Keep polidea-update in sync with master

.spelling

@@ -82,6 +82,7 @@ Acmeair
 addon
 addons
 AES-NI
+Airbnb
 AKS
 AKS-Engine
 Alibaba
@@ -102,6 +103,7 @@ appswitch
 AppSwitch
 args.yaml
 AssemblyScript
+Atlassian
 AttributeGen
 Auth0
 AuthenticationPolicy
@@ -294,6 +296,7 @@ FQDN
 frontend
 frontends
 gapped
+Gather.town
 gbd
 GCP
 GCP-IAM
@@ -557,6 +560,7 @@ prepending
 prepends
 prober
 programmatically
+PromQL
 proto
 protobuf
 protoc

common/.commonfiles.sha

@@ -1 +1 @@
-113c9ebd7dffc3c7912cac001245b5ce272a2fd2
+f0c964858bc7cc9f02af8d0134e913f18b5169a3

common/scripts/setup_env.sh

@@ -63,7 +63,7 @@ fi
 
 # Build image to use
 if [[ "${IMAGE_VERSION:-}" == "" ]]; then
-  export IMAGE_VERSION=master-2021-01-29T01-18-46
+  export IMAGE_VERSION=master-2021-02-17T16-37-14
 fi
 if [[ "${IMAGE_NAME:-}" == "" ]]; then
   export IMAGE_NAME=build-tools

content/en/blog/2021/istiocon-2021-program/index.md

@@ -0,0 +1,29 @@
+---
+title: "IstioCon 2021: Schedule Is Live!"
+description: Learn about sessions, panels, workshops and more on the IstioCon website.
+publishdate: 2021-02-16
+attribution: "Istio Steering Committee"
+keywords: [IstioCon,Istio,conference]
+---
+
+[IstioCon 2021](https://events.istio.io/istiocon-2021/) is a week-long, community-led, virtual conference starting on February 22.
+This event provides an opportunity to hear the lessons learned from companies like Atlassian, Airbnb, FICO, eBay, T-Mobile and
+Salesforce running Istio in production, hands-on experiences from the Istio community, and will feature maintainers from across
+the Istio ecosystem.
+
+You can now find the [full schedule of events](https://events.istio.io/istiocon-2021/schedule/) which includes a series of
+[English](https://events.istio.io/istiocon-2021/schedule/english/) sessions and
+[Chinese](https://events.istio.io/istiocon-2021/schedule/chinese/) sessions.
+
+{{< image width="75%"
+    link="./istiocon-program.png"
+    alt="IstioCon logo"
+    >}}
+
+By attending the conference, you’ll connect with community members from across the globe. Each day you will find keynotes,
+technical talks, lightning talks, panel discussions, workshops and roadmap sessions led by diverse speakers representing the
+Istio community. You can also connect with other Istio and Open Source ecosystem community members through social hour events
+that include activities on the social platform [Gather.town](https://events.istio.io/istiocon-2021/networking/), a live cartoonist,
+virtual swag bags, raffles, live music and games.
+
+Don’t miss it! [Registration](https://events.istio.io/istiocon-2021/) is free. We look forward to seeing you at the first IstioCon!

content/en/blog/2021/zero-config-istio/index.md

@@ -0,0 +1,81 @@
+---
+title: "Zero Configuration Istio"
+description: Understanding the benefits Istio brings, even when no configuration is used.
+publishdate: 2021-02-25
+attribution: "John Howard (Google)"
+---
+
+Often times when a new user encounters Istio for the first time, they are overwhelmed by the vast feature
+set exposed by Istio. Unfortunately, this occasionally gives the impression that Istio is needlessly complex
+and not fit for small teams or clusters.
+
+One great part about Istio, however, is that it aims to bring as much value to users out of the box without any configuration at all.
+This enables users to get most of the benefits of Istio with minimal efforts. For some users with simple requirements, custom configurations
+may never be required at all. Others will be able to incrementally add Istio configurations once they are more comfortable and as they need them, such as to add
+ingress routing, fine-tune networking settings, or lock down security policies.
+
+## Getting started
+
+To get started, check out our [getting started](/docs/setup/getting-started/) documentation, where you will learn how to install Istio.
+If you are already familiar, you can simply run `istioctl install`.
+
+Next, we will explore all the benefits Istio provides us, without any configuration or changes to application code.
+
+## Security
+
+Istio automatically enables [mutual TLS](/docs/concepts/security/#mutual-tls-authentication) for traffic between pods in the mesh.
+This enables applications to forgo complex TLS configuration and certificate management, and offload all transport layer security to the sidecar.
+
+Once comfortable with automatic TLS, you may choose to [allow only mTLS traffic](/docs/tasks/security/authentication/mtls-migration/), or configure custom [authorization policies](/docs/tasks/security/authorization/) for your needs.
+
+## Observability
+
+Istio automatically generates detailed telemetry for all service communications within a mesh.
+This telemetry provides observability of service behavior, empowering operators to troubleshoot, maintain, and optimize their applications – without imposing any additional burdens on service developers.
+Through Istio, operators gain a thorough understanding of how monitored services are interacting, both with other services and with the Istio components themselves.
+
+All of this functionality is added by Istio without any configuration. [Integrations](/docs/ops/integrations/) with tools such as Prometheus, Grafana, Jaeger, Zipkin, and Kiali are also available.
+
+For more information about the observability Istio provides, check out the [observability overview](/docs/concepts/observability/).
+
+## Traffic Management
+
+While Kubernetes provides a lot of networking functionality, such as service discovery and DNS, this is done at the L4 connection level causing a lot of potential functionality to be lost.
+For example, in a simple HTTP application sending traffic to a service with 3 replicas, we can see unbalanced load:
+
+{{< text bash >}}
+$ curl http://echo/{0..5} -s | grep Hostname
+Hostname=echo-cb96f8d94-2ssll
+Hostname=echo-cb96f8d94-2ssll
+Hostname=echo-cb96f8d94-2ssll
+Hostname=echo-cb96f8d94-2ssll
+Hostname=echo-cb96f8d94-2ssll
+Hostname=echo-cb96f8d94-2ssll
+$ curl http://echo/{0..5} -s | grep Hostname
+Hostname=echo-cb96f8d94-879sn
+Hostname=echo-cb96f8d94-879sn
+Hostname=echo-cb96f8d94-879sn
+Hostname=echo-cb96f8d94-879sn
+Hostname=echo-cb96f8d94-879sn
+Hostname=echo-cb96f8d94-879sn
+{{< /text >}}
+
+The problem here is Kubernetes will determine the backend to send at connection establishment, then all future requests on the same connection will be sent to the same backend.
+In our example here, our first 5 requests are all sent to `echo-cb96f8d94-2ssll`, while our next set (using a new connection) are all sent to `echo-cb96f8d94-879sn`.
+Our third instance never receives any requests.
+
+With Istio, HTTP (including HTTP2 and gRPC) traffic is automatically detected, and our services will automatically be load balanced per request, rather than per connection:
+
+{{< text bash >}}
+$ curl http://echo/{0..5} -s | grep Hostname
+Hostname=echo-cb96f8d94-wf4xk
+Hostname=echo-cb96f8d94-rpfqz
+Hostname=echo-cb96f8d94-cgmxr
+Hostname=echo-cb96f8d94-wf4xk
+Hostname=echo-cb96f8d94-rpfqz
+Hostname=echo-cb96f8d94-cgmxr
+{{< /text >}}
+
+Here we can see our requests are [round-robin](/docs/concepts/traffic-management/#load-balancing-options) load balanced between all backends.
+
+In addition to these better defaults, Istio offers customization of a [variety of traffic management settings](/docs/concepts/traffic-management/), including timeouts, retries, and much more.

content/en/boilerplates/helm-hub-tag.md

@@ -3,5 +3,5 @@
 {{< warning >}}
 Prior to Istio 1.9.0, installations using the Helm charts required hub and tag arguments:
 `--set global.hub="docker.io/istio"` and `--set global.tag="1.8.2"`. As of Istio
-1.9.0 these are is no longer required.
+1.9.0 these are no longer required.
 {{< /warning >}}

content/en/docs/concepts/wasm/index.md

@@ -35,21 +35,12 @@ Istio extensions (Proxy-Wasm plugins) have several components:
 ## Example
 
 An example C++ Proxy-Wasm plugin for a filter can be found
-[here](https://github.com/envoyproxy/envoy/tree/67609bc22f68cd3e05f5c01264a33932377955c7/examples/wasm-cc).
-
-To implement a Proxy-Wasm plugin for a filter:
-
-- Implement a [root context class](https://github.com/envoyproxy/envoy/blob/67609bc22f68cd3e05f5c01264a33932377955c7/examples/wasm-cc/envoy_filter_http_wasm_example.cc#L8) which inherits [base root context class](https://github.com/proxy-wasm/proxy-wasm-cpp-sdk/blob/1b5f69ce1535b0c21f88c4af4ebf0ec51d255abe/proxy_wasm_api.h#L310)
-- Implement a [stream context class](https://github.com/envoyproxy/envoy/blob/67609bc22f68cd3e05f5c01264a33932377955c7/examples/wasm-cc/envoy_filter_http_wasm_example.cc#L17) which inherits the [base context class](https://github.com/proxy-wasm/proxy-wasm-cpp-sdk/blob/1b5f69ce1535b0c21f88c4af4ebf0ec51d255abe/proxy_wasm_api.h#L439).
-- Override [context API](https://github.com/envoyproxy/envoy/blob/67609bc22f68cd3e05f5c01264a33932377955c7/examples/wasm-cc/envoy_filter_http_wasm_example.cc#L49) methods to handle corresponding initialization and stream events from host.
-- [Register](https://github.com/envoyproxy/envoy/blob/67609bc22f68cd3e05f5c01264a33932377955c7/examples/wasm-cc/envoy_filter_http_wasm_example.cc#L30) the root context and stream context.
-
-## SDK
-
-A detailed description of the C++ SDK can be found [here](https://github.com/proxy-wasm/proxy-wasm-cpp-sdk/tree/a30aaeedf30cc1545318505574c7fb3bb8d8c243/docs/wasm_filter.md).
+[here](https://github.com/istio-ecosystem/wasm-extensions/tree/master/example).
+You can follow [this guide](https://github.com/istio-ecosystem/wasm-extensions/blob/master/doc/write-a-wasm-extension-with-cpp.md) to implement a Wasm extension with C++.
 
 ## Ecosystem
 
+- [Istio Ecosystem Wasm Extensions](https://github.com/istio-ecosystem/wasm-extensions)
 - [Proxy-Wasm ABI specification](https://github.com/proxy-wasm/spec)
 - [Proxy-Wasm C++ SDK](https://github.com/proxy-wasm/proxy-wasm-cpp-sdk)
 - [Proxy-Wasm Rust SDK](https://github.com/proxy-wasm/proxy-wasm-rust-sdk)

content/en/docs/ops/best-practices/observability/index.md

@@ -13,18 +13,14 @@ The recommended approach for production-scale monitoring of Istio meshes with Pr
 is to use [hierarchical federation](https://prometheus.io/docs/prometheus/latest/federation/#hierarchical-federation)
 in combination with a collection of [recording rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/).
 
-In default deployments of Istio, a deployment of [Prometheus](http://prometheus.io) is
-provided for collecting metrics generated for all mesh traffic. This deployment of
-Prometheus is intentionally deployed with a very short retention window (6 hours). The
-default Prometheus deployment is also configured to collect metrics from each Envoy proxy
+Although installing Istio does not deploy [Prometheus](http://prometheus.io) by default, the
+[Getting Started](/docs/setup/getting-started/) instructions install the `Option 1: Quick Start` deployment
+of Prometheus described in the [Prometheus integration guide](/docs/ops/integrations/prometheus/).
+This deployment of Prometheus is intentionally configured with a very short retention window (6 hours). The
+quick-start Prometheus deployment is also configured to collect metrics from each Envoy proxy
 running in the mesh, augmenting each metric with a set of labels about their origin (`instance`,
 `pod`, and `namespace`).
 
-While the default configuration is well-suited for small clusters and monitoring for short time horizons,
-it is not suitable for large-scale meshes or monitoring over a period of days or weeks. In particular,
-the introduced labels can increase metrics cardinality, requiring a large amount of storage. And, when trying
-to identify trends and differences in traffic over time, access to historical data can be paramount.
-
 {{< image width="80%"
     link="./production-prometheus.svg"
     alt="Architecture for production monitoring of Istio using Prometheus."