tetratelabs / istio-distro.io Goto Github PK
View Code? Open in Web Editor NEWTetrate Istio Distro project website, formerly GetIstio
Home Page: https://istio.tetratelabs.io
License: Apache License 2.0
Tetrate Istio Distro project website, formerly GetIstio
Home Page: https://istio.tetratelabs.io
License: Apache License 2.0
Does the Event mechanism support Multi-day events?
IstioCon 2021 is a 4 day event and would be good to include that in the event details.
Right now we use examples (eg AWS integration), but we don't actually show the fields that exist in the object for someone that wants to full it out. We should include documentation for those objects somewhere on the site - possible in the gen-ca
reference docs?
The objects are spread across a few files:
I need some input on styling the GetIstio CLI reference content. Currently we have something like this on the See Also section, where the commands are listed as link.
So, I have 2 questions:
Feel free to give feedback @mathetake @PetrMc @oletizi @deva26 :)
From Feb 2, 2021 conversation with Prasad:
I think the amount of comments in the current versions makes it hard to read/makes it seem more complicated than it is:
providerName: "gcp"
providerConfig:
gcp:
#This will hold the full CA name for the certificate authority you created on GCP
casCAName: "projects/{project-id}/locations/{location}/certificateAuthorities/{YourCA}"
certificateParameters:
secretOptions:
# Namespace where 'cacerts' Kubernetes secret is created on your target cluster
istioCANamespace: "istio-system"
# SecretFilePath is the file path used to store the Kubernetes Secret in yaml format
secretFilePath:
# Force flag when enabled forcefully deletes the `cacerts` secret
# in istioNamespace, and creates a new one.
force: true
caOptions:
# ValidityDays represents the number of validity days before the CA expires.
validityDays: 365
# KeyLength is the length(bits) of Key to be created
keyLength: 2048
# This is x509.CertificateRequest. Only a few fields are shown below
certSigningRequestParams:
subject:
commonname: "getistio.example.io"
country:
- "US"
locality:
- "Sunnyvale"
organization:
- "Istio"
organizationunit:
- "engineering"
emailaddresses:
- "[email protected]"
I'd rather we simplify it a bit like:
providerName: "gcp"
providerConfig:
gcp:
#This will hold the full CA name for the certificate authority you created on GCP
casCAName: "projects/{project-id}/locations/{location}/certificateAuthorities/{YourCA}"
certificateParameters:
secretOptions:
istioCANamespace: "istio-system" # namespace where `cacerts` secrets lives
force: true # force delete the `cacerts` secret and replace it with this new one
caOptions:
validityDays: 365 # validity days before the CA expires
keyLength: 2048 # length(bits) of Key to be created
certSigningRequestParams: # x509.CertificateRequest; most fields omitted
subject:
commonname: "getistio.example.io"
country:
- "US"
locality:
- "Sunnyvale"
organization:
- "Istio"
organizationunit:
- "engineering"
emailaddresses:
- "[email protected]"
bintray
is kind of a implementation detail of getistio, so I would like to redirect getistio.io/download
to the download load script located in bintray tetrate.bintray.com/getistio/download.sh
so that users can download getistio as follows:
curl -sL https://getistio.io/download | bash
This is similar to what Istio does with istio.io/downloadIstio
where they redirect it to https://raw.githubusercontent.com/istio/istio/master/release/downloadIstioCandidate.sh
.
FWIW, getenvoy also does the same thing: https://github.com/tetratelabs/getenvoy.io/blob/master/site/static/_redirects#L1
when i install istio on microk8s get error.
ubuntu@microk8s-vm:~$ getistio istioctl install -set profile=demo
Checking the cluster to make sure it is ready for Istio installation...
#1. Kubernetes-api
-----------------------
Can initialize the Kubernetes client.
Can query the Kubernetes API Server.
#2. Kubernetes-version
-----------------------
Istio is compatible with Kubernetes: v1.20.4-34+1ae8c29bbb48f7.
#3. Istio-existence
-----------------------
Istio will be installed in the istio-system namespace.
#4. Kubernetes-setup
-----------------------
Can create necessary Kubernetes configurations: Namespace,ClusterRole,ClusterRoleBinding,CustomResourceDefinition,Role,ServiceAccount,Service,Deployments,ConfigMap.
#5. SideCar-Injector
-----------------------
This Kubernetes cluster supports automatic sidecar injection. To enable automatic sidecar injection see https://istio.io/v1.9/docs/setup/additional-setup/sidecar-injection/#deploying-an-app
-----------------------
Install Pre-Check passed! The cluster is ready for Istio installation.
Error: accepts 0 arg(s), received 1
error executing istioctl: exit status 1
It's not clear to me what secretFilePath
does from our docs:
It looks like that's the file path for the certs on disk? If so, we should spell it out, and say that if it's omitted it defaults (to ~/.getistio/secret/
). IMO I'd probably even just remove from the examples.
Related, I think the force
field is a bit tough to understand ATM as well; I'd call it overrideExistingCACertsSecret
or similar.
Seems like the biggest performance bottleneck of the site is coming from the fact that we embed Asciinema video from external source. Previous effort to load Asciinema locally and serve it from CDN sometimes results in the video mysteriously disappear. If we can solve that issue and run Asciinema file from CDN, it would be awesome.
The example fails due to an incorrect IOP example. The example should be updated to properly reference the "istio-ca-root-cert" ConfigMap.
xref: https://istio.tetratelabs.io/istio-ca-certs-integrations/cert-manager-integration/
Multilanguage seems pretty buggy now. I can change from En - Zh, but after being in Zh, back to En is not working. Will look into this.
The download page has a broken link.
The link for "Tetrate Istio Distro Install and Update Page" currently points to:
/getmesh-cli/install-and-update-of-getistio
but should (I think) point to:
/getmesh-cli/install/install-and-update/
$ hugo serve -D
Built in 1401 ms
Error: Error building site: "/home/mathetake/getistio.io/content/en/download/windows/index.md:10:1": failed to render shortcode "downloads": failed to process shortcode: "/home/mathetake/getistio.io/layouts/shortcodes/downloads.html:46:59": execute of template failed: template: shortcodes/downloads.html:46:59: executing "shortcodes/downloads.html" at <substr $version_value -2>: error calling substr: runtime error: slice bounds out of range [-1:]
If the link text is the same color as the rest of the text, visitors will not be able to distinguish which ones are links and will not click on them. See the image below.
Image from https://getistio.io/partners/jetstack/
Default ul li don't show up properly on partner pages, e.g.: https://getistio-demo.netlify.app/partners/keyfactor/
We're going to have a few quotes from partners, maybe others. We need a way to put those on the GetIstio home page
In the sticky sessions tutorial, I am using the image learnistio/sticky-svc:1.0.0
. This image should be re-pushed to the Tetrate's registry and the text updated with the new image name.
while doing PR for documentation update PR it was discovered that all tests for Netlify can't be run (and turn to fail state due outdated Ubuntu version).
10:12:45 AM: ---------------------------------------------------------------------
UNSUPPORTED BUILD IMAGE
The build image for this site uses Ubuntu 16.04 Xenial Xerus, which is no longer supported.
To enable builds for this site, select a later build image at the following link:
https://app.netlify.com/sites/getistio-demo/settings/deploys#build-image-selection
For more details, visit the build migration guide:
https://answers.netlify.com/t/please-read-end-of-support-for-xenial-build-image-everything-you-need-to-know/68239
---------------------------------------------------------------------
@deva26 / @pmerrison / @MB-Designs / @peterj / @Marc-Morata-Fite / @psbrar99 - I wouldn't mind looking into it but don't have access to Netfly - can one of you help me with getting access?
Thank you!
Using <
in Markdown gets translated to a blockquote
, however, it seems like there's no styling on it, so it gets rendered the same way as normal text.
e.g.
getistio config-validate || curl <send message to slack about config drift>
getistio check-upgrade || curl <send message to slack about istio version upgrades>
TID provides FIPS compliant releases, for example. A doc should exist that provides users a step-by-step guide to verify FIPS.
Per Feb 2, 2021 with Prasad:
Currently, when browsing in mobile, the sidebar menu isn't available. We need to make this visible.
Currently, an example is provided for using cert-manager for control-plane and data-plane communications. Look into providing an example for using DNS-based cert management for control-plane components.
xref: #244
Can we fix the link/metadata to display in the following fashion?
TechCrunch Example
Example -
Currently link/metadata is showing as follows:
The current view shows no image, text that is no where to be found in the article.
After #207 getistio
binaries will be pulled from Cloudsmith
Lets add a powered by Cloudsmith(logo)
somewhere on the website beside the download instructions
https://cloudsmith.io/
As reported by several people, some of the page load time, for example, "Ecosystem & Partner" and "Istio in Practice" load is not too smooth and the loading can be quite jittery. So, we need to optimize on this front. Also, number of resources loaded can be reduced.
Description: Engineering and security teams are making Istio the standard for connecting Kubernetes applications with service mesh. Running Istio in production means trusted machine identities – digital certificates – must be used. Venafi makes it easy for developers to access trusted, enterprise-approved machine identities. Security teams get complete visibility and confidence that policy is automatically enforced. Venafi supports Istio with industry standard cert-manager created by Jetstack. GetIstio with Venafin and Jetstack provides an easy way for users to get started with Istio and cert-manager and maintain deployment.
Links:
cert-manager – https://marketplace.venafi.com/details/jetstack-cert-manager/
cert-manager + Istio for Gateway – https://istio.io/latest/docs/ops/integrations/certmanager/ [istio.io]
cert-manager + Istio for mTLS – https://github.com/cert-manager/istio-csr [github.com]
Venafi - https://www.venafi.com
The following features are currently missing from the blog page.
Here are the blank pages.
Generated pages should not be rendered for pages that do not have sub-documents.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.