Keep polidea-update in sync with master (#9057)

* Update customize prom scraping instruction. (#8976) * Update customize prom scraping instruction. * Update content/en/docs/ops/integrations/prometheus/index.md Co-authored-by: Sven Mawson <sven@google.com> Co-authored-by: Sven Mawson <sven@google.com> * IstioCon blog post (#8984) Co-authored-by: Frank Budinsky <frankb@ca.ibm.com> * s/service-apis/gateway-api/ (#8988) * Update index.md * Update index.md * Revert "remove rbac instruction (#8442)" (#8990) This reverts commit a65a859. * Update observability best practices (#8897) * Update observability best practices * Fix linting issue * Try and clarify prometheus install * Update content/en/docs/ops/best-practices/observability/index.md Co-authored-by: Frank Budinsky <frankb@ca.ibm.com> * Move to observability page Co-authored-by: Frank Budinsky <frankb@ca.ibm.com> * Add doc about how to work around missing metric expiry. (#8948) * Add doc about how to work around missing metric expiry. * address comment. * lint * add spelling change * fix * Update content/en/faq/metrics-and-logs/telemetry-v1-vs-v2.md Co-authored-by: Douglas Reid <douglas-reid@users.noreply.github.com> Co-authored-by: Douglas Reid <douglas-reid@users.noreply.github.com> * Add initial security best practices documentation (#8952) * Clarify Prometheus TLS settings. (#8962) * Clarify Prometheus TLS settings. * Update content/en/docs/ops/integrations/prometheus/index.md Co-authored-by: Eric Van Norman <ericvn@us.ibm.com> * Update content/en/docs/ops/integrations/prometheus/index.md Co-authored-by: Eric Van Norman <ericvn@us.ibm.com> * Update content/en/docs/ops/integrations/prometheus/index.md Co-authored-by: Eric Van Norman <ericvn@us.ibm.com> Co-authored-by: Eric Van Norman <ericvn@us.ibm.com> * Automator: update common-files@master in istio/istio.io@master (#8997) * Automator: update istio.io@ reference docs (#8998) * Automator: update istio.io@ reference docs (#9004) * Make attribute gen yaml file valid. (#9000) * Fix the client IP addresses for the authz ingress task (#9002) * Fix link to Configuration title (#9009) Signed-off-by: Radim Hrazdil <rhrazdil@redhat.com> * Automator: update istio.io@ reference docs (#9019) * Automator: update istio@ test reference (#9021) * Use istio-ecosystem wasm extensions repo in extensibility concept page. (#9018) * add a troubleshooting guide for multicluster (#8957) * add a troubleshooting guide for multicluster * fix meta * fix meta * address review comments * shift weight * rel link * lint * fix link * hard to tell what our mdlint customizations are... * fix mc guide link * add more context to high-level issues * cleanup phrasing * Remove fixed limitation warning (#9034) This issue no longer exists, I verified via the code and tested it myself as well. * Fixed "are is" to "are" and addressed an incorrect link (#9035) * fixing a typo * changed the link to go directly to canary upgrades page * Automator: update istio.io@ reference docs (#9036) * fix circuit breaker task (#9022) * fix circuit breaker task * gen * Add documentation for Analysis messsage IST0134 ServiceEntryAddresses… (#9020) * Add documentation for Analysis messsage IST0134 ServiceEntryAddressesRequired Signed-off-by: zufardhiyaulhaq <zufardhiyaulhaq@gmail.com> * Apply suggestions from code review Co-authored-by: Ram Vennam <rvennam@us.ibm.com> * Update content/en/docs/reference/config/analysis/ist0134/index.md Co-authored-by: Ram Vennam <rvennam@us.ibm.com> Co-authored-by: Ram Vennam <rvennam@us.ibm.com> * Add blog for zero configuration Istio (#9025) * Add blog for zero configuration Istio The intent here is to show off what Istio provides out of the box, to attempt to counteract some of the reputation Istio has gotten for being over complicated/requiring too many CRDs. * fix links * Address comments * Fix examples for newer kubectl (#9045) * Fix istio.io tests when moving to later kubectl (#9046) * Automator: update istio.io@ reference docs (#9047) * Ignore error on first kiali apply (#9048) * Ignore some errors (#9049) * Fix syntax on local rate limiting (#9044) * Add cross references to virtual machine docs (#8913) * Add cross references to virtual machine docs * Sven's suggestions * Update content/en/docs/ops/diagnostic-tools/virtual-machines/index.md Co-authored-by: Sven Mawson <sven@google.com> Co-authored-by: Sven Mawson <sven@google.com> * update authz troubleshoot common problems (#9043) * update authz troubleshoot common problems * update * Add out-of-mesh server metadata info into telemetry v2 faq. (#9017) * Add out-of-mesh server metadata info into telemetry v2 faq. * Update content/en/faq/metrics-and-logs/telemetry-v1-vs-v2.md Co-authored-by: Eric Van Norman <ericvn@us.ibm.com> * reword Co-authored-by: Eric Van Norman <ericvn@us.ibm.com> * Release notes for 1.7.8 (#9054) * Announce EOL for Istio 1.7 (#9005) * Release notes for 1.7.7 * Update content/en/news/releases/1.7.x/announcing-1.7.7/index.md Co-authored-by: Brian Avery <bavery@redhat.com> * update * update * Announce EOL for Istio 1.7 * delay to 02-25 * Delete index.md Co-authored-by: Brian Avery <bavery@redhat.com> Co-authored-by: Pengyuan Bian <bianpengyuan@google.com> Co-authored-by: Sven Mawson <sven@google.com> Co-authored-by: Istio Automation <istio-testing-bot@google.com> Co-authored-by: Frank Budinsky <frankb@ca.ibm.com> Co-authored-by: craigbox <craigbox@google.com> Co-authored-by: John Howard <howardjohn@google.com> Co-authored-by: jacob-delgado <jacob.delgado@volunteers.acasi.info> Co-authored-by: Douglas Reid <douglas-reid@users.noreply.github.com> Co-authored-by: Eric Van Norman <ericvn@us.ibm.com> Co-authored-by: lei-tang <32078630+lei-tang@users.noreply.github.com> Co-authored-by: Radim Hrazdil <32546791+rhrazdil@users.noreply.github.com> Co-authored-by: Steven Landow <steven@stlcomputerservices.com> Co-authored-by: Kang-Bae <59033920+Kang-Bae@users.noreply.github.com> Co-authored-by: masquee <okayanz@outlook.com> Co-authored-by: Zufar Dhiyaulhaq <zufardhiyaulhaq@gmail.com> Co-authored-by: Ram Vennam <rvennam@us.ibm.com> Co-authored-by: Ryan Baker <ryan.baker@c2fo.com> Co-authored-by: Yangmin Zhu <ymzhu@google.com> Co-authored-by: Jimmy Chen <28548492+JimmyCYJ@users.noreply.github.com> Co-authored-by: Brian Avery <bavery@redhat.com>
istio · Feb 25, 2021 · 59f2fa3 · 59f2fa3
1 parent f336766
commit 59f2fa3
Show file tree

Hide file tree

Showing 59 changed files with 1,031 additions and 476 deletions.
diff --git a/.spelling b/.spelling
@@ -82,6 +82,7 @@ Acmeair
 addon
 addons
 AES-NI
+Airbnb
 AKS
 AKS-Engine
 Alibaba
@@ -102,6 +103,7 @@ appswitch
 AppSwitch
 args.yaml
 AssemblyScript
+Atlassian
 AttributeGen
 Auth0
 AuthenticationPolicy
@@ -294,6 +296,7 @@ FQDN
 frontend
 frontends
 gapped
+Gather.town
 gbd
 GCP
 GCP-IAM
@@ -557,6 +560,7 @@ prepending
 prepends
 prober
 programmatically
+PromQL
 proto
 protobuf
 protoc

diff --git a/common/.commonfiles.sha b/common/.commonfiles.sha
@@ -1 +1 @@
-113c9ebd7dffc3c7912cac001245b5ce272a2fd2
+f0c964858bc7cc9f02af8d0134e913f18b5169a3
diff --git a/common/scripts/setup_env.sh b/common/scripts/setup_env.sh
@@ -63,7 +63,7 @@ fi
 
 # Build image to use
 if [[ "${IMAGE_VERSION:-}" == "" ]]; then
-  export IMAGE_VERSION=master-2021-01-29T01-18-46
+  export IMAGE_VERSION=master-2021-02-17T16-37-14
 fi
 if [[ "${IMAGE_NAME:-}" == "" ]]; then
   export IMAGE_NAME=build-tools

diff --git a/content/en/blog/2021/istiocon-2021-program/index.md b/content/en/blog/2021/istiocon-2021-program/index.md
@@ -0,0 +1,29 @@
+---
+title: "IstioCon 2021: Schedule Is Live!"
+description: Learn about sessions, panels, workshops and more on the IstioCon website.
+publishdate: 2021-02-16
+attribution: "Istio Steering Committee"
+keywords: [IstioCon,Istio,conference]
+---
+
+[IstioCon 2021](https://events.istio.io/istiocon-2021/) is a week-long, community-led, virtual conference starting on February 22.
+This event provides an opportunity to hear the lessons learned from companies like Atlassian, Airbnb, FICO, eBay, T-Mobile and
+Salesforce running Istio in production, hands-on experiences from the Istio community, and will feature maintainers from across
+the Istio ecosystem.
+
+You can now find the [full schedule of events](https://events.istio.io/istiocon-2021/schedule/) which includes a series of
+[English](https://events.istio.io/istiocon-2021/schedule/english/) sessions and
+[Chinese](https://events.istio.io/istiocon-2021/schedule/chinese/) sessions.
+
+{{< image width="75%"
+    link="./istiocon-program.png"
+    alt="IstioCon logo"
+    >}}
+
+By attending the conference, you’ll connect with community members from across the globe. Each day you will find keynotes,
+technical talks, lightning talks, panel discussions, workshops and roadmap sessions led by diverse speakers representing the
+Istio community. You can also connect with other Istio and Open Source ecosystem community members through social hour events
+that include activities on the social platform [Gather.town](https://events.istio.io/istiocon-2021/networking/), a live cartoonist,
+virtual swag bags, raffles, live music and games.
+
+Don’t miss it! [Registration](https://events.istio.io/istiocon-2021/) is free. We look forward to seeing you at the first IstioCon!
diff --git a/content/en/blog/2021/istiocon-2021-program/istiocon-program.png b/content/en/blog/2021/istiocon-2021-program/istiocon-program.png
diff --git a/content/en/blog/2021/zero-config-istio/index.md b/content/en/blog/2021/zero-config-istio/index.md
@@ -0,0 +1,81 @@
+---
+title: "Zero Configuration Istio"
+description: Understanding the benefits Istio brings, even when no configuration is used.
+publishdate: 2021-02-25
+attribution: "John Howard (Google)"
+---
+
+Often times when a new user encounters Istio for the first time, they are overwhelmed by the vast feature
+set exposed by Istio. Unfortunately, this occasionally gives the impression that Istio is needlessly complex
+and not fit for small teams or clusters.
+
+One great part about Istio, however, is that it aims to bring as much value to users out of the box without any configuration at all.
+This enables users to get most of the benefits of Istio with minimal efforts. For some users with simple requirements, custom configurations
+may never be required at all. Others will be able to incrementally add Istio configurations once they are more comfortable and as they need them, such as to add
+ingress routing, fine-tune networking settings, or lock down security policies.
+
+## Getting started
+
+To get started, check out our [getting started](/docs/setup/getting-started/) documentation, where you will learn how to install Istio.
+If you are already familiar, you can simply run `istioctl install`.
+
+Next, we will explore all the benefits Istio provides us, without any configuration or changes to application code.
+
+## Security
+
+Istio automatically enables [mutual TLS](/docs/concepts/security/#mutual-tls-authentication) for traffic between pods in the mesh.
+This enables applications to forgo complex TLS configuration and certificate management, and offload all transport layer security to the sidecar.
+
+Once comfortable with automatic TLS, you may choose to [allow only mTLS traffic](/docs/tasks/security/authentication/mtls-migration/), or configure custom [authorization policies](/docs/tasks/security/authorization/) for your needs.
+
+## Observability
+
+Istio automatically generates detailed telemetry for all service communications within a mesh.
+This telemetry provides observability of service behavior, empowering operators to troubleshoot, maintain, and optimize their applications – without imposing any additional burdens on service developers.
+Through Istio, operators gain a thorough understanding of how monitored services are interacting, both with other services and with the Istio components themselves.
+
+All of this functionality is added by Istio without any configuration. [Integrations](/docs/ops/integrations/) with tools such as Prometheus, Grafana, Jaeger, Zipkin, and Kiali are also available.
+
+For more information about the observability Istio provides, check out the [observability overview](/docs/concepts/observability/).
+
+## Traffic Management
+
+While Kubernetes provides a lot of networking functionality, such as service discovery and DNS, this is done at the L4 connection level causing a lot of potential functionality to be lost.
+For example, in a simple HTTP application sending traffic to a service with 3 replicas, we can see unbalanced load:
+
+{{< text bash >}}
+$ curl http://echo/{0..5} -s | grep Hostname
+Hostname=echo-cb96f8d94-2ssll
+Hostname=echo-cb96f8d94-2ssll
+Hostname=echo-cb96f8d94-2ssll
+Hostname=echo-cb96f8d94-2ssll
+Hostname=echo-cb96f8d94-2ssll
+Hostname=echo-cb96f8d94-2ssll
+$ curl http://echo/{0..5} -s | grep Hostname
+Hostname=echo-cb96f8d94-879sn
+Hostname=echo-cb96f8d94-879sn
+Hostname=echo-cb96f8d94-879sn
+Hostname=echo-cb96f8d94-879sn
+Hostname=echo-cb96f8d94-879sn
+Hostname=echo-cb96f8d94-879sn
+{{< /text >}}
+
+The problem here is Kubernetes will determine the backend to send at connection establishment, then all future requests on the same connection will be sent to the same backend.
+In our example here, our first 5 requests are all sent to `echo-cb96f8d94-2ssll`, while our next set (using a new connection) are all sent to `echo-cb96f8d94-879sn`.
+Our third instance never receives any requests.
+
+With Istio, HTTP (including HTTP2 and gRPC) traffic is automatically detected, and our services will automatically be load balanced per request, rather than per connection:
+
+{{< text bash >}}
+$ curl http://echo/{0..5} -s | grep Hostname
+Hostname=echo-cb96f8d94-wf4xk
+Hostname=echo-cb96f8d94-rpfqz
+Hostname=echo-cb96f8d94-cgmxr
+Hostname=echo-cb96f8d94-wf4xk
+Hostname=echo-cb96f8d94-rpfqz
+Hostname=echo-cb96f8d94-cgmxr
+{{< /text >}}
+
+Here we can see our requests are [round-robin](/docs/concepts/traffic-management/#load-balancing-options) load balanced between all backends.
+
+In addition to these better defaults, Istio offers customization of a [variety of traffic management settings](/docs/concepts/traffic-management/), including timeouts, retries, and much more.
diff --git a/content/en/boilerplates/helm-hub-tag.md b/content/en/boilerplates/helm-hub-tag.md
@@ -3,5 +3,5 @@
 {{< warning >}}
 Prior to Istio 1.9.0, installations using the Helm charts required hub and tag arguments:
 `--set global.hub="docker.io/istio"` and `--set global.tag="1.8.2"`. As of Istio
-1.9.0 these are is no longer required.
+1.9.0 these are no longer required.
 {{< /warning >}}
diff --git a/content/en/docs/concepts/wasm/index.md b/content/en/docs/concepts/wasm/index.md
@@ -35,21 +35,12 @@ Istio extensions (Proxy-Wasm plugins) have several components:
 ## Example
 
 An example C++ Proxy-Wasm plugin for a filter can be found
-[here](https://github.com/envoyproxy/envoy/tree/67609bc22f68cd3e05f5c01264a33932377955c7/examples/wasm-cc).
-
-To implement a Proxy-Wasm plugin for a filter:
-
-- Implement a [root context class](https://github.com/envoyproxy/envoy/blob/67609bc22f68cd3e05f5c01264a33932377955c7/examples/wasm-cc/envoy_filter_http_wasm_example.cc#L8) which inherits [base root context class](https://github.com/proxy-wasm/proxy-wasm-cpp-sdk/blob/1b5f69ce1535b0c21f88c4af4ebf0ec51d255abe/proxy_wasm_api.h#L310)
-- Implement a [stream context class](https://github.com/envoyproxy/envoy/blob/67609bc22f68cd3e05f5c01264a33932377955c7/examples/wasm-cc/envoy_filter_http_wasm_example.cc#L17) which inherits the [base context class](https://github.com/proxy-wasm/proxy-wasm-cpp-sdk/blob/1b5f69ce1535b0c21f88c4af4ebf0ec51d255abe/proxy_wasm_api.h#L439).
-- Override [context API](https://github.com/envoyproxy/envoy/blob/67609bc22f68cd3e05f5c01264a33932377955c7/examples/wasm-cc/envoy_filter_http_wasm_example.cc#L49) methods to handle corresponding initialization and stream events from host.
-- [Register](https://github.com/envoyproxy/envoy/blob/67609bc22f68cd3e05f5c01264a33932377955c7/examples/wasm-cc/envoy_filter_http_wasm_example.cc#L30) the root context and stream context.
-
-## SDK
-
-A detailed description of the C++ SDK can be found [here](https://github.com/proxy-wasm/proxy-wasm-cpp-sdk/tree/a30aaeedf30cc1545318505574c7fb3bb8d8c243/docs/wasm_filter.md).
+[here](https://github.com/istio-ecosystem/wasm-extensions/tree/master/example).
+You can follow [this guide](https://github.com/istio-ecosystem/wasm-extensions/blob/master/doc/write-a-wasm-extension-with-cpp.md) to implement a Wasm extension with C++.
 
 ## Ecosystem
 
+- [Istio Ecosystem Wasm Extensions](https://github.com/istio-ecosystem/wasm-extensions)
 - [Proxy-Wasm ABI specification](https://github.com/proxy-wasm/spec)
 - [Proxy-Wasm C++ SDK](https://github.com/proxy-wasm/proxy-wasm-cpp-sdk)
 - [Proxy-Wasm Rust SDK](https://github.com/proxy-wasm/proxy-wasm-rust-sdk)

diff --git a/content/en/docs/ops/best-practices/observability/index.md b/content/en/docs/ops/best-practices/observability/index.md
@@ -13,18 +13,14 @@ The recommended approach for production-scale monitoring of Istio meshes with Pr
 is to use [hierarchical federation](https://prometheus.io/docs/prometheus/latest/federation/#hierarchical-federation)
 in combination with a collection of [recording rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/).
 
-In default deployments of Istio, a deployment of [Prometheus](http://prometheus.io) is
-provided for collecting metrics generated for all mesh traffic. This deployment of
-Prometheus is intentionally deployed with a very short retention window (6 hours). The
-default Prometheus deployment is also configured to collect metrics from each Envoy proxy
+Although installing Istio does not deploy [Prometheus](http://prometheus.io) by default, the
+[Getting Started](/docs/setup/getting-started/) instructions install the `Option 1: Quick Start` deployment
+of Prometheus described in the [Prometheus integration guide](/docs/ops/integrations/prometheus/).
+This deployment of Prometheus is intentionally configured with a very short retention window (6 hours). The
+quick-start Prometheus deployment is also configured to collect metrics from each Envoy proxy
 running in the mesh, augmenting each metric with a set of labels about their origin (`instance`,
 `pod`, and `namespace`).
 
-While the default configuration is well-suited for small clusters and monitoring for short time horizons,
-it is not suitable for large-scale meshes or monitoring over a period of days or weeks. In particular,
-the introduced labels can increase metrics cardinality, requiring a large amount of storage. And, when trying
-to identify trends and differences in traffic over time, access to historical data can be paramount.
-
 {{< image width="80%"
     link="./production-prometheus.svg"
     alt="Architecture for production monitoring of Istio using Prometheus."
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		113c9ebd7dffc3c7912cac001245b5ce272a2fd2
		f0c964858bc7cc9f02af8d0134e913f18b5169a3