in screen flickering upon page loading. This is now fixed. - Pin the size of the gear and magnifying glass icons in the header to avoid flicker as the fonts for those renders a few ms too late and lead to flickering on page load. - Cleaned up the site's JavaScript for clarity, and include minimized versions in the site for improved perf. * Improve formatting. (istio#1070) - Remove the silly right indent used for list items. This was throwing away a lot of useful screen real estate on mobile. * Add support for dynamically inserting file content into the site. (istio#1069) This is useful for pulling in content straight from GitHub on the fly, rather than cut & pasting it into the site. * Update sidecar AWS verification (istio#1060) * Update sidecar AWS verification Add verification without ssh access on master node. Perform check directly with kubectl client. * Update sidecar injection Docs Update with @ayj remarks * Update link Update link for managing tls in a cluster, add a '/' * Fix links. (istio#1073) - Add a / to links pointing to directories - Switch a bunch of links from http: to https: * master branch is now server from preliminary.istio.io (istio#1075) * Setup 0.7. * Forgot to update releases.yml. * Update README * Consolidate cluster prerequisites for webhooks into k8s quick start (istio#1077) The automatic sidecar injection has its own set of k8s install instructions for webhooks. This overlaps with the general k8s install instructions. We'll also introduce server-side configuration webhooks which need the same prerequisites. * Add missing .html suffix on some links. (istio#1080) * A few more link fixes (istio#1081) * Fix handling of legacy community links. * Add missing .html extension on search page reference. * Add Certificate lifetime configuration in FAQ. (istio#1079) * Update reference docs. * Fix some newly broken links. (istio#1082) * Update reference docs. * Remove empty document. (istio#1085) * Update Ansible documentation to reflect change in Jaeger addon (istio#1049) * Update Ansible documentation to reflect change in Jaeger addon Relates to: istio/istio#3603 * Small polish to Ansible documentation * Remove extra tilde in the docs (istio#1087) Fixes istio#1004 * [WIP] Update traffic routing tasks to use v1alpha3 config (istio#1067) * use v1alpha3 route rules * circuit breaking task updated to v1alpha3 * convert mirroring task to v1alpha3 * convert egress task to v1alpha3 * Egress task corrections and clarifications * use simpler rule names * move new tasks to separate folder (keep old versions around for now) * update example outputs * egress tcp task * fix broken refs * more broken refs * imporove wording * add missing include home.html * remove ingress task - will create a replacement in followup PR * Improve sorting algorithm to use document title and not just document URL. (istio#1089) This makes it so documents in the same directory get sorted by document title instead of by the URL name (unless they have an order: directive, which takes precedence over alpha order) * Istio RBAC doc fix. (istio#1093) * Improve readability * Add one more faq for secret encryption (istio#1096) * Add note to have debug version of proxy for curl command (istio#1097) * Delete some old stuff we don't need anymore. * Delete some old stuff we don't need anymore. * Fix problem preventing proper section indices in the "About" section of the site. * Revise note to install curl (istio#1098) * Revise note to install curl * Revise note to install curl * Address comment * Fix bug with the Copy button and proto documentation. - HTML generated from protos encode preformatted blocks with <pre><code></code></pre>, while HTML generated through Jekyll's markdown converter wraps an extra <div> around the block. The logic to insert the Copy button on preformatted was assuming the presence of this DIV. If the DIV is not present on input, we now explicitly add one which makes things work. * Update reference docs. * Fix bug that was messing up all the index pages in the site. (istio#1100) Fix newly broken k8s link along the way... * Revise curl instruction in master branch (istio#1107) * Update intro.md (istio#1110) * Update intro.md Updating info per Wencheng's suggestion * Update intro.md * WIP - Combined ingress/gateway task for v1alpha3 (istio#1094) * First pass combined ingress/gateway task * Add verifying gateway section * clarifications * fix broken link * fix build broken * address review comments * fix small grammar issue (istio#1112) * Fix a few bugs and add a feature. (istio#1111) - Link injection for document headers has been broken for a while due to my misunderstanding of the "for in" syntax in JavaScript. This now works as expected. - Same problem also prevented the feature that causes every link to outside of istio.io to be opened in a separate window. This now works as intended. - Made the gear dropdown menu be right-aligned such that it doesn't go off-screen on portrait mode tablets. - Stop importing Popper.js since it's only needed for dropdown menus that aren't in the nav bar. Ours is in a nav bar... - Added link injection for <dt> terms, which makes it easy to create links to individual glossary entries. * 0.7 notes (istio#1101) * Add an entry about creating quality hyperlinks. (istio#1114) * 0.2.12 typo fix + doc link should be to docs/ directly + ... (istio#1115) * 0.2.12 doc link should be to docs/ directly + note about shell security * fix typo (for for) * Revise wording and linking Drop the double TOC (this page has very little traffic anyway) * Fix inconsistent header use in this doc. * Fix invalid index page. * Update servicegraph docs with new viz. (istio#1074) * Fix mobile navigation issues. (istio#1118) When on mobile, the left sidebar is hidden by default. To make navigation easier, we allow the user to browse the site entirely through the various index sections which provide links to all articles. This wasn't working for the About and Blog links at the top of the page since they send you to a direct page instead of to the relevant navigation page. So... - Made the About link point to the about section's index page. - Each blog page now contains a link to the next and previous blog post. * [ImgBot] optimizes images (istio#1120) /_docs/tasks/telemetry/img/servicegraph-example.png -- 41.49kb -> 28.62kb (31.03%) * Add documentation for upgrade (istio#1108) * Add upgrade doc and fixing a broken link. * revert one file. * Refine the doc. * Move the doc. * Fix syntax. * Fix syntax * Fix syntax * Make non-manifest based installers have similar titles and overviews (istio#1086) * Make the setup page a little more consistent. * Make non-manifest based installers have similar titles and overviews * Shorten the overview,tidy up the title, and add a helm.html redirect * Installation typo in both files * Fix inconsistent header use in this doc. (istio#1117) * Improve layout on phone. - We shrink the height of the header and footer when on mobile. - We shrink the header font based on screen width, to avoid the nav bar being split on two lines which leads to all sorts of bad things happening * Since we shrink the brand more aggressively, allow the navbar to be displayed until the next bp. * Oops, left a debugging change in accidentally, reverting. * Add Istio mTLS support for https service demo (istio#1121) * Add Istio mTLS support for https service demo * Address comment * Address comment * Address comment * Fix more headers. (istio#1126) * Update procedures to access the team drive. * Fix broken links, causing HTML proofer in circleci gates to fail (istio#1132) * Fix broken links, causing HTML proofer in circleci gates to fail * Add the same missing links to sidecar-injection.md * Refine Helm installation warning. (istio#1133) Helm charts are unstable prior to 0.7. Remove the red warning and instead add a simple notice that Helm charts =<0.7 are not functional. * Fix typo In AWS (w/Kops) section: "openned" should be "opened"? * prepare_proxy was refactored into istio-proxy (istio#1134) * In Note 1: Consul modified to Eureka (istio#1122) * Revamped nav header for better mobile experience. (istio#1129) - We now only use the skinny version of the navbar instead of dynamically switching based on viewport size. This looks cleaner, giving more screen space to the content rather than our chrome. - The search textbox is replaced with a search button. Clicking the button brings up the search textbox. This looks less cluttered and works considerably better on smaller screens. - When on a phone and the nav links are collapsed into a hamburger menu, cleanly show the search box in the menu that comes up when you click the hamburger. - Remove the down arrow next to the cog, it's superfluous and things look cleaner without it. * Add one faq item for istio on https service (istio#1127) * Add one faq item for istio on https service * Address comment * Address comment * Simplify the demo of plugin ca cert. (istio#1138) * Update IBM Cloud Container Service (IKS) k8s setup instructions (istio#1136) Copy IKS specific instructions from istio#1072 to general k8s setup page. * Revamp the footer. (istio#1137) - Remove all the redundant stuff and emphasize community resource via icons. - Move the "Report a doc bug" and "Edit this page on GitHub" options to the gear menu. - Use Jekyll "include" support to store the landing page's artwork in external SVG files instead of directly embedded in the HTML. Much nicer. * Switching to 0.8. * Update README * Add placeholder 0.8 file to fix rake tests * Create Owners * Fix markdown (istio#1140) * Cleans up the readability of the Ansible Installation (istio#1130) * Cleans up the readability of the Ansible Installation Run through a yaml linter Run through spell | sort | uniq Reorganized to semi-match the Helm installation page as they have similar functionality There are things I like about how this document is structured now and will carry those over to the Helm documentation in the future as time permits. * Remove customization example as suggested during the review * Change Openshift->OpenShift * Add labels over community icons in the footer. (istio#1142) * Remove $ sign in command since it breaks the copy button (istio#1143) * Update 0.7.md (istio#1144) helm is working in master branch but not in 0.7.1 * Fix bug caused by istio#1138 (istio#1145) * Switch back to normal html-proofer (istio#1146) As my pr was merged Fixes istio#849 * Setup for linting markdown files. (istio#1147) - linters.sh will run spell-checking and a style checker on markdown files. - Fix a whole bunch of typos and bad markdown content throughout. There are many more fixes to come before we can enable the linters as a checkin gate, but this takes care of a majority of items. More to come later. * Finish fixing remaining lint errors * Make spell checking and style checking part of our doc checkin gate. (istio#1154) * Update * Inline the TOC on mobile. - For small screens that don't have room for the righthand TOC, we now display the TOC inline in the main document. This substantially improves navigation on mobile. - Fix the scroll offset which was off by a bit since the switch to the skinny header. * Update reference docs. * Improve mobile experience. (istio#1158) - The two call to action buttons on the landing page are now displayed one of top of the other on small screens instead of next to one another. - On mobile, when you scroll down a page, an arrow shows up in the top right of the screen to let you scroll back to the top of the page. This is mighty handy since on mobile there isn't a TOC available to click on. - Add some convenient links on the docs' section landing page. * Accessibility improvements. (istio#1159) * www.yaml.org went missing - yaml.org seems to work. (istio#1166) sdake@falkor-08:~/go/src/istio.io/istio.github.io/_docs$ dig www.yaml.org ; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.yaml.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34828 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;www.yaml.org. IN A ;; Query time: 917 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sun Apr 08 09:10:51 MST 2018 * Authn policy concept and tutorial. (istio#1128) * fix service account names in the instructions for OpenShift (istio#1083) This commit replaces the service account names for grafana and prometheus in the instructions to set the security context constraints for OpenShift. * Improve plugin cert task for better UX. (istio#1150) * Update Security section in Istio overview (istio#1170) * Update Security section in Istio overview * Fix comment * Update documentation for automatic sidecar injection webhook. (istio#1169) * Add multicluster deployment documentation to Istio (istio#1139) * Add multicluster deployment documentation to Istio * Change *Ip to *Endpoint a per request * Fix a typo * Address all reviewer comments Note, SVG diagram will be handled as a follow-on PR. * Fix legitimate spelling errors found by gate * Some backticks to fix spelling errors and other misc cleanups * some spelling and backticks. * Expand spelling exemptions dictionary slightly * Correctly spell routable. * Address reviewer comments. Needed a rebase in the process. * A minor consistency change * Address reviewer comments. * Add a caveats and known issue tracker to the documentation Early on during review of this PR, I believe there was a review asking for caveats, but it has disappeared from the github comments. * Make istio.io support quality print output. (istio#1163) - Get rid of all the chrome when printing a page. So no headers, sidebars, etc. - Ensure that PRE blocks are fully expanded when printing instead of showing a scroll bar. - Generate endnotes for each page printed which lists the URLs of the various links on the page. Each link site is annotated with a superscript number referencing this table. * Update doc for TCP periodical report. (istio#1095) * Update doc for TCP periodical report. * Add report response arrow into svg. * Reference: https://istio.io/docs/reference/config/istio.routing.v1alpha1.html#StringMatch (istio#1180) * Fix broken links caused by changes in istio/istio. * Update reference docs. * Improve sidenav behavior on mobile. (istio#1173) The sidenav now hovers over the main text instead of pushing the main text sideways. The rendering of the sidenav toggler button now matches the "back to top" button I added last week. * Bunch of improvements (istio#1181) - New visuals for the sailboat in the header. It now overflows the header. - The TOC now highlights the currently displayed portion of the current page. As you scroll through the doc, the selected entry updates accordingly. - Add previous/next page links in every doc page. These used to be present only in blog posts, but they're useful everywhere. - Fix a few off-by-one formatting errors that stemed from using a mixed of min-width and max-width throughout the stylesheet. This caused some strange formatting to happen at specific window widths. Now, we're consistently using min-width and everything lines up properly. - Improved footer formatting so it looks better on mobile. - Only display the TOC on XL screens, otherwise it wraps too much. Screens smaller than XL now all get the inlined TOC instead. - Add support for pages to request that the TOC be generated inline instead of in a sidebar. This is useful for pages that have headings which cause too much wrapping in the TOC, such as the Troubleshooting Guide. - Add some blank space between an inlined TOC and the main text so that things don't look so crowded, especially when printing. - Inline the sailboat SVG into each page. This avoids a network roundtrip and allows the SVG to be controlled with the same CSS as everything else. - Eliminate a huge amount of redundancy in the four main layout file for the site. They now share a single primary.html include file which carries most of the weight. This will avoid having to constantly make the same change in four different files. - Improve the generated HTML for <figure> elements which makes things better for screen readers. - Simplify the HTML & CSS for the footer. * Fix indent issue (istio#1182) * Rename Isito CA to Citadel. (istio#1179) * Update feature-stages.md (istio#1183) Updates to features as of 0.7 release * Update Helm Documentation (istio#1168) * Modify minimum pin of Istio version with Helm and improve prereqs * Add section describing briefly how to use helm without tiller * Change heading description for Helm method and add upgrade warning * Make common customization options table match current master * Subsection the two methods for installing with Helm * Remove Helm keys from .spelling. Add FQDNs as an acronym. * Backtick the keys and defaults, values.yaml, and fix 1 spelling error * Add uninstall instructions for both kubectl and helm with tiller * Place backticks around architecture platforms and correctly list them * Show both uninstall methods (kubectl & Helm) * Remove two extra CRs * Fix yaml linting errors * Link to requirements for automatic sidecar injection. * Change istio-auth to istio for rendering * Address reviewer comments. * Fix linting error. * Notify operator they need capability to install service accounts. * Fix lint error * Switch to PrismJS for syntax highlighting. (istio#1184) Instead of doing syntax highlighting statically in Jekyll, we now go back to the PrimsJS library we used in the 0.2-0.4 timeframe. It used to be problematic, but the cause for the problems have been addressed a while ago. This gives us highlighting for non-markdown content, such as dynamically loaded PRE blocks and PRE blocks that come from HTML generated from protos. * Adding info about new expression language methods. (istio#1186) Adding info about dnsName, email, and uri functions. * Fix typo liveliness -> liveness (istio#1188) * Fix typo liveliness -> liveness Add mdspell dependency to gem installations * Add backticks around firebase deploy command * Fix a few bugs. (istio#1187) - The slide-in sidenav used on mobile went all crazy when text got too long in the expanded panel. We now set a max width to trigger controlled wrapping and avoid the nasties. - The hamburger menu that replaces the link in the top header on small screens didn't render right on medium-sized screens (a.k.a. portrait-mode tablets). I had one of my breakpoints set inconsistently. - Dynamically loaded PRE blocks were not being syntax colored, now they are. - The Links endnote section created for printing pages was not dedupping identical links. - The Links endnote section contained entries for the next/previous links which are normally at the bottom of each page. These links aren't visible when printing and so shouldn't appear in the Links endnote section. * Add rocket chat to our footer & community page. (istio#1189) Also, update the mailing list icon on the community page to match what we use in the footer. * Add instructions to integrate Istio with existing Endpoints services. (istio#1164) * Add multitenancy blog (istio#1119) * Add multitenancy blog * Update soft-multitenancy.md * Update soft-multitenancy.md * Add multitenancy blog * Add blog entry for configuring aws nlb for istio ingress (istio#1165) * Don't add links from figures into endnotes. (istio#1192) - The prior design for avoiding links for figures was brittle and was in fact broken. Now it's more robust. * [ImgBot] optimizes images (istio#1193) *Total -- 683.39kb -> 440.68kb (35.52%) /_blog/2018/img/roles_summary.png -- 101.32kb -> 61.03kb (39.77%) /_blog/2018/img/policies.png -- 244.70kb -> 148.25kb (39.41%) /_blog/2018/img/attach_policies.png -- 48.65kb -> 31.59kb (35.06%) /_blog/2018/img/createpolicyjson.png -- 120.21kb -> 80.63kb (32.93%) /_blog/2018/img/create_policy.png -- 86.38kb -> 60.62kb (29.82%) /_blog/2018/img/createpolicystart.png -- 82.12kb -> 58.55kb (28.7%) * Update circuit break use existing file. (istio#1091) * Add proper link to Helm and Multicluster feature stages (istio#1196) * Update multicluster installation to match master (istio#1195) * Add a trailing / on an URL that was returning a 301 * Update multicluster intallation to match master Big usability improvements have been made. Document the new workflow for multicluster. * Address reviewer comments. * Fix linting problem * Fix docker run command (istio#1201) The command as it stands will fail with "Gemfile not found". The working directory should be set to $(pwd) as well to start execution in the istio.github.io directory and find the Gemfile. * remove installation instructions for prometheus (istio#1199) * remove installation instructions for prometheus * more doc fixes for 0.8 * Add request.auth.claims and update source.user, source.principal, and (istio#1205) request.auth.principal * Fix command to build & serve site locally using docker (bad workdir) (istio#1206) * Add attributes into documentation. (istio#1200) * add a step to define ingress gateway in bookinfo guide (istio#1207) * add a step to define ingress gateway in bookinfo guide following istio/istio#5113 * make ingress gateway lower case * Fix broken link in README.md (istio#1209) * Adding Azure support instructions (istio#1202) * adding docs for Azure * minor misspelling fix * adding acronyms * removing blank line * changing bash output to reflect only necessary flags * fixing grammar errors * Fix link to IBM cloud private (istio#1216) * Typo fix (istio#1208) * clarify we support more than just k8s (istio#1212) * Update reference docs. (istio#1219) * Quiet GitHub warning * v1alpha3 routing blog (istio#1190) * Clarify istio.io/preliminary.istio.io stuff (istio#1221) * add galley.enabled option to helm instructions (istio#1222) * Fix naming collision (istio#1226) ingressgateway and ingress both match the grep, resulting in incorect ingress name being produced in troubleshooting guide. * adding the recommended namespace (istio#1218) * adding the recommended namespace istio/old_issues_repo#312 * add the recommended namespace * add creating the namespace * correct typos * only need to create namespace for the template approach * Introduce support for new fangled PRE blocks. (istio#1224) Instead of having to have two PRE blocks, one for commands and one for the output, we can now have a single PRE block and we take care of rendering things to show the command vs. the output. The Copy button on such a thing only copy the command, and not the output. We now also show a $ on command-lines, but the Copy button doesn't copy that and knows to just copy the usable part of the command-line. * 0.8 release notes. (istio#1223) * Fix incorrect behavior of the sidenav when dealing with long non-wrapping page titles. (istio#1229) - When I was last fiddling with the sidenav on mobile, I messed up the sizing for non-mobile cases. This cause the sidenav to grow beyond its expected size when presented with long non-wrapping page titles. The text is now wrapped instead as it should. - Shrank the font size of the list items in the sidenav to 85% to reduce the amount of wrapping that happens. - Reduce the right margin in the side nav to again try to reduce the amount of wrapping. * Update content to help upcoming migration from Jekyll to Hugo (istio#1232) - In front matter, order: and overview: are now weight: and description: - In front matter, we generally don't need layout: and use config to assign layouts automatically - Remove the useless type: front-matter entries, the type is infered from the file extension. * Improves multicluster documentation (istio#1217) * Improves multicluster documentation Improve documentation based upon fresh eyes running through the documented process. * Address reviewer comments. * More refinement. * Exclude rule MD028 Rule 028 is: https://github.com/DavidAnson/markdownlint/blob/master/doc/Rules.md#md028---blank-line-inside-blockquote The rationale below cut and pasted from markdownlint seems valid for the general case, however, our MD parser always produces seprate block-quotes, which is what I am after in this PR. I think other people will prefer our renders of blockquotes (separate blockquotes); Rationale: Some markdown parsers will treat two blockquotes separated by one or more blank lines as the same blockquote, while others will treat them as separate blockquotes. * Improve the doc to apply istio-auth.yaml (istio#1227) * Fix doc (istio#1228) * Task/guide updates for v1alpha3 (istio#1231) * Task/guide updates for v1alpha3 * fix typo * remove trailing spaces * tweaks * Corrections and clarifications (istio#1238) * clarify https external services support (istio#1239) * clarify https external services support * spelling error * Hopefully finally really fix the issues with the sidenav on small screens. (istio#1240) * fix manual sidecar injection docs for helm template changes (istio#1211) Addresses istio#1210 * Switch most uses of ```bash to ```command. (istio#1242) This takes advantage of the new rendering for command-lines and their outputs. * Fixes to the doc after testing/reviewing it with release-0.8 istio branch (istio#1244) * update format of a tcp ServiceEntry (istio#1237) * Remove broken link. (istio#1250) * WIP PR for v1alpha3 task corrections (istio#1247) * ingress task corrections * fault injection task version wrong * Fault task corrections (istio#1253) * update samples to align with latest proto definition (istio#1254) * Traffic Shifting Review - Fixed wrong links (istio#1259) * rbac.md: unindent yaml files (istio#1257) also fixed a typo Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com> * Create istio namespace before install remote cluster. (istio#1243) * update instructions for gke-iam (istio#1260) * Remove a broken link. (istio#1263) * Fix another broken link. (istio#1265) * [ImgBot] optimizes images (istio#1264) *Total -- 73.77kb -> 65.13kb (11.72%) /_docs/setup/kubernetes/img/dm_gcp_iam_role.png -- 38.54kb -> 33.47kb (13.15%) /_docs/setup/kubernetes/img/dm_gcp_iam.png -- 35.23kb -> 31.65kb (10.15%) * Fixes istio#1241 (istio#1258) * Added namespace when create helm template. (istio#1234) * Add istioctl proxy-config to the troubleshooting section (istio#1267) * Fix istioctl proxy-config link to not point at prelim docs (istio#1269) Because that would be a dumb thing to do * Update how we insert images to make a transition from Jekyll to Hugo easier. (istio#1275) * Change publish_date front-matter to publishdate to aid in the Jekyll to Hugo migration. (istio#1276) * Remove stray quotes. * Shorten long titles and descriptions. (istio#1278) * Fix aspect ratio of a couple images. (istio#1277) The incorrect aspect ratio value was leading to spurious top/bottom padding on the images. Also, delete unecessary .png version of some .svg files.
istio-testing
pushed a commit
that referenced
this pull request
May 14, 2018
* Rebase from Istio Master (#2) * add example for disabling injection (#1021) * Updated reference docs. (#1045) * Add task for Istio CA health check. (#1038) * Add task for Istio CA health check. * Small fix. * Small fix. * Updates troubleshooting guide to add pilot (#1037) * Fix misnamed link (#1050) * update document generation for istioctl (#1047) * Hack to get ownership of Google analytics account for the site. * Don't need the analytics hack no more... * Make the rake test ensure that we use {{home}} consistently. (#1053) We now generate the test site into a subdirectory such that we can ensure all links are correctly using {{home}}, which makes the site work correctly once archived. Fixed a bunch of broken cases. * Reduce the visual weight of code blocks so they don't break up the page so much. (#1054) * Introduce support for building the site in "preliminary" mode. (#1052) * Notes for 0.6 (#1048) * Refresh version selection menu given 0.6. * update instructions for mesh expansion (#1056) * update instructions for mesh expansion * remove ISTIO_STAGING references * Specify --debug option to use docker.io/istio/proxy_debug image for (#1057) deployment. * Update reference docs. * Update Quick start Doc (#1059) Fix Typo * Update Istio RBAC document to relfect sample changes. (#1062) * Fix typo in Cleanup section (#1061) * clarify verification of injected proxy with automatic injection (#1024) * Fixe wrong port number (#1041) * Sidecar proxy help (#1044) * Use same instance name in Mixer config example (#1051) * Add a bunch of redirects for old pages (#1066) The Google Crawl Engine reported a bunch of broken links pointing into istio.io. This adds redirects so that these links work. Add a hack such that the gear menu logic that lets you time travel through versions of the site will insist that if a page existed in a given version, it must also exist in subsequent versions. This will ensure we always create redirects when we move site content, and thus avoid breaking links into the site. If a page is moved or removed, this will lead to rake test errors when checking the content of archive.istio.io. * Update reference docs. * Fix bad formatting. * Fix typos. * Update reference docs. * Eliminate flickering on page load. (#1068) - Fix another issue with my arch-nemesis, the Copy button. My last fix for Copy button issues resulted in screen flickering upon page loading. This is now fixed. - Pin the size of the gear and magnifying glass icons in the header to avoid flicker as the fonts for those renders a few ms too late and lead to flickering on page load. - Cleaned up the site's JavaScript for clarity, and include minimized versions in the site for improved perf. * Improve formatting. (#1070) - Remove the silly right indent used for list items. This was throwing away a lot of useful screen real estate on mobile. * Add support for dynamically inserting file content into the site. (#1069) This is useful for pulling in content straight from GitHub on the fly, rather than cut & pasting it into the site. * Update sidecar AWS verification (#1060) * Update sidecar AWS verification Add verification without ssh access on master node. Perform check directly with kubectl client. * Update sidecar injection Docs Update with @ayj remarks * Update link Update link for managing tls in a cluster, add a '/' * Fix links. (#1073) - Add a / to links pointing to directories - Switch a bunch of links from http: to https: * master branch is now server from preliminary.istio.io (#1075) * Setup 0.7. * Forgot to update releases.yml. * Update README * Consolidate cluster prerequisites for webhooks into k8s quick start (#1077) The automatic sidecar injection has its own set of k8s install instructions for webhooks. This overlaps with the general k8s install instructions. We'll also introduce server-side configuration webhooks which need the same prerequisites. * Add missing .html suffix on some links. (#1080) * A few more link fixes (#1081) * Fix handling of legacy community links. * Add missing .html extension on search page reference. * Add Certificate lifetime configuration in FAQ. (#1079) * Update reference docs. * Fix some newly broken links. (#1082) * Update reference docs. * Remove empty document. (#1085) * Update Ansible documentation to reflect change in Jaeger addon (#1049) * Update Ansible documentation to reflect change in Jaeger addon Relates to: istio/istio#3603 * Small polish to Ansible documentation * Remove extra tilde in the docs (#1087) Fixes #1004 * [WIP] Update traffic routing tasks to use v1alpha3 config (#1067) * use v1alpha3 route rules * circuit breaking task updated to v1alpha3 * convert mirroring task to v1alpha3 * convert egress task to v1alpha3 * Egress task corrections and clarifications * use simpler rule names * move new tasks to separate folder (keep old versions around for now) * update example outputs * egress tcp task * fix broken refs * more broken refs * imporove wording * add missing include home.html * remove ingress task - will create a replacement in followup PR * Improve sorting algorithm to use document title and not just document URL. (#1089) This makes it so documents in the same directory get sorted by document title instead of by the URL name (unless they have an order: directive, which takes precedence over alpha order) * Istio RBAC doc fix. (#1093) * Improve readability * Add one more faq for secret encryption (#1096) * Add note to have debug version of proxy for curl command (#1097) * Delete some old stuff we don't need anymore. * Delete some old stuff we don't need anymore. * Fix problem preventing proper section indices in the "About" section of the site. * Revise note to install curl (#1098) * Revise note to install curl * Revise note to install curl * Address comment * Fix bug with the Copy button and proto documentation. - HTML generated from protos encode preformatted blocks with <pre><code></code></pre>, while HTML generated through Jekyll's markdown converter wraps an extra <div> around the block. The logic to insert the Copy button on preformatted was assuming the presence of this DIV. If the DIV is not present on input, we now explicitly add one which makes things work. * Update reference docs. * Fix bug that was messing up all the index pages in the site. (#1100) Fix newly broken k8s link along the way... * Revise curl instruction in master branch (#1107) * Update intro.md (#1110) * Update intro.md Updating info per Wencheng's suggestion * Update intro.md * WIP - Combined ingress/gateway task for v1alpha3 (#1094) * First pass combined ingress/gateway task * Add verifying gateway section * clarifications * fix broken link * fix build broken * address review comments * fix small grammar issue (#1112) * Fix a few bugs and add a feature. (#1111) - Link injection for document headers has been broken for a while due to my misunderstanding of the "for in" syntax in JavaScript. This now works as expected. - Same problem also prevented the feature that causes every link to outside of istio.io to be opened in a separate window. This now works as intended. - Made the gear dropdown menu be right-aligned such that it doesn't go off-screen on portrait mode tablets. - Stop importing Popper.js since it's only needed for dropdown menus that aren't in the nav bar. Ours is in a nav bar... - Added link injection for <dt> terms, which makes it easy to create links to individual glossary entries. * 0.7 notes (#1101) * Add an entry about creating quality hyperlinks. (#1114) * 0.2.12 typo fix + doc link should be to docs/ directly + ... (#1115) * 0.2.12 doc link should be to docs/ directly + note about shell security * fix typo (for for) * Revise wording and linking Drop the double TOC (this page has very little traffic anyway) * Fix inconsistent header use in this doc. * Fix invalid index page. * Update servicegraph docs with new viz. (#1074) * Fix mobile navigation issues. (#1118) When on mobile, the left sidebar is hidden by default. To make navigation easier, we allow the user to browse the site entirely through the various index sections which provide links to all articles. This wasn't working for the About and Blog links at the top of the page since they send you to a direct page instead of to the relevant navigation page. So... - Made the About link point to the about section's index page. - Each blog page now contains a link to the next and previous blog post. * [ImgBot] optimizes images (#1120) /_docs/tasks/telemetry/img/servicegraph-example.png -- 41.49kb -> 28.62kb (31.03%) * Add documentation for upgrade (#1108) * Add upgrade doc and fixing a broken link. * revert one file. * Refine the doc. * Move the doc. * Fix syntax. * Fix syntax * Fix syntax * Make non-manifest based installers have similar titles and overviews (#1086) * Make the setup page a little more consistent. * Make non-manifest based installers have similar titles and overviews * Shorten the overview,tidy up the title, and add a helm.html redirect * Installation typo in both files * Fix inconsistent header use in this doc. (#1117) * Improve layout on phone. - We shrink the height of the header and footer when on mobile. - We shrink the header font based on screen width, to avoid the nav bar being split on two lines which leads to all sorts of bad things happening * Since we shrink the brand more aggressively, allow the navbar to be displayed until the next bp. * Oops, left a debugging change in accidentally, reverting. * Add Istio mTLS support for https service demo (#1121) * Add Istio mTLS support for https service demo * Address comment * Address comment * Address comment * Fix more headers. (#1126) * Update procedures to access the team drive. * Fix broken links, causing HTML proofer in circleci gates to fail (#1132) * Fix broken links, causing HTML proofer in circleci gates to fail * Add the same missing links to sidecar-injection.md * Refine Helm installation warning. (#1133) Helm charts are unstable prior to 0.7. Remove the red warning and instead add a simple notice that Helm charts =<0.7 are not functional. * Fix typo In AWS (w/Kops) section: "openned" should be "opened"? * prepare_proxy was refactored into istio-proxy (#1134) * In Note 1: Consul modified to Eureka (#1122) * Revamped nav header for better mobile experience. (#1129) - We now only use the skinny version of the navbar instead of dynamically switching based on viewport size. This looks cleaner, giving more screen space to the content rather than our chrome. - The search textbox is replaced with a search button. Clicking the button brings up the search textbox. This looks less cluttered and works considerably better on smaller screens. - When on a phone and the nav links are collapsed into a hamburger menu, cleanly show the search box in the menu that comes up when you click the hamburger. - Remove the down arrow next to the cog, it's superfluous and things look cleaner without it. * Add one faq item for istio on https service (#1127) * Add one faq item for istio on https service * Address comment * Address comment * Simplify the demo of plugin ca cert. (#1138) * Update IBM Cloud Container Service (IKS) k8s setup instructions (#1136) Copy IKS specific instructions from #1072 to general k8s setup page. * Revamp the footer. (#1137) - Remove all the redundant stuff and emphasize community resource via icons. - Move the "Report a doc bug" and "Edit this page on GitHub" options to the gear menu. - Use Jekyll "include" support to store the landing page's artwork in external SVG files instead of directly embedded in the HTML. Much nicer. * Switching to 0.8. * Update README * Add placeholder 0.8 file to fix rake tests * Create Owners * Fix markdown (#1140) * Cleans up the readability of the Ansible Installation (#1130) * Cleans up the readability of the Ansible Installation Run through a yaml linter Run through spell | sort | uniq Reorganized to semi-match the Helm installation page as they have similar functionality There are things I like about how this document is structured now and will carry those over to the Helm documentation in the future as time permits. * Remove customization example as suggested during the review * Change Openshift->OpenShift * Add labels over community icons in the footer. (#1142) * Remove $ sign in command since it breaks the copy button (#1143) * Update 0.7.md (#1144) helm is working in master branch but not in 0.7.1 * Fix bug caused by #1138 (#1145) * Switch back to normal html-proofer (#1146) As my pr was merged Fixes #849 * Setup for linting markdown files. (#1147) - linters.sh will run spell-checking and a style checker on markdown files. - Fix a whole bunch of typos and bad markdown content throughout. There are many more fixes to come before we can enable the linters as a checkin gate, but this takes care of a majority of items. More to come later. * Finish fixing remaining lint errors * Make spell checking and style checking part of our doc checkin gate. (#1154) * Update * Inline the TOC on mobile. - For small screens that don't have room for the righthand TOC, we now display the TOC inline in the main document. This substantially improves navigation on mobile. - Fix the scroll offset which was off by a bit since the switch to the skinny header. * Update reference docs. * Improve mobile experience. (#1158) - The two call to action buttons on the landing page are now displayed one of top of the other on small screens instead of next to one another. - On mobile, when you scroll down a page, an arrow shows up in the top right of the screen to let you scroll back to the top of the page. This is mighty handy since on mobile there isn't a TOC available to click on. - Add some convenient links on the docs' section landing page. * Accessibility improvements. (#1159) * www.yaml.org went missing - yaml.org seems to work. (#1166) sdake@falkor-08:~/go/src/istio.io/istio.github.io/_docs$ dig www.yaml.org ; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.yaml.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34828 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;www.yaml.org. IN A ;; Query time: 917 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sun Apr 08 09:10:51 MST 2018 * Authn policy concept and tutorial. (#1128) * fix service account names in the instructions for OpenShift (#1083) This commit replaces the service account names for grafana and prometheus in the instructions to set the security context constraints for OpenShift. * Improve plugin cert task for better UX. (#1150) * Update Security section in Istio overview (#1170) * Update Security section in Istio overview * Fix comment * Update documentation for automatic sidecar injection webhook. (#1169) * Add multicluster deployment documentation to Istio (#1139) * Add multicluster deployment documentation to Istio * Change *Ip to *Endpoint a per request * Fix a typo * Address all reviewer comments Note, SVG diagram will be handled as a follow-on PR. * Fix legitimate spelling errors found by gate * Some backticks to fix spelling errors and other misc cleanups * some spelling and backticks. * Expand spelling exemptions dictionary slightly * Correctly spell routable. * Address reviewer comments. Needed a rebase in the process. * A minor consistency change * Address reviewer comments. * Add a caveats and known issue tracker to the documentation Early on during review of this PR, I believe there was a review asking for caveats, but it has disappeared from the github comments. * Make istio.io support quality print output. (#1163) - Get rid of all the chrome when printing a page. So no headers, sidebars, etc. - Ensure that PRE blocks are fully expanded when printing instead of showing a scroll bar. - Generate endnotes for each page printed which lists the URLs of the various links on the page. Each link site is annotated with a superscript number referencing this table. * Update doc for TCP periodical report. (#1095) * Update doc for TCP periodical report. * Add report response arrow into svg. * Reference: https://istio.io/docs/reference/config/istio.routing.v1alpha1.html#StringMatch (#1180) * Fix broken links caused by changes in istio/istio. * Update reference docs. * Improve sidenav behavior on mobile. (#1173) The sidenav now hovers over the main text instead of pushing the main text sideways. The rendering of the sidenav toggler button now matches the "back to top" button I added last week. * Bunch of improvements (#1181) - New visuals for the sailboat in the header. It now overflows the header. - The TOC now highlights the currently displayed portion of the current page. As you scroll through the doc, the selected entry updates accordingly. - Add previous/next page links in every doc page. These used to be present only in blog posts, but they're useful everywhere. - Fix a few off-by-one formatting errors that stemed from using a mixed of min-width and max-width throughout the stylesheet. This caused some strange formatting to happen at specific window widths. Now, we're consistently using min-width and everything lines up properly. - Improved footer formatting so it looks better on mobile. - Only display the TOC on XL screens, otherwise it wraps too much. Screens smaller than XL now all get the inlined TOC instead. - Add support for pages to request that the TOC be generated inline instead of in a sidebar. This is useful for pages that have headings which cause too much wrapping in the TOC, such as the Troubleshooting Guide. - Add some blank space between an inlined TOC and the main text so that things don't look so crowded, especially when printing. - Inline the sailboat SVG into each page. This avoids a network roundtrip and allows the SVG to be controlled with the same CSS as everything else. - Eliminate a huge amount of redundancy in the four main layout file for the site. They now share a single primary.html include file which carries most of the weight. This will avoid having to constantly make the same change in four different files. - Improve the generated HTML for <figure> elements which makes things better for screen readers. - Simplify the HTML & CSS for the footer. * Fix indent issue (#1182) * Rename Isito CA to Citadel. (#1179) * Update feature-stages.md (#1183) Updates to features as of 0.7 release * Update Helm Documentation (#1168) * Modify minimum pin of Istio version with Helm and improve prereqs * Add section describing briefly how to use helm without tiller * Change heading description for Helm method and add upgrade warning * Make common customization options table match current master * Subsection the two methods for installing with Helm * Remove Helm keys from .spelling. Add FQDNs as an acronym. * Backtick the keys and defaults, values.yaml, and fix 1 spelling error * Add uninstall instructions for both kubectl and helm with tiller * Place backticks around architecture platforms and correctly list them * Show both uninstall methods (kubectl & Helm) * Remove two extra CRs * Fix yaml linting errors * Link to requirements for automatic sidecar injection. * Change istio-auth to istio for rendering * Address reviewer comments. * Fix linting error. * Notify operator they need capability to install service accounts. * Fix lint error * Switch to PrismJS for syntax highlighting. (#1184) Instead of doing syntax highlighting statically in Jekyll, we now go back to the PrimsJS library we used in the 0.2-0.4 timeframe. It used to be problematic, but the cause for the problems have been addressed a while ago. This gives us highlighting for non-markdown content, such as dynamically loaded PRE blocks and PRE blocks that come from HTML generated from protos. * Adding info about new expression language methods. (#1186) Adding info about dnsName, email, and uri functions. * Fix typo liveliness -> liveness (#1188) * Fix typo liveliness -> liveness Add mdspell dependency to gem installations * Add backticks around firebase deploy command * Fix a few bugs. (#1187) - The slide-in sidenav used on mobile went all crazy when text got too long in the expanded panel. We now set a max width to trigger controlled wrapping and avoid the nasties. - The hamburger menu that replaces the link in the top header on small screens didn't render right on medium-sized screens (a.k.a. portrait-mode tablets). I had one of my breakpoints set inconsistently. - Dynamically loaded PRE blocks were not being syntax colored, now they are. - The Links endnote section created for printing pages was not dedupping identical links. - The Links endnote section contained entries for the next/previous links which are normally at the bottom of each page. These links aren't visible when printing and so shouldn't appear in the Links endnote section. * Add rocket chat to our footer & community page. (#1189) Also, update the mailing list icon on the community page to match what we use in the footer. * Add instructions to integrate Istio with existing Endpoints services. (#1164) * Add multitenancy blog (#1119) * Add multitenancy blog * Update soft-multitenancy.md * Update soft-multitenancy.md * Add multitenancy blog * Add blog entry for configuring aws nlb for istio ingress (#1165) * Don't add links from figures into endnotes. (#1192) - The prior design for avoiding links for figures was brittle and was in fact broken. Now it's more robust. * [ImgBot] optimizes images (#1193) *Total -- 683.39kb -> 440.68kb (35.52%) /_blog/2018/img/roles_summary.png -- 101.32kb -> 61.03kb (39.77%) /_blog/2018/img/policies.png -- 244.70kb -> 148.25kb (39.41%) /_blog/2018/img/attach_policies.png -- 48.65kb -> 31.59kb (35.06%) /_blog/2018/img/createpolicyjson.png -- 120.21kb -> 80.63kb (32.93%) /_blog/2018/img/create_policy.png -- 86.38kb -> 60.62kb (29.82%) /_blog/2018/img/createpolicystart.png -- 82.12kb -> 58.55kb (28.7%) * Update circuit break use existing file. (#1091) * Add proper link to Helm and Multicluster feature stages (#1196) * Update multicluster installation to match master (#1195) * Add a trailing / on an URL that was returning a 301 * Update multicluster intallation to match master Big usability improvements have been made. Document the new workflow for multicluster. * Address reviewer comments. * Fix linting problem * Fix docker run command (#1201) The command as it stands will fail with "Gemfile not found". The working directory should be set to $(pwd) as well to start execution in the istio.github.io directory and find the Gemfile. * remove installation instructions for prometheus (#1199) * remove installation instructions for prometheus * more doc fixes for 0.8 * Add request.auth.claims and update source.user, source.principal, and (#1205) request.auth.principal * Fix command to build & serve site locally using docker (bad workdir) (#1206) * Add attributes into documentation. (#1200) * add a step to define ingress gateway in bookinfo guide (#1207) * add a step to define ingress gateway in bookinfo guide following istio/istio#5113 * make ingress gateway lower case * Fix broken link in README.md (#1209) * Adding Azure support instructions (#1202) * adding docs for Azure * minor misspelling fix * adding acronyms * removing blank line * changing bash output to reflect only necessary flags * fixing grammar errors * Fix link to IBM cloud private (#1216) * Typo fix (#1208) * clarify we support more than just k8s (#1212) * Update reference docs. (#1219) * Quiet GitHub warning * v1alpha3 routing blog (#1190) * Clarify istio.io/preliminary.istio.io stuff (#1221) * add galley.enabled option to helm instructions (#1222) * Fix naming collision (#1226) ingressgateway and ingress both match the grep, resulting in incorect ingress name being produced in troubleshooting guide. * adding the recommended namespace (#1218) * adding the recommended namespace istio/old_issues_repo#312 * add the recommended namespace * add creating the namespace * correct typos * only need to create namespace for the template approach * Introduce support for new fangled PRE blocks. (#1224) Instead of having to have two PRE blocks, one for commands and one for the output, we can now have a single PRE block and we take care of rendering things to show the command vs. the output. The Copy button on such a thing only copy the command, and not the output. We now also show a $ on command-lines, but the Copy button doesn't copy that and knows to just copy the usable part of the command-line. * 0.8 release notes. (#1223) * Fix incorrect behavior of the sidenav when dealing with long non-wrapping page titles. (#1229) - When I was last fiddling with the sidenav on mobile, I messed up the sizing for non-mobile cases. This cause the sidenav to grow beyond its expected size when presented with long non-wrapping page titles. The text is now wrapped instead as it should. - Shrank the font size of the list items in the sidenav to 85% to reduce the amount of wrapping that happens. - Reduce the right margin in the side nav to again try to reduce the amount of wrapping. * Update content to help upcoming migration from Jekyll to Hugo (#1232) - In front matter, order: and overview: are now weight: and description: - In front matter, we generally don't need layout: and use config to assign layouts automatically - Remove the useless type: front-matter entries, the type is infered from the file extension. * Improves multicluster documentation (#1217) * Improves multicluster documentation Improve documentation based upon fresh eyes running through the documented process. * Address reviewer comments. * More refinement. * Exclude rule MD028 Rule 028 is: https://github.com/DavidAnson/markdownlint/blob/master/doc/Rules.md#md028---blank-line-inside-blockquote The rationale below cut and pasted from markdownlint seems valid for the general case, however, our MD parser always produces seprate block-quotes, which is what I am after in this PR. I think other people will prefer our renders of blockquotes (separate blockquotes); Rationale: Some markdown parsers will treat two blockquotes separated by one or more blank lines as the same blockquote, while others will treat them as separate blockquotes. * Improve the doc to apply istio-auth.yaml (#1227) * Fix doc (#1228) * Task/guide updates for v1alpha3 (#1231) * Task/guide updates for v1alpha3 * fix typo * remove trailing spaces * tweaks * Corrections and clarifications (#1238) * clarify https external services support (#1239) * clarify https external services support * spelling error * Hopefully finally really fix the issues with the sidenav on small screens. (#1240) * fix manual sidecar injection docs for helm template changes (#1211) Addresses #1210 * Switch most uses of ```bash to ```command. (#1242) This takes advantage of the new rendering for command-lines and their outputs. * Fixes to the doc after testing/reviewing it with release-0.8 istio branch (#1244) * update format of a tcp ServiceEntry (#1237) * Remove broken link. (#1250) * WIP PR for v1alpha3 task corrections (#1247) * ingress task corrections * fault injection task version wrong * Fault task corrections (#1253) * update samples to align with latest proto definition (#1254) * Traffic Shifting Review - Fixed wrong links (#1259) * rbac.md: unindent yaml files (#1257) also fixed a typo Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com> * Create istio namespace before install remote cluster. (#1243) * update instructions for gke-iam (#1260) * Remove a broken link. (#1263) * Fix another broken link. (#1265) * [ImgBot] optimizes images (#1264) *Total -- 73.77kb -> 65.13kb (11.72%) /_docs/setup/kubernetes/img/dm_gcp_iam_role.png -- 38.54kb -> 33.47kb (13.15%) /_docs/setup/kubernetes/img/dm_gcp_iam.png -- 35.23kb -> 31.65kb (10.15%) * Fixes #1241 (#1258) * Added namespace when create helm template. (#1234) * Add istioctl proxy-config to the troubleshooting section (#1267) * Fix istioctl proxy-config link to not point at prelim docs (#1269) Because that would be a dumb thing to do * Update how we insert images to make a transition from Jekyll to Hugo easier. (#1275) * Change publish_date front-matter to publishdate to aid in the Jekyll to Hugo migration. (#1276) * Remove stray quotes. * Shorten long titles and descriptions. (#1278) * Fix aspect ratio of a couple images. (#1277) The incorrect aspect ratio value was leading to spurious top/bottom padding on the images. Also, delete unecessary .png version of some .svg files. * Revert "Rebase from Istio Master (#2)" (#3) This reverts commit 6122f38. * Add ,missing feature links This change adds some of the missing feature links to the feature-stages page. * Fixes the API key location API key location was wrong
linsun
pushed a commit
that referenced
this pull request
May 16, 2018
* Add attribute connection.mtls into documentation. * Revise per comment. * Add missing feature links (#1280) * Rebase from Istio Master (#2) * add example for disabling injection (#1021) * Updated reference docs. (#1045) * Add task for Istio CA health check. (#1038) * Add task for Istio CA health check. * Small fix. * Small fix. * Updates troubleshooting guide to add pilot (#1037) * Fix misnamed link (#1050) * update document generation for istioctl (#1047) * Hack to get ownership of Google analytics account for the site. * Don't need the analytics hack no more... * Make the rake test ensure that we use {{home}} consistently. (#1053) We now generate the test site into a subdirectory such that we can ensure all links are correctly using {{home}}, which makes the site work correctly once archived. Fixed a bunch of broken cases. * Reduce the visual weight of code blocks so they don't break up the page so much. (#1054) * Introduce support for building the site in "preliminary" mode. (#1052) * Notes for 0.6 (#1048) * Refresh version selection menu given 0.6. * update instructions for mesh expansion (#1056) * update instructions for mesh expansion * remove ISTIO_STAGING references * Specify --debug option to use docker.io/istio/proxy_debug image for (#1057) deployment. * Update reference docs. * Update Quick start Doc (#1059) Fix Typo * Update Istio RBAC document to relfect sample changes. (#1062) * Fix typo in Cleanup section (#1061) * clarify verification of injected proxy with automatic injection (#1024) * Fixe wrong port number (#1041) * Sidecar proxy help (#1044) * Use same instance name in Mixer config example (#1051) * Add a bunch of redirects for old pages (#1066) The Google Crawl Engine reported a bunch of broken links pointing into istio.io. This adds redirects so that these links work. Add a hack such that the gear menu logic that lets you time travel through versions of the site will insist that if a page existed in a given version, it must also exist in subsequent versions. This will ensure we always create redirects when we move site content, and thus avoid breaking links into the site. If a page is moved or removed, this will lead to rake test errors when checking the content of archive.istio.io. * Update reference docs. * Fix bad formatting. * Fix typos. * Update reference docs. * Eliminate flickering on page load. (#1068) - Fix another issue with my arch-nemesis, the Copy button. My last fix for Copy button issues resulted in screen flickering upon page loading. This is now fixed. - Pin the size of the gear and magnifying glass icons in the header to avoid flicker as the fonts for those renders a few ms too late and lead to flickering on page load. - Cleaned up the site's JavaScript for clarity, and include minimized versions in the site for improved perf. * Improve formatting. (#1070) - Remove the silly right indent used for list items. This was throwing away a lot of useful screen real estate on mobile. * Add support for dynamically inserting file content into the site. (#1069) This is useful for pulling in content straight from GitHub on the fly, rather than cut & pasting it into the site. * Update sidecar AWS verification (#1060) * Update sidecar AWS verification Add verification without ssh access on master node. Perform check directly with kubectl client. * Update sidecar injection Docs Update with @ayj remarks * Update link Update link for managing tls in a cluster, add a '/' * Fix links. (#1073) - Add a / to links pointing to directories - Switch a bunch of links from http: to https: * master branch is now server from preliminary.istio.io (#1075) * Setup 0.7. * Forgot to update releases.yml. * Update README * Consolidate cluster prerequisites for webhooks into k8s quick start (#1077) The automatic sidecar injection has its own set of k8s install instructions for webhooks. This overlaps with the general k8s install instructions. We'll also introduce server-side configuration webhooks which need the same prerequisites. * Add missing .html suffix on some links. (#1080) * A few more link fixes (#1081) * Fix handling of legacy community links. * Add missing .html extension on search page reference. * Add Certificate lifetime configuration in FAQ. (#1079) * Update reference docs. * Fix some newly broken links. (#1082) * Update reference docs. * Remove empty document. (#1085) * Update Ansible documentation to reflect change in Jaeger addon (#1049) * Update Ansible documentation to reflect change in Jaeger addon Relates to: istio/istio#3603 * Small polish to Ansible documentation * Remove extra tilde in the docs (#1087) Fixes #1004 * [WIP] Update traffic routing tasks to use v1alpha3 config (#1067) * use v1alpha3 route rules * circuit breaking task updated to v1alpha3 * convert mirroring task to v1alpha3 * convert egress task to v1alpha3 * Egress task corrections and clarifications * use simpler rule names * move new tasks to separate folder (keep old versions around for now) * update example outputs * egress tcp task * fix broken refs * more broken refs * imporove wording * add missing include home.html * remove ingress task - will create a replacement in followup PR * Improve sorting algorithm to use document title and not just document URL. (#1089) This makes it so documents in the same directory get sorted by document title instead of by the URL name (unless they have an order: directive, which takes precedence over alpha order) * Istio RBAC doc fix. (#1093) * Improve readability * Add one more faq for secret encryption (#1096) * Add note to have debug version of proxy for curl command (#1097) * Delete some old stuff we don't need anymore. * Delete some old stuff we don't need anymore. * Fix problem preventing proper section indices in the "About" section of the site. * Revise note to install curl (#1098) * Revise note to install curl * Revise note to install curl * Address comment * Fix bug with the Copy button and proto documentation. - HTML generated from protos encode preformatted blocks with <pre><code></code></pre>, while HTML generated through Jekyll's markdown converter wraps an extra <div> around the block. The logic to insert the Copy button on preformatted was assuming the presence of this DIV. If the DIV is not present on input, we now explicitly add one which makes things work. * Update reference docs. * Fix bug that was messing up all the index pages in the site. (#1100) Fix newly broken k8s link along the way... * Revise curl instruction in master branch (#1107) * Update intro.md (#1110) * Update intro.md Updating info per Wencheng's suggestion * Update intro.md * WIP - Combined ingress/gateway task for v1alpha3 (#1094) * First pass combined ingress/gateway task * Add verifying gateway section * clarifications * fix broken link * fix build broken * address review comments * fix small grammar issue (#1112) * Fix a few bugs and add a feature. (#1111) - Link injection for document headers has been broken for a while due to my misunderstanding of the "for in" syntax in JavaScript. This now works as expected. - Same problem also prevented the feature that causes every link to outside of istio.io to be opened in a separate window. This now works as intended. - Made the gear dropdown menu be right-aligned such that it doesn't go off-screen on portrait mode tablets. - Stop importing Popper.js since it's only needed for dropdown menus that aren't in the nav bar. Ours is in a nav bar... - Added link injection for <dt> terms, which makes it easy to create links to individual glossary entries. * 0.7 notes (#1101) * Add an entry about creating quality hyperlinks. (#1114) * 0.2.12 typo fix + doc link should be to docs/ directly + ... (#1115) * 0.2.12 doc link should be to docs/ directly + note about shell security * fix typo (for for) * Revise wording and linking Drop the double TOC (this page has very little traffic anyway) * Fix inconsistent header use in this doc. * Fix invalid index page. * Update servicegraph docs with new viz. (#1074) * Fix mobile navigation issues. (#1118) When on mobile, the left sidebar is hidden by default. To make navigation easier, we allow the user to browse the site entirely through the various index sections which provide links to all articles. This wasn't working for the About and Blog links at the top of the page since they send you to a direct page instead of to the relevant navigation page. So... - Made the About link point to the about section's index page. - Each blog page now contains a link to the next and previous blog post. * [ImgBot] optimizes images (#1120) /_docs/tasks/telemetry/img/servicegraph-example.png -- 41.49kb -> 28.62kb (31.03%) * Add documentation for upgrade (#1108) * Add upgrade doc and fixing a broken link. * revert one file. * Refine the doc. * Move the doc. * Fix syntax. * Fix syntax * Fix syntax * Make non-manifest based installers have similar titles and overviews (#1086) * Make the setup page a little more consistent. * Make non-manifest based installers have similar titles and overviews * Shorten the overview,tidy up the title, and add a helm.html redirect * Installation typo in both files * Fix inconsistent header use in this doc. (#1117) * Improve layout on phone. - We shrink the height of the header and footer when on mobile. - We shrink the header font based on screen width, to avoid the nav bar being split on two lines which leads to all sorts of bad things happening * Since we shrink the brand more aggressively, allow the navbar to be displayed until the next bp. * Oops, left a debugging change in accidentally, reverting. * Add Istio mTLS support for https service demo (#1121) * Add Istio mTLS support for https service demo * Address comment * Address comment * Address comment * Fix more headers. (#1126) * Update procedures to access the team drive. * Fix broken links, causing HTML proofer in circleci gates to fail (#1132) * Fix broken links, causing HTML proofer in circleci gates to fail * Add the same missing links to sidecar-injection.md * Refine Helm installation warning. (#1133) Helm charts are unstable prior to 0.7. Remove the red warning and instead add a simple notice that Helm charts =<0.7 are not functional. * Fix typo In AWS (w/Kops) section: "openned" should be "opened"? * prepare_proxy was refactored into istio-proxy (#1134) * In Note 1: Consul modified to Eureka (#1122) * Revamped nav header for better mobile experience. (#1129) - We now only use the skinny version of the navbar instead of dynamically switching based on viewport size. This looks cleaner, giving more screen space to the content rather than our chrome. - The search textbox is replaced with a search button. Clicking the button brings up the search textbox. This looks less cluttered and works considerably better on smaller screens. - When on a phone and the nav links are collapsed into a hamburger menu, cleanly show the search box in the menu that comes up when you click the hamburger. - Remove the down arrow next to the cog, it's superfluous and things look cleaner without it. * Add one faq item for istio on https service (#1127) * Add one faq item for istio on https service * Address comment * Address comment * Simplify the demo of plugin ca cert. (#1138) * Update IBM Cloud Container Service (IKS) k8s setup instructions (#1136) Copy IKS specific instructions from #1072 to general k8s setup page. * Revamp the footer. (#1137) - Remove all the redundant stuff and emphasize community resource via icons. - Move the "Report a doc bug" and "Edit this page on GitHub" options to the gear menu. - Use Jekyll "include" support to store the landing page's artwork in external SVG files instead of directly embedded in the HTML. Much nicer. * Switching to 0.8. * Update README * Add placeholder 0.8 file to fix rake tests * Create Owners * Fix markdown (#1140) * Cleans up the readability of the Ansible Installation (#1130) * Cleans up the readability of the Ansible Installation Run through a yaml linter Run through spell | sort | uniq Reorganized to semi-match the Helm installation page as they have similar functionality There are things I like about how this document is structured now and will carry those over to the Helm documentation in the future as time permits. * Remove customization example as suggested during the review * Change Openshift->OpenShift * Add labels over community icons in the footer. (#1142) * Remove $ sign in command since it breaks the copy button (#1143) * Update 0.7.md (#1144) helm is working in master branch but not in 0.7.1 * Fix bug caused by #1138 (#1145) * Switch back to normal html-proofer (#1146) As my pr was merged Fixes #849 * Setup for linting markdown files. (#1147) - linters.sh will run spell-checking and a style checker on markdown files. - Fix a whole bunch of typos and bad markdown content throughout. There are many more fixes to come before we can enable the linters as a checkin gate, but this takes care of a majority of items. More to come later. * Finish fixing remaining lint errors * Make spell checking and style checking part of our doc checkin gate. (#1154) * Update * Inline the TOC on mobile. - For small screens that don't have room for the righthand TOC, we now display the TOC inline in the main document. This substantially improves navigation on mobile. - Fix the scroll offset which was off by a bit since the switch to the skinny header. * Update reference docs. * Improve mobile experience. (#1158) - The two call to action buttons on the landing page are now displayed one of top of the other on small screens instead of next to one another. - On mobile, when you scroll down a page, an arrow shows up in the top right of the screen to let you scroll back to the top of the page. This is mighty handy since on mobile there isn't a TOC available to click on. - Add some convenient links on the docs' section landing page. * Accessibility improvements. (#1159) * www.yaml.org went missing - yaml.org seems to work. (#1166) sdake@falkor-08:~/go/src/istio.io/istio.github.io/_docs$ dig www.yaml.org ; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.yaml.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34828 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;www.yaml.org. IN A ;; Query time: 917 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sun Apr 08 09:10:51 MST 2018 * Authn policy concept and tutorial. (#1128) * fix service account names in the instructions for OpenShift (#1083) This commit replaces the service account names for grafana and prometheus in the instructions to set the security context constraints for OpenShift. * Improve plugin cert task for better UX. (#1150) * Update Security section in Istio overview (#1170) * Update Security section in Istio overview * Fix comment * Update documentation for automatic sidecar injection webhook. (#1169) * Add multicluster deployment documentation to Istio (#1139) * Add multicluster deployment documentation to Istio * Change *Ip to *Endpoint a per request * Fix a typo * Address all reviewer comments Note, SVG diagram will be handled as a follow-on PR. * Fix legitimate spelling errors found by gate * Some backticks to fix spelling errors and other misc cleanups * some spelling and backticks. * Expand spelling exemptions dictionary slightly * Correctly spell routable. * Address reviewer comments. Needed a rebase in the process. * A minor consistency change * Address reviewer comments. * Add a caveats and known issue tracker to the documentation Early on during review of this PR, I believe there was a review asking for caveats, but it has disappeared from the github comments. * Make istio.io support quality print output. (#1163) - Get rid of all the chrome when printing a page. So no headers, sidebars, etc. - Ensure that PRE blocks are fully expanded when printing instead of showing a scroll bar. - Generate endnotes for each page printed which lists the URLs of the various links on the page. Each link site is annotated with a superscript number referencing this table. * Update doc for TCP periodical report. (#1095) * Update doc for TCP periodical report. * Add report response arrow into svg. * Reference: https://istio.io/docs/reference/config/istio.routing.v1alpha1.html#StringMatch (#1180) * Fix broken links caused by changes in istio/istio. * Update reference docs. * Improve sidenav behavior on mobile. (#1173) The sidenav now hovers over the main text instead of pushing the main text sideways. The rendering of the sidenav toggler button now matches the "back to top" button I added last week. * Bunch of improvements (#1181) - New visuals for the sailboat in the header. It now overflows the header. - The TOC now highlights the currently displayed portion of the current page. As you scroll through the doc, the selected entry updates accordingly. - Add previous/next page links in every doc page. These used to be present only in blog posts, but they're useful everywhere. - Fix a few off-by-one formatting errors that stemed from using a mixed of min-width and max-width throughout the stylesheet. This caused some strange formatting to happen at specific window widths. Now, we're consistently using min-width and everything lines up properly. - Improved footer formatting so it looks better on mobile. - Only display the TOC on XL screens, otherwise it wraps too much. Screens smaller than XL now all get the inlined TOC instead. - Add support for pages to request that the TOC be generated inline instead of in a sidebar. This is useful for pages that have headings which cause too much wrapping in the TOC, such as the Troubleshooting Guide. - Add some blank space between an inlined TOC and the main text so that things don't look so crowded, especially when printing. - Inline the sailboat SVG into each page. This avoids a network roundtrip and allows the SVG to be controlled with the same CSS as everything else. - Eliminate a huge amount of redundancy in the four main layout file for the site. They now share a single primary.html include file which carries most of the weight. This will avoid having to constantly make the same change in four different files. - Improve the generated HTML for <figure> elements which makes things better for screen readers. - Simplify the HTML & CSS for the footer. * Fix indent issue (#1182) * Rename Isito CA to Citadel. (#1179) * Update feature-stages.md (#1183) Updates to features as of 0.7 release * Update Helm Documentation (#1168) * Modify minimum pin of Istio version with Helm and improve prereqs * Add section describing briefly how to use helm without tiller * Change heading description for Helm method and add upgrade warning * Make common customization options table match current master * Subsection the two methods for installing with Helm * Remove Helm keys from .spelling. Add FQDNs as an acronym. * Backtick the keys and defaults, values.yaml, and fix 1 spelling error * Add uninstall instructions for both kubectl and helm with tiller * Place backticks around architecture platforms and correctly list them * Show both uninstall methods (kubectl & Helm) * Remove two extra CRs * Fix yaml linting errors * Link to requirements for automatic sidecar injection. * Change istio-auth to istio for rendering * Address reviewer comments. * Fix linting error. * Notify operator they need capability to install service accounts. * Fix lint error * Switch to PrismJS for syntax highlighting. (#1184) Instead of doing syntax highlighting statically in Jekyll, we now go back to the PrimsJS library we used in the 0.2-0.4 timeframe. It used to be problematic, but the cause for the problems have been addressed a while ago. This gives us highlighting for non-markdown content, such as dynamically loaded PRE blocks and PRE blocks that come from HTML generated from protos. * Adding info about new expression language methods. (#1186) Adding info about dnsName, email, and uri functions. * Fix typo liveliness -> liveness (#1188) * Fix typo liveliness -> liveness Add mdspell dependency to gem installations * Add backticks around firebase deploy command * Fix a few bugs. (#1187) - The slide-in sidenav used on mobile went all crazy when text got too long in the expanded panel. We now set a max width to trigger controlled wrapping and avoid the nasties. - The hamburger menu that replaces the link in the top header on small screens didn't render right on medium-sized screens (a.k.a. portrait-mode tablets). I had one of my breakpoints set inconsistently. - Dynamically loaded PRE blocks were not being syntax colored, now they are. - The Links endnote section created for printing pages was not dedupping identical links. - The Links endnote section contained entries for the next/previous links which are normally at the bottom of each page. These links aren't visible when printing and so shouldn't appear in the Links endnote section. * Add rocket chat to our footer & community page. (#1189) Also, update the mailing list icon on the community page to match what we use in the footer. * Add instructions to integrate Istio with existing Endpoints services. (#1164) * Add multitenancy blog (#1119) * Add multitenancy blog * Update soft-multitenancy.md * Update soft-multitenancy.md * Add multitenancy blog * Add blog entry for configuring aws nlb for istio ingress (#1165) * Don't add links from figures into endnotes. (#1192) - The prior design for avoiding links for figures was brittle and was in fact broken. Now it's more robust. * [ImgBot] optimizes images (#1193) *Total -- 683.39kb -> 440.68kb (35.52%) /_blog/2018/img/roles_summary.png -- 101.32kb -> 61.03kb (39.77%) /_blog/2018/img/policies.png -- 244.70kb -> 148.25kb (39.41%) /_blog/2018/img/attach_policies.png -- 48.65kb -> 31.59kb (35.06%) /_blog/2018/img/createpolicyjson.png -- 120.21kb -> 80.63kb (32.93%) /_blog/2018/img/create_policy.png -- 86.38kb -> 60.62kb (29.82%) /_blog/2018/img/createpolicystart.png -- 82.12kb -> 58.55kb (28.7%) * Update circuit break use existing file. (#1091) * Add proper link to Helm and Multicluster feature stages (#1196) * Update multicluster installation to match master (#1195) * Add a trailing / on an URL that was returning a 301 * Update multicluster intallation to match master Big usability improvements have been made. Document the new workflow for multicluster. * Address reviewer comments. * Fix linting problem * Fix docker run command (#1201) The command as it stands will fail with "Gemfile not found". The working directory should be set to $(pwd) as well to start execution in the istio.github.io directory and find the Gemfile. * remove installation instructions for prometheus (#1199) * remove installation instructions for prometheus * more doc fixes for 0.8 * Add request.auth.claims and update source.user, source.principal, and (#1205) request.auth.principal * Fix command to build & serve site locally using docker (bad workdir) (#1206) * Add attributes into documentation. (#1200) * add a step to define ingress gateway in bookinfo guide (#1207) * add a step to define ingress gateway in bookinfo guide following istio/istio#5113 * make ingress gateway lower case * Fix broken link in README.md (#1209) * Adding Azure support instructions (#1202) * adding docs for Azure * minor misspelling fix * adding acronyms * removing blank line * changing bash output to reflect only necessary flags * fixing grammar errors * Fix link to IBM cloud private (#1216) * Typo fix (#1208) * clarify we support more than just k8s (#1212) * Update reference docs. (#1219) * Quiet GitHub warning * v1alpha3 routing blog (#1190) * Clarify istio.io/preliminary.istio.io stuff (#1221) * add galley.enabled option to helm instructions (#1222) * Fix naming collision (#1226) ingressgateway and ingress both match the grep, resulting in incorect ingress name being produced in troubleshooting guide. * adding the recommended namespace (#1218) * adding the recommended namespace istio/old_issues_repo#312 * add the recommended namespace * add creating the namespace * correct typos * only need to create namespace for the template approach * Introduce support for new fangled PRE blocks. (#1224) Instead of having to have two PRE blocks, one for commands and one for the output, we can now have a single PRE block and we take care of rendering things to show the command vs. the output. The Copy button on such a thing only copy the command, and not the output. We now also show a $ on command-lines, but the Copy button doesn't copy that and knows to just copy the usable part of the command-line. * 0.8 release notes. (#1223) * Fix incorrect behavior of the sidenav when dealing with long non-wrapping page titles. (#1229) - When I was last fiddling with the sidenav on mobile, I messed up the sizing for non-mobile cases. This cause the sidenav to grow beyond its expected size when presented with long non-wrapping page titles. The text is now wrapped instead as it should. - Shrank the font size of the list items in the sidenav to 85% to reduce the amount of wrapping that happens. - Reduce the right margin in the side nav to again try to reduce the amount of wrapping. * Update content to help upcoming migration from Jekyll to Hugo (#1232) - In front matter, order: and overview: are now weight: and description: - In front matter, we generally don't need layout: and use config to assign layouts automatically - Remove the useless type: front-matter entries, the type is infered from the file extension. * Improves multicluster documentation (#1217) * Improves multicluster documentation Improve documentation based upon fresh eyes running through the documented process. * Address reviewer comments. * More refinement. * Exclude rule MD028 Rule 028 is: https://github.com/DavidAnson/markdownlint/blob/master/doc/Rules.md#md028---blank-line-inside-blockquote The rationale below cut and pasted from markdownlint seems valid for the general case, however, our MD parser always produces seprate block-quotes, which is what I am after in this PR. I think other people will prefer our renders of blockquotes (separate blockquotes); Rationale: Some markdown parsers will treat two blockquotes separated by one or more blank lines as the same blockquote, while others will treat them as separate blockquotes. * Improve the doc to apply istio-auth.yaml (#1227) * Fix doc (#1228) * Task/guide updates for v1alpha3 (#1231) * Task/guide updates for v1alpha3 * fix typo * remove trailing spaces * tweaks * Corrections and clarifications (#1238) * clarify https external services support (#1239) * clarify https external services support * spelling error * Hopefully finally really fix the issues with the sidenav on small screens. (#1240) * fix manual sidecar injection docs for helm template changes (#1211) Addresses #1210 * Switch most uses of ```bash to ```command. (#1242) This takes advantage of the new rendering for command-lines and their outputs. * Fixes to the doc after testing/reviewing it with release-0.8 istio branch (#1244) * update format of a tcp ServiceEntry (#1237) * Remove broken link. (#1250) * WIP PR for v1alpha3 task corrections (#1247) * ingress task corrections * fault injection task version wrong * Fault task corrections (#1253) * update samples to align with latest proto definition (#1254) * Traffic Shifting Review - Fixed wrong links (#1259) * rbac.md: unindent yaml files (#1257) also fixed a typo Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com> * Create istio namespace before install remote cluster. (#1243) * update instructions for gke-iam (#1260) * Remove a broken link. (#1263) * Fix another broken link. (#1265) * [ImgBot] optimizes images (#1264) *Total -- 73.77kb -> 65.13kb (11.72%) /_docs/setup/kubernetes/img/dm_gcp_iam_role.png -- 38.54kb -> 33.47kb (13.15%) /_docs/setup/kubernetes/img/dm_gcp_iam.png -- 35.23kb -> 31.65kb (10.15%) * Fixes #1241 (#1258) * Added namespace when create helm template. (#1234) * Add istioctl proxy-config to the troubleshooting section (#1267) * Fix istioctl proxy-config link to not point at prelim docs (#1269) Because that would be a dumb thing to do * Update how we insert images to make a transition from Jekyll to Hugo easier. (#1275) * Change publish_date front-matter to publishdate to aid in the Jekyll to Hugo migration. (#1276) * Remove stray quotes. * Shorten long titles and descriptions. (#1278) * Fix aspect ratio of a couple images. (#1277) The incorrect aspect ratio value was leading to spurious top/bottom padding on the images. Also, delete unecessary .png version of some .svg files. * Revert "Rebase from Istio Master (#2)" (#3) This reverts commit 6122f38. * Add ,missing feature links This change adds some of the missing feature links to the feature-stages page. * Fixes the API key location API key location was wrong
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.