tetratelabs / istio-distro.io Goto Github PK

https://getistio.io

Does the Event mechanism support Multi-day events?

IstioCon 2021 is a 4 day event and would be good to include that in the event details.

Right now we use examples (eg AWS integration), but we don't actually show the fields that exist in the object for someone that wants to full it out. We should include documentation for those objects somewhere on the site - possible in the gen-ca reference docs?

The objects are spread across a few files:

• https://github.com/tetratelabs/getistio/blob/5d47165c6b2193653d9f37cd52d8de4c8a7342da/src/cacerts/providers/config/config.go#L41-L82
• https://github.com/tetratelabs/getistio/blob/5d47165c6b2193653d9f37cd52d8de4c8a7342da/src/cacerts/providers/models/models.go#L29-L84

I need some input on styling the GetIstio CLI reference content. Currently we have something like this on the See Also section, where the commands are listed as link.

So, I have 2 questions:

1. Should we display these commands as code as well, instead of link, such as this:

2. If so, then is there any comment on the color? I like this pink color, but we can find something else if anyone wants to test different alternative.

Feel free to give feedback @mathetake @PetrMc @oletizi @deva26 :)

• Add jetstack partner page
• Move cert-manager info from Venafi partner page to cert-manager page

From Feb 2, 2021 conversation with Prasad:

• Make download and install of getistio the primary CTA
• Links to platform-specific distro pages should be available, but not highlighted
• Administrivia about what versions are available and EOL announcements can also be pushed down to distro matrix pages

I think the amount of comments in the current versions makes it hard to read/makes it seem more complicated than it is:

 providerName: "gcp" 
 providerConfig: 
   gcp: 
     #This will hold the full CA name for the certificate authority you created on GCP 
     casCAName: "projects/{project-id}/locations/{location}/certificateAuthorities/{YourCA}" 
  
 certificateParameters: 
   secretOptions: 
     # Namespace where 'cacerts' Kubernetes secret is created on your target cluster 
     istioCANamespace: "istio-system" 
     # SecretFilePath is the file path used to store the Kubernetes Secret in yaml format 
     secretFilePath: 
     # Force flag when enabled forcefully deletes the `cacerts` secret 
     # in istioNamespace, and creates a new one. 
     force: true 
   caOptions: 
     # ValidityDays represents the number of validity days before the CA expires. 
     validityDays: 365 
     # KeyLength is the length(bits) of Key to be created 
     keyLength: 2048 
     # This is x509.CertificateRequest. Only a few fields are shown below 
     certSigningRequestParams: 
       subject: 
         commonname: "getistio.example.io" 
         country: 
           - "US" 
         locality: 
           - "Sunnyvale" 
         organization: 
           - "Istio" 
         organizationunit: 
           - "engineering" 
       emailaddresses: 
         - "[email protected]" 

I'd rather we simplify it a bit like:

 providerName: "gcp" 
 providerConfig: 
   gcp: 
     #This will hold the full CA name for the certificate authority you created on GCP 
     casCAName: "projects/{project-id}/locations/{location}/certificateAuthorities/{YourCA}" 
  
 certificateParameters: 
   secretOptions: 
     istioCANamespace: "istio-system" # namespace where `cacerts` secrets lives
     force: true # force delete the `cacerts` secret and replace it with this new one
   caOptions: 
     validityDays: 365 # validity days before the CA expires
     keyLength: 2048  # length(bits) of Key to be created 
     certSigningRequestParams: # x509.CertificateRequest; most fields omitted
       subject: 
         commonname: "getistio.example.io" 
         country: 
           - "US" 
         locality: 
           - "Sunnyvale" 
         organization: 
           - "Istio" 
         organizationunit: 
           - "engineering" 
       emailaddresses: 
         - "[email protected]" 

bintray is kind of a implementation detail of getistio, so I would like to redirect getistio.io/download to the download load script located in bintray tetrate.bintray.com/getistio/download.sh so that users can download getistio as follows:

curl -sL https://getistio.io/download | bash

This is similar to what Istio does with istio.io/downloadIstio where they redirect it to https://raw.githubusercontent.com/istio/istio/master/release/downloadIstioCandidate.sh.

FWIW, getenvoy also does the same thing: https://github.com/tetratelabs/getenvoy.io/blob/master/site/static/_redirects#L1

when i install istio on microk8s get error.

ubuntu@microk8s-vm:~$ getistio istioctl install -set profile=demo

Checking the cluster to make sure it is ready for Istio installation...

#1. Kubernetes-api
-----------------------
Can initialize the Kubernetes client.
Can query the Kubernetes API Server.

#2. Kubernetes-version
-----------------------
Istio is compatible with Kubernetes: v1.20.4-34+1ae8c29bbb48f7.

#3. Istio-existence
-----------------------
Istio will be installed in the istio-system namespace.

#4. Kubernetes-setup
-----------------------
Can create necessary Kubernetes configurations: Namespace,ClusterRole,ClusterRoleBinding,CustomResourceDefinition,Role,ServiceAccount,Service,Deployments,ConfigMap.

#5. SideCar-Injector
-----------------------
This Kubernetes cluster supports automatic sidecar injection. To enable automatic sidecar injection see https://istio.io/v1.9/docs/setup/additional-setup/sidecar-injection/#deploying-an-app

-----------------------
Install Pre-Check passed! The cluster is ready for Istio installation.

Error: accepts 0 arg(s), received 1
error executing istioctl: exit status 1

Can we limit the number of events that are displayed on the Upcoming events slider?

It is currently offset when 4 events are available.

It's not clear to me what secretFilePath does from our docs:

https://github.com/tetratelabs/getistio.io/blob/13e2c677270f812edb6ebaf8620dcdb3f1052974/content/en/istio-ca-certs-integrations/gcp-cas-integration/_index.md#L38-L39

It looks like that's the file path for the certs on disk? If so, we should spell it out, and say that if it's omitted it defaults (to ~/.getistio/secret/). IMO I'd probably even just remove from the examples.

Related, I think the force field is a bit tough to understand ATM as well; I'd call it overrideExistingCACertsSecret or similar.

https://github.com/tetratelabs/getistio.io/blob/13e2c677270f812edb6ebaf8620dcdb3f1052974/content/en/istio-ca-certs-integrations/gcp-cas-integration/_index.md#L40-L42

Seems like the biggest performance bottleneck of the site is coming from the fact that we embed Asciinema video from external source. Previous effort to load Asciinema locally and serve it from CDN sometimes results in the video mysteriously disappear. If we can solve that issue and run Asciinema file from CDN, it would be awesome.

The middle container should expand to fill the available space on the page (and push the footer to the bottom). See the space below the footer on the screenshot. This happens when there's not enough content to fill the page (e.g. /istio-ca-certs-integrations or /istio-cheatsheet)

The example fails due to an incorrect IOP example. The example should be updated to properly reference the "istio-ca-root-cert" ConfigMap.

xref: https://istio.tetratelabs.io/istio-ca-certs-integrations/cert-manager-integration/

YAML snippets could look much better than they do right now (see yaml-before screenshot).

Here's how it looks like with the solarized-dark theme (+ I added the copy button).

Multilanguage seems pretty buggy now. I can change from En - Zh, but after being in Zh, back to En is not working. Will look into this.

The download page has a broken link.

The link for "Tetrate Istio Distro Install and Update Page" currently points to:

/getmesh-cli/install-and-update-of-getistio

but should (I think) point to:

/getmesh-cli/install/install-and-update/

See screenshot:

If the link text is the same color as the rest of the text, visitors will not be able to distinguish which ones are links and will not click on them. See the image below.

Image from https://getistio.io/partners/jetstack/

Default ul li don't show up properly on partner pages, e.g.: https://getistio-demo.netlify.app/partners/keyfactor/

We're going to have a few quotes from partners, maybe others. We need a way to put those on the GetIstio home page

On /blog, one of the images is seems smaller than the others and it pulls that entry to the left (see screenshot). It should all be aligned.

In the sticky sessions tutorial, I am using the image learnistio/sticky-svc:1.0.0. This image should be re-pushed to the Tetrate's registry and the text updated with the new image name.

while doing PR for documentation update PR it was discovered that all tests for Netlify can't be run (and turn to fail state due outdated Ubuntu version).

10:12:45 AM: ---------------------------------------------------------------------
  UNSUPPORTED BUILD IMAGE

  The build image for this site uses Ubuntu 16.04 Xenial Xerus, which is no longer supported.

  To enable builds for this site, select a later build image at the following link:
  https://app.netlify.com/sites/getistio-demo/settings/deploys#build-image-selection

  For more details, visit the build migration guide:
  https://answers.netlify.com/t/please-read-end-of-support-for-xenial-build-image-everything-you-need-to-know/68239
  ---------------------------------------------------------------------

@deva26 / @pmerrison / @MB-Designs / @peterj / @Marc-Morata-Fite / @psbrar99 - I wouldn't mind looking into it but don't have access to Netfly - can one of you help me with getting access?

Thank you!

Using < in Markdown gets translated to a blockquote, however, it seems like there's no styling on it, so it gets rendered the same way as normal text.

e.g.

• getistio config-validate || curl <send message to slack about config drift>
• getistio check-upgrade || curl <send message to slack about istio version upgrades>

TID provides FIPS compliant releases, for example. A doc should exist that provides users a step-by-step guide to verify FIPS.

Per Feb 2, 2021 with Prasad:

• remove the free/paid matrix from FAQ
• everything on GetIstio is always free
• Need to add a promo for support from Tetrate to the FAQ and the homepage that links to https://tetrate.io/getistio

Currently, when browsing in mobile, the sidebar menu isn't available. We need to make this visible.

Currently, an example is provided for using cert-manager for control-plane and data-plane communications. Look into providing an example for using DNS-based cert management for control-plane components.

xref: #244

Can we fix the link/metadata to display in the following fashion?

TechCrunch Example
Example -

GetIstio Site

Currently link/metadata is showing as follows:

The current view shows no image, text that is no where to be found in the article.

After #207 getistio binaries will be pulled from Cloudsmith
Lets add a powered by Cloudsmith(logo) somewhere on the website beside the download instructions
https://cloudsmith.io/

As reported by several people, some of the page load time, for example, "Ecosystem & Partner" and "Istio in Practice" load is not too smooth and the loading can be quite jittery. So, we need to optimize on this front. Also, number of resources loaded can be reduced.

Description: Engineering and security teams are making Istio the standard for connecting Kubernetes applications with service mesh. Running Istio in production means trusted machine identities – digital certificates – must be used. Venafi makes it easy for developers to access trusted, enterprise-approved machine identities. Security teams get complete visibility and confidence that policy is automatically enforced. Venafi supports Istio with industry standard cert-manager created by Jetstack. GetIstio with Venafin and Jetstack provides an easy way for users to get started with Istio and cert-manager and maintain deployment.

Links:
cert-manager – https://marketplace.venafi.com/details/jetstack-cert-manager/
cert-manager + Istio for Gateway – https://istio.io/latest/docs/ops/integrations/certmanager/ [istio.io]
cert-manager + Istio for mTLS – https://github.com/cert-manager/istio-csr [github.com]
Venafi - https://www.venafi.com

The following features are currently missing from the blog page.

• Add tag, author, and category to the header of each blog post markdown file, display the authors
• Blog banner issue: If the blog title is too long, the banner will be short on the blog listing page, so you need to fix the width of the banner and the title.
• Add a See also section to the blog, this is a built-in feature in Hugo, we just need to change the CSS
• Add a banner to blog section, will make the blog page more engaging.

Here are the blank pages.

• https://getistio.io/faq/faqs/
• https://getistio.io/istio-cheatsheet/cheatsheet/

Generated pages should not be rendered for pages that do not have sub-documents.