13 |
--------------------------------------------------------------------------------
/_docs/concepts/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Concepts
3 | overview: Concepts help you learn about the different parts of the Istio system and the abstractions it uses.
4 |
5 | order: 10
6 |
7 | layout: docs
8 | type: markdown
9 | toc: false
10 | ---
11 |
12 | {% include section-index.html docs=site.docs %}
13 |
--------------------------------------------------------------------------------
/robots.txt:
--------------------------------------------------------------------------------
1 | ---
2 | layout: null
3 | ---
4 |
5 | User-agent: *
6 | {% for node in site.pages %}{% if node.noindex %}{% assign isset = true %}Disallow: {{ node.url }}
7 | {% endif %}{% endfor %}{% if isset != true %}Disallow:
8 | {% endif %}
9 | Disallow: /v-0.1
10 | Sitemap: https://istio.io/sitemap.xml
11 |
--------------------------------------------------------------------------------
/_glossary/source.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Source
3 | type: markdown
4 | ---
5 | The downstream client of the [Envoy](#envoy) proxy.
6 | Within the [service mesh](#service-mesh) a source is typically a
7 | [workload](#workload), but the source for ingress traffic may include other clients such as a
8 | browser or mobile app.
9 |
--------------------------------------------------------------------------------
/_docs/concepts/traffic-management/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Traffic Management
3 | overview: Describes the various Istio features focused on traffic routing and control.
4 |
5 | order: 20
6 |
7 | layout: docs
8 | type: markdown
9 | toc: false
10 | ---
11 |
12 | {% include section-index.html docs=site.docs %}
13 |
--------------------------------------------------------------------------------
/_docs/tasks/traffic-management/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Traffic Management
3 | overview: Describes tasks that demonstrate traffic routing features of Istio service mesh.
4 |
5 | order: 10
6 |
7 | layout: docs
8 | type: markdown
9 | toc: false
10 | ---
11 |
12 | {% include section-index.html docs=site.docs %}
13 |
--------------------------------------------------------------------------------
/_faq/general/how-was-istio-started.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: How was Istio started?
3 | order: 50
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | The Istio project was started by teams from Google and IBM in partnership with the Envoy team from Lyft. It's been
9 | developed fully in the open on GitHub.
10 |
--------------------------------------------------------------------------------
/_faq/general/istio-doesnt-work.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Istio doesn't work - what do I do?
3 | order: 90
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Check out the [troubleshooting guide]({{home}}/troubleshooting) for finding solutions and our
9 | [bug reporting]({{home}}/bugs) page for filing bugs.
10 |
--------------------------------------------------------------------------------
/_docs/tasks/security/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Security
3 | overview: Describes tasks that help securing the service mesh traffic.
4 |
5 | order: 40
6 |
7 | layout: docs
8 | type: markdown
9 | toc: false
10 | redirect_from: /docs/tasks/istio-auth.html
11 | ---
12 |
13 | {% include section-index.html docs=site.docs %}
14 |
--------------------------------------------------------------------------------
/_docs/setup/consul/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Nomad & Consul
3 | overview: Instructions for installing the Istio control plane in a Consul based environment, with or without Nomad.
4 |
5 | order: 20
6 |
7 | layout: docs
8 | type: markdown
9 | toc: false
10 | ---
11 |
12 | {% include section-index.html docs=site.docs %}
13 |
--------------------------------------------------------------------------------
/_docs/tasks/telemetry/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Metrics, Logs, and Traces
3 | overview: Describes tasks that demonstrate how to collect telemetry information from the service mesh.
4 |
5 | order: 30
6 |
7 | layout: docs
8 | type: markdown
9 | toc: false
10 | ---
11 |
12 | {% include section-index.html docs=site.docs %}
13 |
--------------------------------------------------------------------------------
/_glossary/mutual-tls.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Mutual TLS Authentication
3 | type: markdown
4 | ---
5 | {% include home.html %}
6 |
7 | Mutual TLS provides strong service-to-service authentication with built-in identity and credential management.
8 | [Learn more about mutual TLS authentication]({{home}}/docs/concepts/security/mutual-tls.html).
9 |
--------------------------------------------------------------------------------
/_faq/security/does-istio-support-authorization.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Does Istio Auth support authorization?
3 | order: 110
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Yes. Starting from Istio 0.5 release, we provide Role Based Access Control for services in Istio mesh. [Learn more]({{home}}/docs/concepts/security/rbac.html).
9 |
--------------------------------------------------------------------------------
/_docs/tasks/traffic-management-v1alpha3/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Traffic Management (v1alpha3)
3 | overview: WIP - Describes tasks that demonstrate traffic routing features of Istio service mesh.
4 |
5 | order: 15
6 |
7 | layout: docs
8 | type: markdown
9 | toc: false
10 | ---
11 |
12 | {% include section-index.html docs=site.docs %}
13 |
--------------------------------------------------------------------------------
/_faq/mixer/writing-custom-adapters.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: How can I write a custom adapter for Mixer?
3 | order: 40
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Learn how to implement a new adapter for Mixer by consulting the
9 | [Adapter Developer's Guide](https://github.com/istio/istio/blob/master/mixer/doc/adapters.md).
10 |
--------------------------------------------------------------------------------
/_includes/file-content.html:
--------------------------------------------------------------------------------
1 | {% comment %}
2 | Purpose:
3 | Inserts preformatted block whose content is sources from an external URL.
4 |
5 | Usage:
6 | {% include file-content.html url='' %}
7 | {% endcomment %}
8 |
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/_glossary/destination.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Destination
3 | type: markdown
4 | ---
5 | The remote upstream service [Envoy](#envoy) is talking to on behalf of a [source](#source) [workload](#workload).
6 | There can be one or more [service versions](#service-version) for a given [service](#service) and Envoy chooses the version based on
7 | routing rules.
8 |
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contribution guidelines
2 |
3 | So, you want to hack on the Istio web site? Yay! Please refer to Istio's overall
4 | [contribution guidelines](https://github.com/istio/community/blob/master/CONTRIBUTING.md)
5 | to find out how you can help.
6 |
7 | For specifics on hacking on our site, check this [info](https://istio.io/about/contribute/)
8 |
--------------------------------------------------------------------------------
/_about/contribute/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Contributing to the Docs
3 | overview: Learn how to contribute to improve and expand the Istio documentation.
4 |
5 | order: 100
6 |
7 | layout: about
8 | type: markdown
9 | toc: false
10 | redirect_from: /docs/welcome/contribute/index.html
11 | ---
12 |
13 | {% include section-index.html docs=site.about %}
14 |
--------------------------------------------------------------------------------
/_faq/security/https-overlay.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Can I install Istio sidecar for https services?
3 | order: 170
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Yes, you can. It works both with mutual TLS enabled and disabled. Refer to [how Istio mTLS works with https services]({{home}}/docs/tasks/security/https-overlay.html) for more information.
9 |
--------------------------------------------------------------------------------
/_faq/setup/k8s-migrating.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Kubernetes - Can I migrate an existing installation from Istio v0.1.x to v0.2.x?
3 | order: 30
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Upgrading from Istio 0.1.x to 0.2.x is not supported. You must uninstall Istio v0.1, _including pods with Istio sidecars_ and start with a fresh install of Istio v0.2.
9 |
--------------------------------------------------------------------------------
/_faq/mixer/attribute-expressions.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: What is the full set of attribute expressions Mixer supports?
3 | order: 20
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Please see the [Expression Language
9 | Reference]({{home}}/docs/reference/config/mixer/expression-language.html) for
10 | the full set of supported attribute expressions.
11 |
--------------------------------------------------------------------------------
/_faq/traffic-management/unreachable-services.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: How come some of my services are unreachable after creating route rules?
3 | order: 30
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | This is an known issue with the current Envoy sidecar implementation. After two seconds of creating the
9 | rule, services should become available.
10 |
--------------------------------------------------------------------------------
/_docs/setup/kubernetes/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Kubernetes
3 | overview: Instructions for installing the Istio control plane on Kubernetes and adding VMs into the mesh.
4 |
5 | order: 10
6 |
7 | layout: docs
8 | type: markdown
9 | redirect_from: "/docs/tasks/installing-istio.html"
10 | toc: false
11 | ---
12 |
13 | {% include section-index.html docs=site.docs %}
14 |
--------------------------------------------------------------------------------
/_glossary/service-version.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Service Version
3 | type: markdown
4 | ---
5 | Distinct variants of a [service](#service), typically backed by a different versions of a [workload](#workload) binary.
6 | Common scenarios where multiple [service versions](#service-version) may be used include A/B testing, canary rollouts, etc.
7 | Each service has a default version.
8 |
--------------------------------------------------------------------------------
/img/istio-logo.svg:
--------------------------------------------------------------------------------
1 |
2 |
9 |
--------------------------------------------------------------------------------
/_glossary/mixer-handler.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Mixer Handler
3 | type: markdown
4 | ---
5 | {% include home.html %}
6 |
7 | Handlers represent fully configured Mixer adapters. A single binary adapter can be used
8 | with different configurations, each such configuration is known as a handler. At
9 | runtime, Mixer routes [instances](#mixer-instance) to one or more handlers.
10 |
--------------------------------------------------------------------------------
/_docs/reference/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Reference
3 | overview: The Reference section contains detailed authoritative reference material such as command-line options, configuration options, and API calling parameters.
4 | index: true
5 |
6 | order: 60
7 |
8 | layout: docs
9 | type: markdown
10 | toc: false
11 | ---
12 |
13 | {% include section-index.html docs=site.docs %}
14 |
--------------------------------------------------------------------------------
/_glossary/mixer.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Mixer
3 | type: markdown
4 | ---
5 | {% include home.html %}
6 |
7 | The Istio component responsible for enforcing access control and usage policies across the [service mesh](#service-mesh) and collecting telemetry data
8 | from [Envoy](#envoy) and other services.
9 | [Learn more about Mixer]({{home}}/docs/concepts/policy-and-control/mixer.html).
10 |
--------------------------------------------------------------------------------
/_faq/security/secure-ingress.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: How to configure Istio Ingress to only accept TLS traffic?
3 | order: 130
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | By following the instructions on [Configuring secure ingress]({{home}}/docs/tasks/traffic-management/ingress.html#configuring-secure-ingress-https),
9 | Istio Ingress can be secured to only accept TLS traffic.
10 |
--------------------------------------------------------------------------------
/_faq/traffic-management/weighted-rules-not-working.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Why is creating a weighted route rule to split traffic between two versions of a service not working as expected?
3 | order: 20
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | For the current Envoy sidecar implementation, up to 100 requests may be required for the desired
9 | distribution to be observed.
10 |
--------------------------------------------------------------------------------
/_faq/general/istio-partners-and-vendors.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: How can I discover more about Partner and Vendor opportunities?
3 | order: 75
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 |
9 | If you'd like to speak to the Istio team about a potential integration
10 | and/or a partnership opportunity, please complete this [form](https://goo.gl/forms/ax2SdpC6FpVh9Th02).
11 |
12 |
13 |
--------------------------------------------------------------------------------
/_data/releases.yml:
--------------------------------------------------------------------------------
1 | - name: 0.7
2 | url: https://preliminary.istio.io
3 | - name: 0.6
4 | url: https://istio.io
5 | - name: 0.5
6 | url: https://archive.istio.io/v0.5
7 | - name: 0.4
8 | url: https://archive.istio.io/v0.4
9 | - name: 0.3
10 | url: https://archive.istio.io/v0.3
11 | - name: 0.2
12 | url: https://archive.istio.io/v0.2
13 | - name: 0.1
14 | url: https://archive.istio.io/v0.1
15 |
--------------------------------------------------------------------------------
/img/istio-logo-social.svg:
--------------------------------------------------------------------------------
1 |
2 |
9 |
--------------------------------------------------------------------------------
/_docs/setup/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Setup
3 | overview: Setup contains instructions for installing the Istio control plane in various environments (e.g., Kubernetes, Consul, etc.), as well as instructions for installing the sidecar in the application deployment.
4 |
5 | order: 15
6 |
7 | layout: docs
8 | type: markdown
9 | toc: false
10 | ---
11 |
12 | {% include section-index.html docs=site.docs %}
13 |
--------------------------------------------------------------------------------
/_faq/security/k8s-api-server.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Can I access the Kubernetes API Server with Auth enabled?
3 | order: 50
4 | type: markdown
5 | ---
6 | The Kubernetes API server does not support mutual TLS authentication, so
7 | strictly speaking: no. However, if you use version 0.3 or later, see next
8 | question to learn how to disable mTLS in upstream config on clients side so
9 | they can access API server.
10 |
--------------------------------------------------------------------------------
/_glossary/mixer-instance.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Mixer Instance
3 | type: markdown
4 | ---
5 | {% include home.html %}
6 |
7 | An instance represents a chunk of Mixer data that is produced by inspecting a
8 | a set of request [attributes](#attribute) and applying the operator-supplied configuration.
9 | Instances are delivered to individual [handlers](#mixer-handler), on their way to
10 | infrastructure backends.
11 |
--------------------------------------------------------------------------------
/_glossary/workload-id.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Workload ID
3 | type: markdown
4 | ---
5 | A unique identifier for an individual instance of a [workload](#workload).
6 | Like [workload name](#workload-name), the workload ID is not a strongly verified property and should not be used
7 | when enforcing ACLs. The workload IDs are accessible in Istio configuration as the
8 | `source.uid` and `destination.uid` [attributes](#attribute).
9 |
--------------------------------------------------------------------------------
/_sass/layouts/_community.scss:
--------------------------------------------------------------------------------
1 | .community {
2 | table, th, td {
3 | border: none;
4 | }
5 |
6 | td {
7 | line-height: 1.15em;
8 | vertical-align: middle;
9 | padding-top: 1em;
10 | padding-bottom: 1em;
11 | }
12 |
13 | td.logo {
14 | width : 65px;
15 | border: none;
16 | }
17 |
18 | td.desc {
19 | border: none;
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/_includes/faq.html:
--------------------------------------------------------------------------------
1 |
2 | {% assign faqs = site.faq | sort: "order" %}
3 | {% for q in faqs %}
4 | {% assign comp = q.path | split: '/' %}
5 | {% assign qcat = comp[1] %}
6 | {% if qcat == include.category %}
7 | {% assign name = q.path | downcase | split: '/' | last | remove: ".md" %}
8 |
9 |
16 |
--------------------------------------------------------------------------------
/_faq/general/what-deployment-environment.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: What deployment environments are supported?
3 | order: 60
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Istio is designed and built to be platform-independent. For our
9 | {{site.data.istio.version}} release, Istio supports environments running
10 | container orchestration platforms such as Kubernetes (v1.7.4 or greater)
11 | and Nomad (with Consul).
12 |
--------------------------------------------------------------------------------
/_docs/reference/config/adapters/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Adapters
3 | overview: Generated documentation for Mixer's adapters.
4 |
5 | order: 40
6 |
7 | layout: docs
8 | type: markdown
9 | toc: false
10 | ---
11 |
12 | {% include section-index.html docs=site.docs %}
13 |
14 | To implement a new adapter for Mixer, please refer to the [Adapter Developer's Guide](https://github.com/istio/istio/blob/master/mixer/doc/adapters.md).
15 |
16 |
--------------------------------------------------------------------------------
/_faq/setup/consul-app-not-working.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Consul - My application isn't working, where can I troubleshoot this?
3 | order: 40
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Please ensure all required containers are running: etcd, istio-apiserver, consul, registrator, pilot. If one of them is not running, you may find the {containerID} using `docker ps -a` and then use `docker logs {containerID}` to read the logs.
9 |
--------------------------------------------------------------------------------
/_faq/setup/eureka-app-not-working.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Eureka - My application isn't working, where can I troubleshoot this?
3 | order: 60
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Please ensure all required containers are running: etcd, istio-apiserver, consul, registrator, istio-pilot. If one of them is not running, you may find the {containerID} using `docker ps -a` and then use `docker logs {containerID}` to read the logs.
9 |
--------------------------------------------------------------------------------
/_sass/modules/_buttons.scss:
--------------------------------------------------------------------------------
1 | .btn {
2 | &.btn-istio {
3 | background-color: $secondBrandColor;
4 | color: $textBrandColor;
5 | font-weight: $buttonWeight;
6 | letter-spacing: 1px;
7 | cursor: pointer;
8 |
9 | &:hover {
10 | background-color: $mainBrandColor;
11 | }
12 |
13 | &:active {
14 | background-color: $buttonActiveColor;
15 | }
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/_faq/setup/consul-unset-context.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Consul - How do I unset the context changed by istioctl at the end?
3 | order: 50
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Your ```kubectl``` is switched to use the istio context at the end of the `istio context-create` command. You can use ```kubectl config get-contexts``` to obtain the list of contexts and ```kubectl config use-context {desired-context}``` to switch to use your desired context.
9 |
--------------------------------------------------------------------------------
/_docs/setup/cloudfoundry/install.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Installation
3 | overview: Instructions for installing the Istio control plane in Cloud Foundry.
4 |
5 | order: 10
6 |
7 | layout: docs
8 | type: markdown
9 | ---
10 |
11 | We are working with the Cloud Foundry developers to integrate Istio
12 | natively into the Cloud Foundry platform. Tune
13 | into the
14 | [Istio Developers](https://groups.google.com/forum/#!forum/istio-dev)
15 | mailing list for updates.
16 |
--------------------------------------------------------------------------------
/_faq/setup/eureka-unset-context.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Eureka - How do I unset the context changed by `istioctl` at the end?
3 | order: 70
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Your ```kubectl``` is switched to use the istio context at the end of the `istio context-create` command. You can use ```kubectl config get-contexts``` to obtain the list of contexts and ```kubectl config use-context {desired-context}``` to switch to use your desired context.
9 |
--------------------------------------------------------------------------------
/img/istio-logo-blue-background.svg:
--------------------------------------------------------------------------------
1 |
2 |
10 |
--------------------------------------------------------------------------------
/browserconfig.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 | #466BB0
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/_glossary/service.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Service
3 | type: markdown
4 | ---
5 | A delineated group of related behaviors within a [service mesh](#service-mesh). Services are identified using a
6 | [service name](#service-name),
7 | and Istio policies such as load balancing and routing are applied using these names.
8 | A service is typically materialized by one or more [service endpoints](#service-endpoint), and may consist of multiple
9 | [service versions](#service-version).
10 |
--------------------------------------------------------------------------------
/_sass/layouts/_notfound.scss:
--------------------------------------------------------------------------------
1 | .notfound {
2 | text-align: center;
3 |
4 | .icon {
5 | margin-top: 9rem;
6 | img {
7 | height: 12rem;
8 | }
9 | }
10 |
11 | .error {
12 | padding: 2rem 0 0 0;
13 | font-weight: 70%;
14 | font-size: 200%;
15 | }
16 |
17 | .explanation {
18 | padding: 2rem 0 9rem 0;
19 | font-weight: $textWeight;
20 | font-size: 100%;
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/_docs/concepts/concept.md.template:
--------------------------------------------------------------------------------
1 | // Before use, remove this line and uncomment the next line
2 | // ---
3 | title: My Concept
4 | overview: My overview
5 |
6 | order: 42
7 |
8 | layout: docs
9 | type: markdown
10 | ---
11 |
12 | Provide a simple one sentence overview of this page's content.
13 |
14 | ##
15 |
16 |
17 |
18 | ## What's next
19 |
20 | It's good to close with a 'what's next' section to point people to
21 | other related material.
22 |
--------------------------------------------------------------------------------
/_glossary/workload-name.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Workload Name
3 | type: markdown
4 | ---
5 | A unique name for a [workload](#workload), identifying it within the [service mesh](#service-mesh).
6 | Unlike the [service name](#service-name) and the [workload principal], the workload name is not a
7 | strongly verified property and should not be used when enforcing ACLs.
8 | The workload names is accessible in Istio configuration as the `source.name` and `destination.name`
9 | [attributes](#attribute).
10 |
--------------------------------------------------------------------------------
/_glossary/workload.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Workload
3 | type: markdown
4 | ---
5 | A process/binary deployed by operators in Istio, typically represented by entities such as containers, pods, or VMs.
6 | * A workload can expose zero or more [service endpoints](#service-endpoint).
7 | * A workload can consume zero or more [services](#service).
8 | * Each workload has a single canonical [service name](#service-name) associated with it, but
9 | may also represent additional service names.
10 |
--------------------------------------------------------------------------------
/_glossary/service-name.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Service Name
3 | type: markdown
4 | ---
5 | A unique name for a [service](#service), identifying it within the [service mesh](#service-mesh).
6 | A service may not be renamed and maintain its identity, each service name is unique.
7 | A service may have multiple [versions](#service-version), but a service name is version-independent.
8 | * Service names are accessible in Istio configuration as the `source.service` and `destination.service` [attributes](#attribute).
9 |
--------------------------------------------------------------------------------
/img/istio-logo-social-blue-background.svg:
--------------------------------------------------------------------------------
1 |
2 |
10 |
--------------------------------------------------------------------------------
/_docs/reference/reference.md.template:
--------------------------------------------------------------------------------
1 | // Before use, remove this line and uncomment the next line
2 | // ---
3 | title: My Component
4 | overview: My overview
5 |
6 | order: 42
7 |
8 | layout: docs
9 | type: markdown
10 | ---
11 |
12 | Provide a simple one sentence overview of this page's content.
13 |
14 | ##
15 |
16 |
17 |
18 | ## See also
19 |
20 | It's good to close with pointers back to the concepts or tasks
21 | that relate to this reference material.
22 |
--------------------------------------------------------------------------------
/_docs/setup/mesos/install.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Installation
3 | overview: Instructions for installing the Istio control plane in Apache Mesos.
4 |
5 | order: 10
6 |
7 | layout: docs
8 | type: markdown
9 | ---
10 | {% include home.html %}
11 |
12 | Native support for Istio is currently unavailable in Mesos. However, you
13 | might be able to leverage our Consul integration to run an Istio Mesh on
14 | Mesos along with Consul. Refer to the
15 | [Consul installation]({{home}}/docs/setup/consul/install.html) for more details.
16 |
--------------------------------------------------------------------------------
/_help/glossary.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Glossary
3 | overview: A glossary of common Istio terms.
4 |
5 | order: 30
6 |
7 | layout: help
8 | type: markdown
9 | redirect_from:
10 | - "/glossary"
11 | - "/docs/welcome/glossary.html"
12 | toc: false
13 | ---
14 | Common Istio words and phrases. Please [let us know](https://github.com/istio/istio.github.io/issues/new?title=Missing%20Glossary%20Entry) if you
15 | came here looking for a definition and didn't find it.
16 |
17 | {% include glossary.html glossary=site.glossary %}
18 |
--------------------------------------------------------------------------------
/404.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Page Not Found
3 | overview: Page redirection
4 |
5 | order: 0
6 |
7 | layout: notfound
8 | type: markdown
9 | ---
10 | {% include home.html %}
11 |
12 |
13 |
14 |
15 |
16 |
17 | We're sorry, the page you requested cannot be found
18 |
19 |
20 |
21 | The URL may be misspelled or the page you're looking for is no longer available
22 |
23 |
--------------------------------------------------------------------------------
/manifest.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Istio Service Mesh",
3 | "short_name": "Istio",
4 | "icons": [
5 | {
6 | "src": "favicons/pwa-192x192.png",
7 | "sizes": "192x192",
8 | "type": "image/png"
9 | },
10 |
11 | {
12 | "src": "favicons/pwa-512x512.png",
13 | "sizes": "512x512",
14 | "type": "image/png"
15 | }
16 | ],
17 | "theme_color": "#466BB0",
18 | "background_color": "#ffffff",
19 | "display": "standalone"
20 | }
--------------------------------------------------------------------------------
/_docs/setup/cloudfoundry/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Cloud Foundry
3 | overview: Instructions for installing the Istio control plane in Cloud Foundry.
4 |
5 | order: 40
6 |
7 | layout: docs
8 | type: markdown
9 | toc: false
10 | ---
11 |
12 | {% include section-index.html docs=site.docs %}
13 |
14 | We are working with the Cloud Foundry developers to integrate Istio
15 | natively into the Cloud Foundry platform. Tune
16 | into the
17 | [Istio Developers](https://groups.google.com/forum/#!forum/istio-dev)
18 | mailing list for updates.
19 |
--------------------------------------------------------------------------------
/_faq/general/how-do-i-get-started.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: How do I get started using Istio?
3 | order: 30
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | We recommend starting with the [Guides]({{home}}/docs/guides/), which walks
9 | through different core Istio concepts in a tutorial style. The guides show
10 | case intelligent routing, policy enforcement, security, telemetry, etc.
11 |
12 | To start using Istio on your existing Kubernetes or Consul deployment, please refer to our [Installation]({{home}}/docs/setup/) task guide.
13 |
--------------------------------------------------------------------------------
/_blog/index.html:
--------------------------------------------------------------------------------
1 | ---
2 | title: Istio Blog
3 | overview: The Istio blog
4 | layout: compress
5 | ---
6 | {% include latest_blog_post.html %}
7 |
8 |
9 |
10 |
11 | Redirecting…
12 |
13 |
14 |
Redirecting…
15 | Click here if you are not redirected.
16 |
17 |
18 |
--------------------------------------------------------------------------------
/img/rss.svg:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/_glossary/adapters.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Adapters
3 | type: markdown
4 | ---
5 | {% include home.html %}
6 |
7 | Adapters are plug-ins to Mixer to enable Mixer to interface with an open-ended
8 | set of infrastructure backends that deliver core functionality, such as logging,
9 | monitoring, quotas, ACL checking, and more.
10 | The exact set of adapters used at runtime is determined through configuration and can easily be
11 | extended to target new or custom infrastructure backends.
12 |
13 | [Learn more about adapters]({{home}}/docs/concepts/policy-and-control/mixer.html#adapters).
--------------------------------------------------------------------------------
/search.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Search Results
3 | layout: search-results
4 | ---
5 |
6 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/_faq/setup/k8s-sidecar-injection-not-working.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Kubernetes - How can I debug problems with automatic sidecar injection?
3 | order: 20
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Ensure that your cluster has met the
9 | [prerequisites]({{home}}/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection) for
10 | the automatic sidecar injection. If your microservice is deployed in
11 | kube-system, kube-public or istio-system namespaces, they are exempted
12 | from automatic sidecar injection. Please use a different namespace
13 | instead.
14 |
--------------------------------------------------------------------------------
/_help/bugs.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Reporting Bugs
3 | overview: What to do about bugs
4 |
5 | order: 35
6 |
7 | layout: help
8 | type: markdown
9 | redirect_from: /bugs
10 | toc: false
11 | ---
12 | {% include home.html %}
13 |
14 | Oh no! You found a bug?
15 |
16 | Search our [issue database](https://github.com/istio/issues/issues/) to see if we already know about
17 | your problem and learn about when
18 | we think we can fix it. If you don't find your problem in the database, please open a [new issue](https://github.com/istio/issues/issues/new)
19 | and let us know what's
20 | going on.
21 |
--------------------------------------------------------------------------------
/_glossary/workload-principal.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Workload Principal
3 | type: markdown
4 | ---
5 | Identifies the verifiable authority under which a [workload](#workload) runs.
6 | Istio's service-to-service authentication is used to produce the workload principal.
7 | By default workload principals are compliant with the SPIFFE ID format.
8 | * Multiple [workloads](#workload) may share the same workload principal, but each workload has a single canonical workload
9 | principal
10 | * Workload principals are accessible in Istio configuration as the `source.user` and `destination.user` [attributes](#attribute).
11 |
--------------------------------------------------------------------------------
/_docs/tasks/task.md.template:
--------------------------------------------------------------------------------
1 | // Before use, remove this line and uncomment the next line
2 | // ---
3 | title: My Task
4 | overview: My overview
5 |
6 | order: 42
7 |
8 | layout: docs
9 | type: markdown
10 | ---
11 |
12 | Provide a simple one sentence overview of this page's content.
13 |
14 | ## Before you begin
15 |
16 | List action prerequisites and knowledge prerequisites.
17 |
18 | ##
19 |
20 |
21 |
22 | ## Cleaning up
23 |
24 | List any clean up actions needed after the task is complete.
25 |
26 | ## What's next
27 |
28 | It's good to close with a 'what's next' section to point people to
29 | other related material.
30 |
--------------------------------------------------------------------------------
/_docs/setup/setup.md.template:
--------------------------------------------------------------------------------
1 | // Before use, remove this line and uncomment the next line
2 | // ---
3 | title: My Setup Topic
4 | overview: My overview
5 |
6 | order: 42
7 |
8 | layout: docs
9 | type: markdown
10 | ---
11 |
12 | Provide a simple one sentence overview of this page's content.
13 |
14 | ## Before you begin
15 |
16 | List action prerequisites and knowledge prerequisites.
17 |
18 | ##
19 |
20 |
21 |
22 | ## Cleaning up
23 |
24 | List any clean up actions needed after setup is complete.
25 |
26 | ## What's next
27 |
28 | It's good to close with a 'what's next' section to point people to
29 | other related material.
30 |
--------------------------------------------------------------------------------
/_faq/security/auth-mix-and-match.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Can I enable Istio Auth with some services while disable others in the same cluster?
3 | order: 30
4 | type: markdown
5 | ---
6 | Starting with release 0.3, you can use service-level annotations to disable (or enable) Istio Auth for particular service-port.
7 | The annotation key should be `auth.istio.io/{port_number}`, and the value should be `NONE` (to disable), or `MUTUAL_TLS` (to enable).
8 |
9 | Example: disable Istio Auth on port 9080 for service `details`.
10 |
11 | ```yaml
12 | kind: Service
13 | metadata:
14 | name: details
15 | labels:
16 | app: details
17 | annotations:
18 | auth.istio.io/9080: NONE
19 | ```
20 |
--------------------------------------------------------------------------------
/_sass/layouts/_blog.scss:
--------------------------------------------------------------------------------
1 | .blog {
2 | h1 {
3 | margin-bottom: 0;
4 | }
5 |
6 | .subtitle {
7 | margin-top: .15rem;
8 | margin-bottom: 0;
9 | padding: 0 0 0 0;
10 | font-size: 125%;
11 | }
12 |
13 | .byline {
14 | margin-top: .15rem;
15 | margin-bottom: 2rem;
16 | padding: 0;
17 | text-transform: uppercase;
18 | font-size: 75%;
19 | }
20 |
21 | .attribution {
22 | font-weight: $blogAttributeWeight;
23 | }
24 |
25 | .publish_date {
26 | }
27 |
28 | .rssLink {
29 | position: absolute;
30 | top: 10px;
31 | right: 0;
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/_glossary/attribute.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Attribute
3 | type: markdown
4 | ---
5 | {% include home.html %}
6 |
7 | Attributes control the runtime behavior of services running in the mesh.
8 | Attributes are named and typed pieces of metadata describing ingress and egress traffic and the
9 | environment this traffic occurs in. An Istio attribute carries a specific piece
10 | of information such as the error code of an API request, the latency of an API request, or the
11 | original IP address of a TCP connection. For example:
12 |
13 | ```yaml
14 | request.path: xyz/abc
15 | request.size: 234
16 | request.time: 12:34:56.789 04/17/2017
17 | source.ip: 192.168.0.1
18 | destination.service: example
19 | ```
20 |
--------------------------------------------------------------------------------
/_sass/modules/_section-index.scss:
--------------------------------------------------------------------------------
1 | .section-index {
2 |
3 | li.directory {
4 | margin: 0;
5 | padding: 0;
6 | margin-top: 15px;
7 | margin-left: 0;
8 | }
9 |
10 | li.file {
11 | margin: 0;
12 | padding: 0;
13 | margin-top: 10px;
14 | }
15 |
16 | a {
17 | font-weight: $sectionIndexLinkWeight;
18 | }
19 |
20 | ul {
21 | list-style: disc;
22 |
23 | >li>ul {
24 | list-style: circle;
25 |
26 | >li>ul {
27 | list-style: square;
28 |
29 | >li>ul {
30 | list-style: disc;
31 | }
32 | }
33 | }
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/_sass/modules/_figure.scss:
--------------------------------------------------------------------------------
1 | .figure {
2 | margin: 1.5rem auto;
3 | display: block;
4 | padding: .5rem .5rem 0 .5rem;
5 | background-color: $figureBackgroundColor;
6 | border-radius: 4px 4px 4px 4px;
7 |
8 | p {
9 | text-align: center;
10 | font-size: $font-size--s;
11 | font-style: italic;
12 | font-weight: $figureCaptionWeight;
13 | color: $figureCaptionColor;
14 | }
15 |
16 | .wrapper-with-intrinsic-ratio {
17 | position: relative;
18 | height: 0;
19 | }
20 |
21 | .element-to-stretch {
22 | position: absolute;
23 | top: 0;
24 | left: 0;
25 | width: 100%;
26 | height: 100%;
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/img/stackoverflow.svg:
--------------------------------------------------------------------------------
1 |
2 |
12 |
--------------------------------------------------------------------------------
/_docs/guides/using-external-services.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Integrating with External Services
3 | overview: This sample integrates third party services with Bookinfo and demonstrates how to use Istio service mesh to provide metrics, and routing functions for these services.
4 |
5 | order: 50
6 | draft: true
7 | layout: docs
8 | type: markdown
9 | ---
10 | {% include home.html %}
11 |
12 | This sample integrates third party services with Bookinfo and demonstrates how to use Istio service mesh to provide metrics, and routing functions for these services.
13 |
14 | ## Overview
15 |
16 | Placeholder.
17 |
18 | ## Application Setup
19 |
20 | 1. Steps
21 |
22 | ## Tasks
23 |
24 | 1. some tasks that will complete the goal of this sample.
25 |
--------------------------------------------------------------------------------
/_faq/general/how-do-i-contribute.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: How can I contribute?
3 | order: 70
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Contributions are highly welcome. We look forward to community feedback, additions, and bug reports.
9 |
10 | The code repositories are hosted on [GitHub](https://github.com/istio). Please see our[Contribution Guidelines](https://github.com/istio/community/blob/master/CONTRIBUTING.md) to learn how to contribute.
11 |
12 | In addition to the code, there are other ways to contribute to the Istio [community]({{home}}/community.html), including on
13 | [Stack Overflow](https://stackoverflow.com/questions/tagged/istio), and the [mailing list](https://groups.google.com/forum/#!forum/istio-users).
14 |
--------------------------------------------------------------------------------
/_faq/security/secret-encryption.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Is the secret encrypted for workload key and cert?
3 | order: 125
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | By default, they are base64 encoded but not encrypted. However, the [secret encryption feature](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/) is supported in Kubernetes and you can do it by following the instruction.
9 |
10 | Notice that this feature is not enabled yet in Google Container Enginer (GKE). While the data may not be encrypted inside the etcd running on the master node, the contents of the master node itself are encrypted, see [here](https://cloud.google.com/security/encryption-at-rest/default-encryption/#encryption_of_data_at_rest) for more info.
11 |
--------------------------------------------------------------------------------
/_about/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: About Istio
3 | overview: All about Istio.
4 |
5 | order: 15
6 |
7 | layout: about
8 | type: markdown
9 | toc: false
10 | ---
11 | {% include home.html %}
12 |
13 | Get a bit more in-depth info about the Istio project.
14 |
15 | - [What is Istio?]({{home}}/about/intro.html). Get some context about what problems Istio is designed to solve.
16 |
17 | - [Release Notes]({{home}}/about/notes/). Learn about the latest features, improvements, and bug fixes.
18 |
19 | - [Feature Status]({{home}}/about/feature-stages.html). Get a detailed list of Istio's individual features and their relative
20 | maturity and support level.
21 |
22 | - [Contributing to the Docs]({{home}}/about/contribute/). Learn how you can help contribute to improve Istio's documentation.
23 |
--------------------------------------------------------------------------------
/_sass/base/_constants.scss:
--------------------------------------------------------------------------------
1 | // Font
2 | $font-size--primary : 1rem;
3 | $font-size--xxs : .8rem;
4 | $font-size--xs : 1rem;
5 | $font-size--s : 1.15rem;
6 | $font-size--m : 1.65rem;
7 | $font-size--l : 1.85rem;
8 | $font-size--xl : 2rem;
9 | $font-size--xxl : 2.5rem;
10 |
11 | // Responsive breakpoints, corresponds to the BootStrap V4 ones
12 | $bp-xs: 0;
13 | $bp-sm: 576px;
14 | $bp-md: 768px;
15 | $bp-lg: 992px;
16 | $bp-xl: 1200px;
17 |
18 | // Vertical breakpoints, I made these up...
19 | $bp-xs-v: 0;
20 | $bp-sm-v: 200px;
21 | $bp-md-v: 500px;
22 | $bp-lg-v: 768px;
23 | $bp-xl-v: 1024px;
24 |
25 | // Embellishments
26 | $headerHeight: 3.7rem;
27 | $footerHeight: 20rem;
28 | $footerHeight-xs: 7rem;
29 |
--------------------------------------------------------------------------------
/_about/contribute/editing.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Editing Docs
3 | overview: Lets you start editing this site's documentation.
4 |
5 | order: 10
6 |
7 | layout: about
8 | type: markdown
9 | redirect_from: /docs/welcome/contribute/editing.html
10 | ---
11 |
12 | Click the button below to visit the GitHub repository for this whole web site. You can then click the
13 | **Fork** button in the upper-right area of the screen to
14 | create a copy of our site in your GitHub account called a _fork_. Make any changes you want in your fork, and when you
15 | are ready to send those changes to us, go to the index page for your fork and click **New Pull Request** to let us know about it.
16 |
17 | Browse this site's source code
18 |
--------------------------------------------------------------------------------
/_includes/latest_blog_post.html:
--------------------------------------------------------------------------------
1 | {% comment %}
2 | Assigns the latest_blog_post variable the URL of the latest blog post on the site
3 | {% endcomment %}
4 |
5 | {% include home.html %}
6 | {% assign latest_year = "0" %}
7 |
8 | {% assign sorted = site.blog | sort: "order" %}
9 | {% for d in sorted %}
10 | {% if d.draft == true %}
11 | {% continue %}
12 | {% endif %}
13 |
14 | {% assign path_components = d.path | downcase | split: '/' %}
15 | {% assign last = path_components | last %}
16 | {% if last == "index.html" or last == "index.md" %}
17 | {% continue %}
18 | {% endif %}
19 |
20 | {% assign year = path_components[1] %}
21 | {% if year > latest_year %}
22 | {% assign latest_year = year %}
23 | {% assign latest_blog_post = home | append: d.url %}
24 | {% endif %}
25 | {% endfor %}
26 |
--------------------------------------------------------------------------------
/css/dark_theme.scss:
--------------------------------------------------------------------------------
1 | ---
2 | ---
3 |
4 | {% if site.data.istio.archive %}
5 | @import "base/brand_colors_archive";
6 | {% elsif site.data.istio.preliminary %}
7 | @import "base/brand_colors_preliminary";
8 | {% else %}
9 | @import "base/brand_colors_normal";
10 | {% endif %}
11 |
12 | @import "themes/dark";
13 | @import "themes/dark_syntax";
14 |
15 | @import "base/constants";
16 | @import "base/common";
17 |
18 | @import "modules/header";
19 | @import "modules/footer";
20 | @import "modules/sidebar";
21 | @import "modules/toc";
22 | @import "modules/figure";
23 | @import "modules/faq";
24 | @import "modules/glossary";
25 | @import "modules/section-index";
26 | @import "modules/buttons";
27 |
28 | @import "layouts/notfound";
29 | @import "layouts/blog";
30 | @import "layouts/community";
31 | @import "layouts/landing";
32 |
--------------------------------------------------------------------------------
/_faq/general/where-is-the-documentation.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Where is the documentation?
3 | order: 80
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Check out the [documentation]({{home}}/docs/) right here on istio.io. The docs include
9 | [concept overviews]({{home}}/docs/concepts/),
10 | [task guides]({{home}}/docs/tasks/),
11 | [guides]({{home}}/docs/guides/),
12 | and the [complete reference documentation]({{home}}/docs/reference/).
13 |
14 | Detailed developer-level documentation is maintained for each component in GitHub, alongside the code. Please visit each repository for those docs:
15 |
16 | * [Envoy](https://envoyproxy.github.io/envoy/)
17 |
18 | * [Pilot](https://github.com/istio/istio/tree/master/pilot/doc)
19 |
20 | * [Mixer](https://github.com/istio/istio/tree/master/mixer/doc)
21 |
22 |
--------------------------------------------------------------------------------
/_faq/security/use-k8s-secrets.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Does Istio Auth use Kubernetes secrets?
3 | order: 120
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Yes. The key and certificate distribution in Istio Auth is based on [Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret/).
9 |
10 | Secrets have known [security risks](https://kubernetes.io/docs/concepts/configuration/secret/#risks). The kubernetes team is working on [several features](https://docs.google.com/document/d/1T2y-9geg9EfHHtCDYTXptCa-F4kQ0RyiH-c_M1SyD0s) to improve
11 | Kubernetes secret security, from secret encryption to node-level access control. And as of version 1.6, Kubernetes introduces
12 | [RBAC authorization](https://kubernetes.io/docs/admin/authorization/rbac/), which can provide fine-grained secrets management.
13 |
--------------------------------------------------------------------------------
/css/light_theme.scss:
--------------------------------------------------------------------------------
1 | ---
2 | ---
3 |
4 | {% if site.data.istio.archive %}
5 | @import "base/brand_colors_archive";
6 | {% elsif site.data.istio.preliminary %}
7 | @import "base/brand_colors_preliminary";
8 | {% else %}
9 | @import "base/brand_colors_normal";
10 | {% endif %}
11 |
12 | @import "themes/light";
13 | @import "themes/light_syntax";
14 |
15 | @import "base/constants";
16 | @import "base/common";
17 |
18 | @import "modules/header";
19 | @import "modules/footer";
20 | @import "modules/sidebar";
21 | @import "modules/toc";
22 | @import "modules/figure";
23 | @import "modules/faq";
24 | @import "modules/glossary";
25 | @import "modules/section-index";
26 | @import "modules/buttons";
27 |
28 | @import "layouts/notfound";
29 | @import "layouts/blog";
30 | @import "layouts/community";
31 | @import "layouts/landing";
32 |
--------------------------------------------------------------------------------
/_help/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Help!
3 | overview: A bunch of resources to help you deploy, configure and use Istio.
4 |
5 | order: 10
6 |
7 | layout: help
8 | type: markdown
9 | toc: false
10 | ---
11 | {% include home.html %}
12 |
13 | Here are some resources to help you deploy, configure and use Istio.
14 |
15 | - [Frequently Asked Questions]({{home}}/help/faq/). You ask 'em, we'll answer 'em.
16 |
17 | - [Glossary]({{home}}/help/glossary.html). A glossary of common Istio terms.
18 |
19 | - [Reporting Bugs]({{home}}/help/bugs.html). What to do when you find a bug.
20 |
21 | - [Troubleshooting Guide]({{home}}/help/troubleshooting.html). Practical advice on practical problems with Istio.
22 |
23 | And don't forget our vibrant [community]({{home}}/community.html) that's always ready to lend a hand
24 | with thorny problems.
25 |
--------------------------------------------------------------------------------
/_faq/general/why-use-istio.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Why would I want to use Istio?
3 | order: 20
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Traditionally, much of the logic handled by Istio has been built directly into applications. Across a fleet of services, managing updates to this communications logic can be a large burden. Istio provides an infrastructure-level solution to managing service communications.
9 |
10 | *Application developers*: With Istio managing how traffic flows across their services, developers can focus exclusively on business logic and iterate quickly on new features.
11 |
12 | *Service operators*: Istio enables policy enforcement and mesh monitoring from a single centralized control point, independent of application evolution. As a result, operators can ensure continuous policy compliance through a simplified management plane.
13 |
--------------------------------------------------------------------------------
/_docs/guides/security.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Security
3 | overview: This sample demonstrates how to obtain uniform metrics, logs, traces across different services using Istio Mixer and Istio sidecar.
4 |
5 | order: 30
6 | draft: true
7 | layout: docs
8 | type: markdown
9 | ---
10 | {% include home.html %}
11 |
12 | This sample demonstrates how to obtain uniform metrics, logs, traces across different services using Istio Mixer and Istio sidecar.
13 |
14 | ## Overview
15 |
16 | Placeholder.
17 |
18 | ## Before you begin
19 | * Describe installation options.
20 |
21 | * Install Istio control plane in a Kubernetes cluster by following the quick start instructions in the
22 | [Installation guide]({{home}}/docs/setup/kubernetes/quick-start.html).
23 |
24 | ## Application Setup
25 |
26 | 1. Steps
27 |
28 | ## Tasks
29 |
30 | 1. some tasks that will complete the goal of this sample.
31 |
--------------------------------------------------------------------------------
/_faq/security/enabling-disabling-mtls.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: How can I enable/disable mTLS encryption after I installed Istio?
3 | order: 10
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | The most straightforward way to enable/disable mTLS is by entirely
9 | uninstalling and re-installing Istio.
10 |
11 | If you are an advanced user and understand the risks you can also do the following:
12 |
13 | ```bash
14 | kubectl edit configmap -n istio-system istio
15 | ```
16 |
17 | comment out or uncomment out `authPolicy: MUTUAL_TLS` to toggle mTLS and then
18 |
19 | ```bash
20 | kubectl delete pods -n istio-system -l istio=pilot
21 | ```
22 |
23 | to restart Pilot, after a few seconds (depending on your `*RefreshDelay`) your
24 | Envoy proxies will have picked up the change from Pilot. During that time your
25 | services may be unavailable.
26 |
27 | We are working on a smoother solution.
28 |
--------------------------------------------------------------------------------
/_faq/security/k8s-health-checks.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: How can I use Kubernetes liveness and readiness for service health check with Istio Auth enabled?
3 | order: 40
4 | type: markdown
5 | ---
6 | If Istio Auth is enabled, http and tcp health check from kubelet will not
7 | work since they do not have Istio Auth issued certs. A workaround is to
8 | use a [liveness command](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#define-a-liveness-command)
9 | for health check, e.g., one can install curl in the service pod and curl itself
10 | within the pod. The Istio team is actively working on a solution.
11 |
12 | An example of readinessProbe:
13 |
14 | ```yaml
15 | livenessProbe:
16 | exec:
17 | command:
18 | - curl
19 | - -f
20 | - http://localhost:8080/healthz # Replace port and URI by your actual health check
21 | initialDelaySeconds: 10
22 | periodSeconds: 5
23 | ```
24 |
--------------------------------------------------------------------------------
/_about/notes/0.7.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Istio 0.7
3 |
4 | order: 94
5 |
6 | layout: about
7 | type: markdown
8 | ---
9 | {% include home.html %}
10 |
11 | For this release, we focused on improving our build and test infrastructures and increasing the
12 | quality of our tests. As a result, there are no new features for this month.
13 |
14 | However, this release does include a large number of bug fixes and performance improvements.
15 | Of particular interest, our [helm charts](https://istio.io/docs/setup/kubernetes/helm.html)
16 | have received a lot of attention and should now work reliably.
17 |
18 | Please note that this release includes preliminary support for the new v1alpha3 traffic management
19 | functionality. This functionality is still in a great deal of flux and there may be some breaking
20 | changes in 0.8. So if you feel like exploring, please go right ahead, but expect that this may
21 | change in 0.8 and beyond.
22 |
--------------------------------------------------------------------------------
/_docs/reference/config/template/checknothing.html:
--------------------------------------------------------------------------------
1 | ---
2 | title: Check Nothing
3 | overview: A template that carries no data, useful for testing.
4 | location: https://istio.io/docs/reference/config/template/checknothing.html
5 | layout: protoc-gen-docs
6 | number_of_entries: 1
7 | ---
8 |
The checknothing template represents an empty block of data, which can useful
9 | in different testing scenarios.
10 |
11 |
Template
12 |
13 |
CheckNothing represents an empty block of data that is used for Check-capable
14 | adapters which don’t require any parameters. This is primarily intended for testing
15 | scenarios.
The reportnothing template represents an empty block of data, which can useful
9 | in different testing scenarios.
10 |
11 |
Template
12 |
13 |
ReportNothing represents an empty block of data that is used for Report-capable
14 | adapters which don’t require any parameters. This is primarily intended for testing
15 | scenarios.
26 |
27 |
28 |
--------------------------------------------------------------------------------
/_docs/guides/policy-enforcement.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Policy Enforcement
3 | overview: This sample uses the Bookinfo application to demonstrate policy enforcement using Istio Mixer.
4 |
5 | order: 40
6 | draft: true
7 | layout: docs
8 | type: markdown
9 | ---
10 | {% include home.html %}
11 |
12 | This sample uses the Bookinfo application to demonstrate policy enforcement using Istio Mixer.
13 |
14 | ## Overview
15 |
16 | Provide a high level overview of what users can expect to learn, why these
17 | features are important, and so on. This is not a task, but a feature of
18 | Istio.
19 |
20 | ## Before you begin
21 | * Describe installation options.
22 |
23 | * Install Istio control plane in a Kubernetes cluster by following the quick start instructions in the
24 | [Installation guide]({{home}}/docs/setup/kubernetes/quick-start.html).
25 |
26 | ## Application Setup
27 |
28 | 1. Steps
29 |
30 | ## Tasks
31 |
32 | 1. some tasks that will complete the goal of this sample.
33 |
--------------------------------------------------------------------------------
/Rakefile:
--------------------------------------------------------------------------------
1 | require 'html-proofer'
2 |
3 | task :test do
4 | sh "rm -fr _rakesite"
5 | sh "mkdir _rakesite"
6 | sh "bundle exec jekyll build --config _config.yml,_rake_config_override.yml"
7 | typhoeus_configuration = {
8 | :timeout => 30,
9 | # :verbose => true
10 | }
11 | options = { :check_html => true,
12 | # :validation => { :report_missing_names => true, :report_invalid_tags => true },
13 | :cache => { :timeframe => '2d'},
14 | :enforce_https => false, # we should turn this on eventually
15 | :directory_index_file => "index.html",
16 | :check_external_hash => false,
17 | :assume_extension => true,
18 | # :log_level => :debug,
19 | :url_ignore => [/localhost|github\.com\/istio\/istio\.github\.io\/edit\/master\//],
20 | :typhoeus => typhoeus_configuration,
21 | }
22 | HTMLProofer.check_directory("./_rakesite", options).run
23 | end
24 |
--------------------------------------------------------------------------------
/_docs/guides/guide.md.template:
--------------------------------------------------------------------------------
1 | // Before use, remove this line and uncomment the next line
2 | // ---
3 | title: My Guide
4 | overview: Provide a simple one sentence overview of this guide's content
5 |
6 | order: 42
7 |
8 | layout: docs
9 | type: markdown
10 | ---
11 |
12 | Provide a simple one sentence overview of this guides's content.
13 |
14 | ## Overview
15 |
16 | Provide a high level overview of what users can expect to learn, why these
17 | features are important, and so on. This is not a task, but a feature of
18 | Istio.
19 |
20 | ## Before you begin
21 |
22 | List action prerequisites and knowledge prerequisites.
23 |
24 | ## Application Setup
25 |
26 | 1. Steps to setup the application
27 |
28 | ## Tasks
29 |
30 | 1. some tasks that will complete the goal of this sample.
31 |
32 | ##
33 |
34 |
35 |
36 | ## Cleanup
37 |
38 | placeholder
39 |
40 | ## Further reading
41 |
42 | It's good to close with a 'what's next' section to point people to
43 | other related material.
44 |
--------------------------------------------------------------------------------
/_faq/security/accessing-control-services.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: How to disable Auth on clients to access the Kubernetes API Server (or any control services that don't have Istio sidecar)?
3 | order: 60
4 | type: markdown
5 | ---
6 |
7 | Starting with release 0.3, edit the `mtlsExcludedServices` list in Istio config
8 | map to contain the fully-qualified name of the API server (and any other
9 | control services for that matter). The default value of `mtlsExcludedServices`
10 | already contains `kubernetes.default.svc.cluster.local`, which is the default
11 | service name of the Kubernetes API server.
12 |
13 | For a quick reference, here are commands to edit Istio configmap and to restart pilot.
14 | ```bash
15 | kubectl edit configmap -n istio-system istio
16 | kubectl delete pods -n istio-system -l istio=pilot
17 | ```
18 |
19 | > Note: DO NOT use this approach to disable mTLS for services that are managed
20 | by Istio (i.e. using Istio sidecar). Instead, use service-level annotations
21 | to overwrite the authentication policy (see above).
22 |
--------------------------------------------------------------------------------
/_sass/modules/_glossary.scss:
--------------------------------------------------------------------------------
1 | .glossary {
2 | .trampolines {
3 | font-size: $font-size--l;
4 | text-align: center;
5 | padding-top: .8rem;
6 | }
7 |
8 | .entries {
9 | h4 {
10 | font-size: $font-size--m;
11 | font-weight: $glossaryHeaderWeight;
12 | border-bottom: 1px solid;
13 | color: $glossaryHeaderColor;
14 | border-color: $glossaryHeaderColor;
15 | margin-top: 2.2rem;
16 | margin-bottom: .15rem;
17 | }
18 |
19 | dl {
20 | margin-left: 0;
21 |
22 | dt {
23 | font-weight: $glossaryWordWeight;
24 | list-style-type: none;
25 | margin-bottom: 0;
26 | margin-top: .8rem;
27 | margin-left: 0;
28 | }
29 |
30 | dd {
31 | list-style-type: none;
32 | margin-left: 2rem;
33 | margin-top: 0;
34 | line-height: 130%;
35 | }
36 | }
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/_faq/setup/k8s-checking-cluster-alpha-features.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Kubernetes - How do I check if my cluster has enabled the alpha features required for automatic sidecar injection?
3 | order: 10
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Automatic sidecar injection requires the
9 | [initializer alpha feature](https://kubernetes.io/docs/admin/extensible-admission-controllers/#enable-initializers-alpha-feature).
10 | Run the following command to check if the initializer has been enabled
11 | (empty output indicates that initializers are not enabled):
12 |
13 | ```bash
14 | kubectl api-versions | grep admissionregistration
15 | ```
16 |
17 | In addition, the Kubernetes API server must be started with the Initializer plugin [enabled](https://kubernetes.io/docs/admin/extensible-admission-controllers/#enable-initializers-alpha-feature). Failure to enable the `Initializer` plugin will result in the following error when trying to create the initializer deployment.
18 |
19 | > The Deployment "istio-initializer" is invalid: metadata.initializers.pending: Invalid value: "null": must be non-empty when result is not set
20 |
--------------------------------------------------------------------------------
/_faq/general/what-is-istio.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: What is Istio?
3 | order: 10
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection.
9 |
10 | *Open*: Istio is being developed and maintained as open-source software. We encourage contributions and feedback from the community at-large.
11 |
12 | *Platform-independent*: Istio is not targeted at any specific deployment environment. During the initial stages of development, Istio will support
13 | Kubernetes-based deployments. However, Istio is being built to enable rapid and easy adaptation to other environments.
14 |
15 | *Service mesh*: Istio is designed to manage communications between microservices and applications. Without requiring changes to the underlying services, Istio provides automated baseline traffic resilience, service metrics collection, distributed tracing, traffic encryption, protocol upgrades, and advanced routing functionality for all service-to-service communication.
16 |
17 | For more detail, please see: [What is Istio?]({{home}}/docs/concepts/what-is-istio/)
18 |
--------------------------------------------------------------------------------
/_about/notes/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Release Notes
3 | overview: Description of features and improvements for every Istio release.
4 |
5 | order: 5
6 |
7 | layout: about
8 | type: markdown
9 | redirect_from:
10 | - "/docs/reference/release-notes.html"
11 | - "/release-notes"
12 | - "/docs/welcome/notes/index.html"
13 | - "/docs/references/notes"
14 | toc: false
15 | ---
16 | {% include section-index.html docs=site.about %}
17 |
18 | The latest Istio monthly release is {{site.data.istio.version}} ([release notes]({{site.data.istio.version}}.html)). You can [download {{site.data.istio.version}}](https://github.com/istio/istio/releases) with:
19 |
20 | ```
21 | curl -L https://git.io/getLatestIstio | sh -
22 | ```
23 |
24 | The most recent stable release is 0.2.12. You can [download 0.2.12](https://github.com/istio/istio/releases/tag/0.2.12) with:
25 |
26 | ```
27 | curl -L https://git.io/getIstio | sh -
28 | ```
29 |
30 | [Archived documentation for the 0.2.12 release](https://archive.istio.io/v0.2/docs/).
31 |
32 | > As we don't control the `git.io` domain, please examine the output of the `curl` command before piping it to a shell if running in any sensitive or non sandboxed environment.
33 |
--------------------------------------------------------------------------------
/_about/notes/0.1.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Istio 0.1
3 |
4 | order: 100
5 |
6 | layout: about
7 | type: markdown
8 | toc: false
9 | redirect_from: /docs/welcome/notes/0.1.html
10 | ---
11 |
12 | Istio 0.1 is the initial [release](https://github.com/istio/istio/releases) of Istio. It works in a single Kubernetes cluster and supports the following features:
13 | - Installation of Istio into a Kubernetes namespace with a single command.
14 | - Semi-automated injection of Envoy proxies into Kubernetes pods.
15 | - Automatic traffic capture for Kubernetes pods using iptables.
16 | - In-cluster load balancing for HTTP, gRPC, and TCP traffic.
17 | - Support for timeouts, retries with budgets, and circuit breakers.
18 | - Istio-integrated Kubernetes Ingress support (Istio acts as an Ingress Controller).
19 | - Fine-grained traffic routing controls, including A/B testing, canarying, red/black deployments.
20 | - Flexible in-memory rate limiting.
21 | - L7 telemetry and logging for HTTP and gRPC using Prometheus.
22 | - Grafana dashboards showing per-service L7 metrics.
23 | - Request tracing through Envoy with Zipkin.
24 | - Service-to-service authentication using mutual TLS.
25 | - Simple service-to-service authorization using deny expressions.
26 |
--------------------------------------------------------------------------------
/_layouts/search-results.html:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | ---
4 |
5 |
18 |
19 |
20 |
21 |
22 |
23 |
24 | {{ content }}
25 |
26 |
27 |
28 |
29 |
30 |
31 |
44 |
--------------------------------------------------------------------------------
/img/twitter.svg:
--------------------------------------------------------------------------------
1 |
2 |
7 |
--------------------------------------------------------------------------------
/_includes/figure.html:
--------------------------------------------------------------------------------
1 | {% comment %}
2 | Purpose:
3 | Inserts a figure into a page. The user of this template specifies the
4 | relative width of the figure in percentage, and an aspect ratio value in
5 | lieu of the Y coordinate. Through CSS trickery, these two values let us
6 | calculate the actual width and height of the image at render time in such
7 | a way that it avoids the typical 'shifting text' problem as images are
8 | loaded asynchronously.
9 |
10 | Usage:
11 | {% include figure.html width='%' ratio='%'
12 | img=''
13 | alt=''
14 | title=''
15 | caption=''
16 | %}
17 | {% endcomment %}
18 |
19 |
29 |
--------------------------------------------------------------------------------
/_about/notes/0.4.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Istio 0.4
3 |
4 | order: 97
5 |
6 | layout: about
7 | type: markdown
8 | toc: false
9 | redirect_from: /docs/welcome/notes/0.4.html
10 | ---
11 | {% include home.html %}
12 |
13 | This release has only got a few weeks' worth of changes, as we stabilize our monthly release process.
14 | In addition to the usual pile of bug fixes and perf improvements, this release includes:
15 |
16 | - **Cloud Foundry**. Added minimum Pilot support for the [Cloud Foundry](https://www.cloudfoundry.org) platform, making it
17 | possible for Pilot to discover CF services and service instances.
18 |
19 | - **Circonus**. Mixer now includes an adapter for the [Circonus](https://www.circonus.com) analytics and monitoring platform.
20 |
21 | - **Pilot Metrics**. Pilot now collects metrics for diagnostics.
22 |
23 | - **Helm Charts**. We now provide helm charts to install Istio.
24 |
25 | - **Enhanced Attribute Expressions**. Mixer's expression language gained a few new functions
26 | to make it easier to write policy rules. [Learn more]({{home}}/docs/reference/config/mixer/expression-language.html)
27 |
28 | If you're into the nitty-gritty details, you can see our more detailed low-level
29 | release notes [here](https://github.com/istio/istio/wiki/v0.4.0).
30 |
--------------------------------------------------------------------------------
/_docs/setup/kubernetes/advanced-install.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Advanced Install Options
3 | overview: Instructions for customizing the Istio installation.
4 |
5 | order: 20
6 | draft: true
7 | layout: docs
8 | type: markdown
9 | ---
10 |
11 | {% include home.html %}
12 |
13 | This section provides options for piecemeal installation of Istio
14 | components.
15 |
16 | ## Ingress Controller Only
17 |
18 | It is possible to use Istio as an Ingress controller, leveraging advanced
19 | L7 routing capabilities such as version-aware routing, header based
20 | routing, gRPC/HTTP2 proxying, tracing, etc. Deploy Istio Pilot only and
21 | disable other components. Do not deploy the Istio initializer.
22 |
23 |
24 | ## Ingress Controller with Telemetry & Policies
25 |
26 | By deploying Istio Pilot and Mixer, the Ingress controller configuration
27 | described above can be enhanced to provide in-depth telemetry and policy
28 | enforcement capabilities such as rate limits, access controls, etc.
29 |
30 | ## Intelligent Routing & Telemetry
31 |
32 | If you wish to take advantage of Istio's L7 traffic management
33 | capabilities, in addition to obtaining in-depth telemetry and performing
34 | distributed request tracing, deploy Istio Pilot and Mixer. In addition,
35 | disable policy enforcement at the Mixer.
36 |
--------------------------------------------------------------------------------
/_faq/mixer/mixer-self-monitoring.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Does Mixer provide any self-monitoring?
3 | order: 30
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Mixer exposes a monitoring endpoint (default port: `9093`). There are a few
9 | useful paths to investigate Mixer performance and audit
10 | function:
11 |
12 | - `/metrics` provides Prometheus metrics on the Mixer process as well as gRPC
13 | metrics related to API calls and metrics on adapter dispatch.
14 | - `/debug/pprof` provides an endpoint for profiling data in [pprof
15 | format](https://golang.org/pkg/net/http/pprof/).
16 | - `/debug/vars` provides an endpoint exposing server metrics in JSON format.
17 |
18 | Mixer logs can be accessed via a `kubectl logs` command, as follows:
19 |
20 | ```bash
21 | kubectl -n istio-system logs $(kubectl -n istio-system get pods -listio=mixer -o jsonpath='{.items[0].metadata.name}') mixer
22 | ```
23 | Mixer trace generation is controlled by the command-line flag `traceOutput`. If
24 | the flag value is set to `STDOUT` or `STDERR` trace data will be written
25 | directly to those locations. If a URL is provided, Mixer will post
26 | Zipkin-formatted data to that endpoint (example:
27 | `http://zipkin:9411/api/v1/spans`).
28 |
29 | In the 0.2 release, Mixer only supports Zipkin tracing.
30 |
--------------------------------------------------------------------------------
/js/styleSwitcher.min.js:
--------------------------------------------------------------------------------
1 | "use strict";function applyStyleSheet(e){var t,i;for(t=0;i=document.getElementsByTagName("link")[t];t++)-1!=i.getAttribute("rel").indexOf("style")&&i.getAttribute("title")&&(i.disabled=!0,i.getAttribute("title")==e&&(i.disabled=!1));var r=document.getElementsByTagName("body")[0];if(void 0!=r){var l=r.getAttribute("class").split(" ");for(t=0;t
2 | {% assign words = include.glossary | sort: "title" %}
3 |
4 |
5 | {% assign previous = "-" %}
6 | {% for w in words %}
7 | {% assign first = w.title | slice: 0 | upcase %}
8 | {% if first != previous %}
9 | {% if previous != "-" %}|{% endif %}
10 | {{first}}
11 | {% assign previous = first %}
12 | {% endif %}
13 | {% endfor %}
14 |
15 |
16 |
17 | {% assign previous = "-" %}
18 | {% for w in words %}
19 | {% assign first = w.title | slice: 0 | upcase %}
20 | {% if first != previous %}
21 | {% if previous != "-" %}
22 |
23 | {% endif %}
24 |
The fluentd adapter is designed to deliver Istio log entries to a
9 | listening fluentd daemon.
10 |
11 |
Params
12 |
13 |
Configuration parameters for the fluentd adapter.
14 |
15 |
This adapter accepts instances of kind: logentry. It then routes
16 | those logentries to a listening fluentd daemon with minimal
17 | transformation. Fluentd uses a “tag” for all logs. The “Name” of
18 | the logentry is used as the “tag”, unless the logentry already has
19 | a variable “tag”.
20 |
21 |
22 |
23 |
24 |
Field
25 |
Type
26 |
Description
27 |
28 |
29 |
30 |
31 |
address
32 |
string
33 |
34 |
Address of listening fluentd daemon. Example: fluentd-server:24224
35 | Default value is localhost:24224
49 |
--------------------------------------------------------------------------------
/_faq/traffic-management/ingress-with-no-route-rules.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Can I use standard Ingress specification without any route rules?
3 | order: 40
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Simple ingress specifications, with host, TLS, and exact path based
9 | matches will work out of the box without the need for route
10 | rules. However, note that the path used in the ingress resource should
11 | not have any `.` characters.
12 |
13 | For example, the following ingress resource matches requests for the
14 | example.com host, with /helloworld as the URL.
15 |
16 | ```bash
17 | cat <
5 |
6 |
7 | {% include sidebar.html docs=site.help singlecard=true %}
8 |
49 |
--------------------------------------------------------------------------------
/_docs/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Welcome
3 | overview: Istio documentation home page.
4 |
5 | order: 0
6 |
7 | layout: docs
8 | type: markdown
9 | toc: false
10 | ---
11 | {% include home.html %}
12 |
13 | From here you can learn all about Istio's architecture and how to deploy and use Istio.
14 |
15 | - [Concepts]({{home}}/docs/concepts/). Concepts explain some significant aspect of Istio. This
16 | is where you can learn about what Istio does and how it does it.
17 |
18 | - [Setup]({{home}}/docs/setup/). Setup contains instructions for installing
19 | the Istio control plane in various environments, as well as instructions
20 | for installing the sidecar in the application deployment. Quick start
21 | instructions are available for
22 | [Kubernetes]({{home}}/docs/setup/kubernetes/quick-start.html) and
23 | [Docker Compose w/ Consul]({{home}}/docs/setup/consul/quick-start.html).
24 |
25 | - [Tasks]({{home}}/docs/tasks/). Tasks show you how to do a single directed activity with Istio.
26 |
27 | - [Guides]({{home}}/docs/guides/). Guides are fully working stand-alone examples
28 | intended to highlight a particular set of Istio's features.
29 |
30 | - [Reference]({{home}}/docs/reference/). Detailed exhaustive lists of
31 | command-line options, configuration options, API definitions, and procedures.
32 |
33 | We're always looking for help improving our documentation, so please don't hesitate to
34 | [file an issue](https://github.com/istio/istio.github.io/issues/new) if you see some problem.
35 | Or better yet, submit your own [contributions]({{home}}/about/contribute/editing.html) to help
36 | make our docs better.
37 |
38 | Follow this link for the archive of the [earlier releases' documentation](https://archive.istio.io/).
39 |
--------------------------------------------------------------------------------
/_about/contribute/staging-your-changes.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Staging Your Changes
3 | overview: Explains how to test your changes locally before submitting them.
4 |
5 | order: 40
6 |
7 | layout: about
8 | type: markdown
9 | redirect_from: /docs/welcome/contribute/staging-your-changes.html
10 | ---
11 |
12 | This page shows how to stage content that you want to contribute
13 | to the Istio documentation.
14 |
15 | ## Before you begin
16 |
17 | Create a fork of the Istio documentation repository as described in
18 | [Creating a Doc Pull Request](./creating-a-pull-request.html).
19 |
20 | ## Staging locally
21 |
22 | See [Detailed instructions and options on GitHub](https://github.com/istio/istio.github.io/blob/master/README.md)
23 |
24 | Once Jekyll is running, you can open a web browser and go to `http://localhost:4000` to see your
25 | changes. You can make further changes to the content in your repo and just refresh your browser page to see
26 | the results, no need to restart Jekyll all the time.
27 |
28 | ## Staging from your GitHub account
29 |
30 | > Hey, you know, you're much better off staging locally using the above procedure. Just sayin'...
31 |
32 | GitHub provides staging of content in your master branch. Note that you
33 | might not want to merge your changes into your master branch. If that is
34 | the case, choose another option for staging your content.
35 |
36 | 1. In your GitHub account, in your fork, merge your changes into
37 | the master branch.
38 |
39 | 1. Change the name of your repository to `.github.io`, where
40 | `` is the username of your GitHub account.
41 |
42 | 1. Delete the `CNAME` file.
43 |
44 | 1. View your staged content at this URL: `https://.github.io`
45 |
--------------------------------------------------------------------------------
/_help/faq/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: FAQ
3 | overview: Frequently Asked Questions about Istio.
4 |
5 | order: 20
6 |
7 | layout: help
8 | type: markdown
9 | toc: false
10 |
11 | redirect_from:
12 | - "/faq"
13 | - "/docs/welcome/faq.html"
14 | ---
15 | {% include home.html %}
16 |
17 | You've got questions? We've got answers!
18 |
19 |
The listentry template is designed to let you perform list check operations
9 | with the list adapter.
10 |
11 |
Template
12 |
13 |
The listentry template is used to verify the presence/absence of a string
14 | within a list.
15 |
16 |
When writing the configuration, the value for the fields associated with this template can either be a
17 | literal or an expression. Please note that if the datatype of a field is not istio.mixer.adapter.model.v1beta1.Value,
18 | then the expression’s inferred type must match the datatype of the field.
50 |
51 |
--------------------------------------------------------------------------------
/_docs/concepts/traffic-management/fault-injection.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Fault Injection
3 | overview: Introduces the idea of systematic fault injection that can be used to uncover conflicting failure recovery policies across services.
4 |
5 | order: 40
6 |
7 | layout: docs
8 | type: markdown
9 | toc: false
10 | ---
11 |
12 | While Envoy sidecar/proxy provides a host of
13 | [failure recovery mechanisms](./handling-failures.html) to services running
14 | on Istio, it is still
15 | imperative to test the end-to-end failure recovery capability of the
16 | application as a whole. Misconfigured failure recovery policies (e.g.,
17 | incompatible/restrictive timeouts across service calls) could result in
18 | continued unavailability of critical services in the application, resulting
19 | in poor user experience.
20 |
21 | Istio enables protocol-specific fault injection into the network, instead
22 | of killing pods, delaying or corrupting packets at TCP layer. Our rationale
23 | is that the failures observed by the application layer are the same
24 | regardless of network level failures, and that more meaningful failures can
25 | be injected at the application layer (e.g., HTTP error codes) to exercise
26 | the resilience of an application.
27 |
28 | Operators can configure faults to be injected into requests that match
29 | specific criteria. Operators can further restrict the percentage of
30 | requests that should be subjected to faults. Two types of faults can be
31 | injected: delays and aborts. Delays are timing failures, mimicking
32 | increased network latency, or an overloaded upstream service. Aborts are
33 | crash failures that mimick failures in upstream services. Aborts usually
34 | manifest in the form of HTTP error codes, or TCP connection failures.
35 |
36 | Refer to [Istio's traffic management rules](./rules-configuration.html) for more details.
--------------------------------------------------------------------------------
/_about/notes/0.6.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Istio 0.6
3 |
4 | order: 95
5 |
6 | layout: about
7 | type: markdown
8 | ---
9 | {% include home.html %}
10 |
11 | In addition to the usual pile of bug fixes and perf improvements, this release includes the new or
12 | updated features detailed below.
13 |
14 | ## Networking
15 |
16 | - **Custom Envoy Config**. Pilot now supports ferrying custom Envoy config to the
17 | proxy. [Learn more](https://github.com/mandarjog/istioluawebhook)
18 |
19 | ## Mixer adapters
20 |
21 | - **SolarWinds**. Mixer can now interface to AppOptics and Papertrail.
22 | [Learn more]({{home}}/docs/reference/config/adapters/solarwinds.html)
23 |
24 | - **Redisquota**. Mixer now supports a Redis-based adapter for rate limit tracking.
25 | [Learn more]({{home}}/docs/reference/config/adapters/redisquota.html)
26 |
27 | - **Datadog**. Mixer now provides an adapter to deliver metric data to a Datadog agent.
28 | [Learn more]({{home}}/docs/reference/config/adapters/datadog.html)
29 |
30 | ## Other
31 |
32 | - **Separate Check & Report Clusters**. When configuring Envoy, it's now possible to use different clusters
33 | for Mixer instances that are used for Mixer's Check functionality from those used for Mixer's Report
34 | functionality. This may be useful in large deployments for better scaling of Mixer instances.
35 |
36 | - **Monitoring Dashboards**. There are now preliminary Mixer & Pilot monitoring dashboard in Grafana.
37 |
38 | - **Servicegraph Visualization**. Servicegraph has a new visualization. [Learn more]({{home}}/docs/tasks/telemetry/servicegraph.html).
39 |
40 | - **Liveness and Readiness Probes**. Istio components now provide canonical liveness and readiness
41 | probe support to help ensure mesh infrastructure health. [Learn more]({{home}}/docs/tasks/security/health-check.html)
42 |
43 | - **Egress Policy and Telemetry**. Istio can monitor traffic to external services defined by EgressRule or External Service. Istio can also apply
44 | Mixer policies on this traffic.
45 |
--------------------------------------------------------------------------------
/_includes/blog_post_nav.html:
--------------------------------------------------------------------------------
1 | {% comment %}
2 | Assigns the next_post_url, next_post_title, previous_post_url, and previous_post_title variables the URLs and titles
3 | of the next and previous blog posts on the site, relative to the current blog post.
4 | {% endcomment %}
5 |
6 | {% comment %}
7 | Find the current page in the sorted set of blog posts we generated for the sidebar
8 | {% endcomment %}
9 |
10 | {% assign index = 0 %}
11 | {% for u in urls %}
12 | {% if u == page.url %}
13 | {% assign index = forloop.index0 %}
14 | {% break %}
15 | {% endif %}
16 | {% endfor %}
17 |
18 | {% assign next_index = index %}
19 | {% for i in (0..10) %}
20 | {% assign next_index = next_index | minus: 1 %}
21 |
22 | {% if next_index < 0 %}
23 | {% break %}
24 | {% endif
25 |
26 | {% assign YY = "THIS IS NEEDED, OTHERWISE THE URL ASSIGNMENT BELOW DOESN'T HAVE ANY EFFECT!" %}
27 |
28 | {% assign url = urls[next_index] %}
29 | {% assign components = url | split: "/" %}
30 | {% assign name = components | last %}
31 |
32 | {% if name != "index.html" %}
33 | {% assign next_post_url = urls[next_index] %}
34 | {% assign next_post_title = titles[next_index] %}
35 | {% break %}
36 | {% endif %}
37 | {% endfor %}
38 |
39 | {% assign max = urls | size %}
40 | {% assign prev_index = index %}
41 | {% for i in (0..10) %}
42 | {% assign prev_index = prev_index | plus: 1 %}
43 | {% if prev_index >= max %}
44 | {% break %}
45 | {% endif
46 |
47 | {% assign YY = "THIS IS NEEDED, OTHERWISE THE URL ASSIGNMENT BELOW DOESN'T HAVE ANY EFFECT!" %}
48 |
49 | {% assign url = urls[prev_index] %}
50 | {% assign components = url | split: "/" %}
51 | {% assign name = components | last %}
52 | {% if name != "index.html" %}
53 | {% assign prev_post_url = urls[prev_index] %}
54 | {% assign prev_post_title = titles[prev_index] %}
55 | {% break %}
56 | {% endif %}
57 | {% endfor %}
58 |
--------------------------------------------------------------------------------
/_about/notes/0.3.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Istio 0.3
3 |
4 | order: 98
5 |
6 | layout: about
7 | type: markdown
8 | redirect_from: /docs/welcome/notes/0.3.html
9 | ---
10 |
11 | {% include home.html %}
12 |
13 | ## General
14 |
15 | Starting with 0.3, Istio is switching to a monthly release cadence. We hope this will help accelerate our ability
16 | to deliver timely improvements. See [here]({{home}}/about/feature-stages.html) for information on the state of individual features
17 | for this release.
18 |
19 | This is a fairly modest release in terms of new features as the team put emphasis on internal
20 | infrastructure work to improve our velocity. Many bugs and smaller issues have been addressed and
21 | overall performance has been improved in a number of areas.
22 |
23 | ## Security
24 |
25 | - **Secure Control Plane Communication**. Mixer and Pilot are now secured with mutual TLS, just like all services in a mesh.
26 |
27 | - **Selective Authentication**. You can now control authentication on a per-service basis via service annotations,
28 | which helps with incremental migration to Istio.
29 |
30 | ## Networking
31 |
32 | - **Egress rules for TCP**. You can now specify egress rules that affect TCP-level traffic.
33 |
34 | ## Policy enforcement and telemetry
35 |
36 | - **Improved Caching**. Caching between Envoy and Mixer has gotten substantially better, resulting in a
37 | significant drop in average latency for authorization checks.
38 |
39 | - **Improved list Adapter**. The Mixer 'list' adapter now supports regular expression matching. See the adapter's
40 | [configuration options]({{home}}/docs/reference/config/adapters/list.html) for details.
41 |
42 | - **Config Validation**. Mixer does more extensive validation of configuration state in order to catch problems earlier.
43 | We expect to invest more in this area in coming releases.
44 |
45 |
46 | If you're into the nitty-gritty details, you can see our more detailed low-level
47 | release notes [here](https://github.com/istio/istio/wiki/v0.3.0).
48 |
--------------------------------------------------------------------------------
/_docs/reference/config/adapters/rbac.html:
--------------------------------------------------------------------------------
1 | ---
2 | title: RBAC
3 | overview: Adapter that exposes Istio's Role-Based Access Control model.
4 | location: https://istio.io/docs/reference/config/adapters/rbac.html
5 | layout: protoc-gen-docs
6 | number_of_entries: 1
7 | ---
8 |
The rbac adapter provides Role-Based Access Control (RBAC) functionality for
9 | for services within the Istio mesh.
10 |
11 |
Params
12 |
13 |
Configuration format for the rbac adapter.
14 |
15 |
For example, the following configuration defines a RBAC handler with
16 | configuration store URL pointing to Kubernetes etcd (“k8s://”).
17 | If you want to run Mixer locally, you can set the configuration store
18 | URL to a local directory (e.g., “fs:///tmp/testdata/configroot”).
URL for the config store. It is used to initiate a new Store instance.
43 | Following are some examples of the config store URL:
44 | * “k8s://”
45 | * “fs:///tmp/testdata/configroot”
The duration for which authorization results may be cached.
54 |
55 |
56 |
57 |
58 |
59 |
60 |
--------------------------------------------------------------------------------
/_docs/concepts/policy-and-control/attributes.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Attributes
3 | overview: Explains the important notion of attributes, which is a central mechanism for how policies and control are applied to services within the mesh.
4 |
5 | order: 10
6 |
7 | layout: docs
8 | type: markdown
9 | ---
10 | {% include home.html %}
11 |
12 | The page describes Istio attributes, what they are and how they are used.
13 |
14 | ## Background
15 |
16 | Istio uses *attributes* to control the runtime behavior of services running in the mesh.
17 | Attributes are named and typed pieces of metadata describing ingress and egress traffic and the
18 | environment this traffic occurs in. An Istio attribute carries a specific piece
19 | of information such as the error code of an API request, the latency of an API request, or the
20 | original IP address of a TCP connection. For example:
21 |
22 | request.path: xyz/abc
23 | request.size: 234
24 | request.time: 12:34:56.789 04/17/2017
25 | source.ip: 192.168.0.1
26 | destination.service: example
27 |
28 | ## Attribute vocabulary
29 |
30 | A given Istio deployment has a fixed vocabulary of attributes that it understands.
31 | The specific vocabulary is determined by the set of attribute producers being used
32 | in the deployment. The primary attribute producer in Istio is Envoy, although
33 | specialized Mixer adapters can also generate attributes.
34 |
35 | The common baseline set of attributes available in most Istio deployments is defined
36 | [here]({{home}}/docs/reference/config/mixer/attribute-vocabulary.html).
37 |
38 | ## Attribute names
39 |
40 | Istio attributes use Java-like fully qualified identifiers as attribute names. The
41 | allowed characters are `[_.a-z0-9]`. The character `"."` is used as namespace
42 | separator. For example, `request.size` and `source.ip`.
43 |
44 | ## Attribute types
45 |
46 | Istio attributes are strongly typed. The supported attribute types are defined by
47 | [ValueType](https://github.com/istio/api/blob/master/policy/v1beta1/value_type.proto).
48 |
--------------------------------------------------------------------------------
/_includes/section-index.html:
--------------------------------------------------------------------------------
1 | {% comment %}
2 | Purpose:
3 | Generates a section index providing access to all nested docs.
4 |
5 | Usage:
6 | {% include section-index.html docs='' %}
7 |
8 | Parameters:
9 | * docs (collection) - the document collection containing the docs to index
10 | {% endcomment %}
11 |
12 | {% include home.html %}
13 | {% assign components = page.url | split: '/' %}
14 | {% for comp in components %}
15 | {% if forloop.last %}
16 | {% break %}
17 | {% endif %}
18 |
19 | {% assign prefix = prefix | append: comp | append: "/" %}
20 | {% endfor %}
21 |
22 | {% include sort-hierarchy.html docs=include.docs prefix=prefix %}
23 |
24 |
73 |
--------------------------------------------------------------------------------
/_docs/concepts/traffic-management/pilot.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Pilot
3 | overview: Introduces Pilot, the component responsible for managing a distributed deployment of Envoy proxies in the service mesh.
4 |
5 | order: 10
6 |
7 | layout: docs
8 | type: markdown
9 | toc: false
10 | redirect_from: /docs/concepts/traffic-management/manager.html
11 | ---
12 | {% include home.html %}
13 |
14 | Pilot is responsible for the lifecycle of Envoy instances deployed
15 | across the Istio service mesh.
16 |
17 | {% include figure.html width='60%' ratio='72.17%'
18 | img='./img/pilot/PilotAdapters.svg'
19 | alt="Pilot's overall architecture."
20 | title='Pilot Architecture'
21 | caption='Pilot Architecture'
22 | %}
23 |
24 | As illustrated in the figure above, Pilot maintains a canonical
25 | representation of services in the mesh that is independent of the underlying
26 | platform. Platform-specific adapters in Pilot are responsible for
27 | populating this canonical model appropriately. For example, the Kubernetes
28 | adapter in Pilot implements the necessary controllers to watch the
29 | Kubernetes API server for changes to the pod registration information, ingress
30 | resources, and third party resources that store traffic management rules.
31 | This data is translated into the canonical representation. Envoy-specific
32 | configuration is generated based on the canonical representation.
33 |
34 | Pilot exposes APIs for [service discovery](https://www.envoyproxy.io/docs/envoy/latest/api-v1/cluster_manager/sds),
35 | dynamic updates to [load balancing pools](https://www.envoyproxy.io/docs/envoy/latest/configuration/cluster_manager/cds)
36 | and [routing tables](https://www.envoyproxy.io/docs/envoy/latest/configuration/http_conn_man/rds).
37 | These APIs decouple Envoy from platform-specific nuances, simplifying the
38 | design and increasing portability across platforms.
39 |
40 | Operators can specify high-level traffic management rules through
41 | [Pilot's Rules API]({{home}}/docs/reference/config/istio.routing.v1alpha1.html). These rules are translated into low-level
42 | configurations and distributed to Envoy instances via the discovery API.
43 |
--------------------------------------------------------------------------------
/_docs/reference/config/adapters/opa.html:
--------------------------------------------------------------------------------
1 | ---
2 | title: OPA
3 | overview: Adapter that implements an Open Policy Agent engine
4 | location: https://istio.io/docs/reference/config/adapters/opa.html
5 | layout: protoc-gen-docs
6 | number_of_entries: 1
7 | ---
8 |
The opa adapter exposes an Open Policy Agent engine
9 | that provides sophisticated access control mechanisms.
Close the client request when adapter has a issue.
75 | If failClose is set to true and there is a runtime error,
76 | instead of disabling the adapter, close the client request
77 |
78 |
79 |
80 |
81 |
82 |
83 |
--------------------------------------------------------------------------------
/js/styleSwitcher.js:
--------------------------------------------------------------------------------
1 | "use strict"
function applyStyleSheet(title) {
var i, a;
for (i = 0; (a = document.getElementsByTagName("link")[i]); i++) {
if (a.getAttribute("rel").indexOf("style") != -1 && a.getAttribute("title")) {
a.disabled = true;
if (a.getAttribute("title") == title) {
a.disabled = false;
}
}
}
// set theme-XXX class on the body element
var b = document.getElementsByTagName("body")[0]
if (b != undefined) {
var c = b.getAttribute("class")
var s = c.split(" ")
for (i = 0; i < s.length; i++) {
if (s[i].startsWith("theme-")) {
s[i] = "theme-" + title
}
}
b.setAttribute("class", s.join(" "))
}
}
function getPreferredStyleSheet() {
var i, a;
for (i = 0; (a = document.getElementsByTagName("link")[i]); i++) {
if (a.getAttribute("rel").indexOf("style") != -1
&& a.getAttribute("rel").indexOf("alt") == -1
&& a.getAttribute("title")
) {
return a.getAttribute("title");
}
}
return null;
}
function createCookie(name, value, days) {
if (days) {
var date = new Date();
date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
var expires = "; expires=" + date.toGMTString();
}
else {
expires = "";
}
document.cookie = name + "=" + value + expires + "; path=/";
}
function readCookie(name) {
var nameEQ = name + "=";
var ca = document.cookie.split(';');
for (var i = 0; i < ca.length; i++) {
var c = ca[i];
while (c.charAt(0) == ' ') {
c = c.substring(1, c.length);
}
if (c.indexOf(nameEQ) == 0) {
return c.substring(nameEQ.length, c.length);
}
}
return undefined;
}
function setActiveStyleSheet(title) {
applyStyleSheet(title)
createCookie("style", title);
}
function loadActiveStyleSheet() {
var cookie = readCookie("style");
if (cookie == undefined) {
applyStyleSheet(getPreferredStyleSheet());
} else {
applyStyleSheet(cookie);
}
}
window.onload = function (e) {
loadActiveStyleSheet()
}
loadActiveStyleSheet()
--------------------------------------------------------------------------------
/_faq/mixer/why-mixer.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Why does Istio need Mixer?
3 | order: 0
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | Mixer provides a rich intermediation layer between the Istio components as well as Istio-based services,
9 | and the infrastructure backends used to perform access control checks and telemetry capture. This
10 | layer enables operators to have rich insights and control over service behavior without requiring
11 | changes to service binaries.
12 |
13 | Mixer is designed as a stand-alone component, distinct from Envoy. This has numerous benefits:
14 |
15 | - *Scalability*.
16 | The work that Mixer and Envoy do is very different in nature, leading to different scalability
17 | requirements. Keeping the components separate enables independent component-appropriate scaling.
18 |
19 | - *Resource Usage*.
20 | Istio depends on being able to deploy many instances of its proxy, making it important to minimize the
21 | cost of each individual instance. Moving Mixer's complex logic into a distinct component makes it
22 | possible for Envoy to remain svelte and agile.
23 |
24 | - *Reliability*.
25 | Mixer and its open-ended extensibility model represents the most complex parts of the
26 | data path processing pipeline. By hosting this functionality in Mixer rather than Envoy,
27 | it creates distinct failure domains which enables Envoy to continue operating even if Mixer
28 | fails, preventing outages.
29 |
30 | - *Isolation*.
31 | Mixer provides a level of insulation between Istio and the infrastructure backends. Each Envoy instance can be configured to have a
32 | very narrow scope of interaction, limiting the impact of potential attacks.
33 |
34 | - *Extensibility*.
35 | It was imperative to design a simple extensibility model to allow Istio to interoperate
36 | with as widest breath of backends as possible. Due to its design and language choice, Mixer is inherently
37 | easier to extend than Envoy is. The separation of concerns also makes it possible to use
38 | Istio policy and telemetry processing with different proxies, just as a mix of Envoy and NGINX.
39 |
40 | Envoy implements sophisticated caching, batching, and prefetching, to largely mitigate the
41 | latency impact of needing to interact with Mixer on the request path.
42 |
--------------------------------------------------------------------------------
/_blog/2018/traffic-mirroring.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: "Traffic Mirroring with Istio for Testing in Production"
3 | overview: An introduction to safer, lower-risk deployments and release to production
4 | publish_date: February 8, 2018
5 | subtitle: Routing rules for HTTP traffic
6 | attribution: Christian Posta
7 |
8 | order: 91
9 |
10 | layout: blog
11 | type: markdown
12 | redirect_from: "/blog/traffic-mirroring.html"
13 | ---
14 | {% include home.html %}
15 |
16 | Trying to enumerate all the possible combinations of test cases for testing services in non-production/test environments can be daunting. In some cases, you'll find that all of the effort that goes into cataloging these use cases doesn't match up to real production use cases. Ideally, we could use live production use cases and traffic to help illuminate all of the feature areas of the service under test that we might miss in more contrived testing environments.
17 |
18 | Istio can help here. With the release of [Istio 0.5.0]({{home}}/about/notes/0.5.html), Istio can mirror traffic to help test your services. You can write route rules similar to the following to enable traffic mirroring:
19 |
20 |
21 | ```yaml
22 | apiVersion: config.istio.io/v1alpha2
23 | kind: RouteRule
24 | metadata:
25 | name: mirror-traffic-to-httbin-v2
26 | spec:
27 | destination:
28 | name: httpbin
29 | precedence: 11
30 | route:
31 | - labels:
32 | version: v1
33 | weight: 100
34 | - labels:
35 | version: v2
36 | weight: 0
37 | mirror:
38 | name: httpbin
39 | labels:
40 | version: v2
41 | ```
42 |
43 | A few things to note here:
44 |
45 | * When traffic gets mirrored to a different service, that happens outside the critical path of the request
46 | * Responses to any mirrored traffic is ignored; traffic is mirrored as "fire-and-forget"
47 | * You'll need to have the 0-weighted route to hint to Istio to create the proper Envoy cluster under the covers; [this should be ironed out in future releases](https://github.com/istio/istio/issues/3270).
48 |
49 | Learn more about mirroring by visiting the [Mirroring Task]({{home}}/docs/tasks/traffic-management/mirroring.html) and see a more
50 | [comprehensive treatment of this scenario on my blog](https://blog.christianposta.com/microservices/traffic-shadowing-with-istio-reduce-the-risk-of-code-release/).
--------------------------------------------------------------------------------
/_docs/reference/config/template/apikey.html:
--------------------------------------------------------------------------------
1 | ---
2 | title: API Key
3 | overview: A template that represents a single API key.
4 | location: https://istio.io/docs/reference/config/template/apikey.html
5 | layout: protoc-gen-docs
6 | number_of_entries: 2
7 | ---
8 |
The apikey template represents a single API key, which is used for authorization checks.
9 |
10 |
Template
11 |
12 |
The apikey template represents a single API key, used to authorize API calls.
The quota template represents an item for which to check quota.
9 |
10 |
Template
11 |
12 |
The quota template represents a piece of data to check Quota for.
13 |
14 |
When writing the configuration, the value for the fields associated with this template can either be a
15 | literal or an expression. Please note that if the datatype of a field is not istio.mixer.adapter.model.v1beta1.Value,
16 | then the expression’s inferred type must match the datatype of the field.
The unique identity of the particular quota to manipulate.
47 |
48 |
49 |
50 |
51 |
52 |
53 |
istio.mixer.adapter.model.v1beta1.Value
54 |
55 |
Value is used inside templates for fields that have dynamic types. The actual datatype
56 | of the field depends on the datatype of the expression used in the operator configuration.
57 |
58 |
59 |
--------------------------------------------------------------------------------
/_about/contribute/creating-a-pull-request.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Creating a Pull Request
3 | overview: Shows you how to create a GitHub pull request in order to submit your docs for approval.
4 |
5 | order: 20
6 |
7 | layout: about
8 | type: markdown
9 | redirect_from: /docs/welcome/contribute/creating-a-pull-request.html
10 | ---
11 |
12 | To contribute to Istio documentation, create a pull request against the
13 | [istio/istio.github.io](https://github.com/istio/istio.github.io){: target="_blank"}
14 | repository. This page shows the steps necessary to create a pull request.
15 |
16 | ## Before you begin
17 |
18 | 1. Create a [GitHub account](https://github.com){: target="_blank"}.
19 |
20 | 1. Sign the [Contributor License Agreement](https://github.com/istio/community/blob/master/CONTRIBUTING.md#contributor-license-agreements)
21 |
22 | Documentation will be published under the [Apache 2.0](https://github.com/istio/istio.github.io/blob/master/LICENSE) license.
23 |
24 | ## Creating a fork
25 |
26 | Before you can edit documentation, you need to create a fork of Istio's documentation GitHub repository:
27 |
28 | 1. Go to the
29 | [istio/istio.github.io](https://github.com/istio/istio.github.io){: target="_blank"}
30 | repository.
31 |
32 | 1. In the upper-right corner, click **Fork**. This creates a copy of Istio's
33 | documentation repository in your GitHub account. The copy is called a *fork*.
34 |
35 | ## Making your changes
36 |
37 | 1. In your GitHub account, in your fork of the Istio repository, create
38 | a new branch to use for your contribution.
39 |
40 | 1. In your new branch, make your changes and commit them. If you want to
41 | [write a new topic](./writing-a-new-topic.html),
42 | choose the [page-type](./writing-a-new-topic.html#choosing-a-page-type)
43 | that is the best fit for your content.
44 |
45 | ## Submitting a pull request
46 |
47 | To publish your changes, you must create a pull request against the master branch of Istio's
48 | documentation repository.
49 |
50 | 1. Make sure your change produce valid html and links are valid, `rake test`
51 | will check this for you.
52 |
53 | 1. In your GitHub account, in your new branch, create a pull request
54 | against the master branch of the istio/istio.github.io
55 | repository. This opens a page that shows the status of your pull request.
56 |
57 | 1. During the next few days, check your pull request for reviewer comments.
58 | If needed, revise your pull request by committing changes to your
59 | new branch in your fork.
60 |
--------------------------------------------------------------------------------
/_about/contribute/reviewing-doc-issues.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Doc Issues
3 | overview: Explains the process involved in accepting documentation updates.
4 |
5 | order: 60
6 |
7 | layout: about
8 | type: markdown
9 | redirect_from: /docs/welcome/contribute/reviewing-doc-issues.html
10 | ---
11 |
12 | This page explains how documentation issues are reviewed and prioritized for the
13 | [istio/istio.github.io](https://github.com/istio/istio.github.io){: target="_blank"} repository.
14 | The purpose is to provide a way to organize issues and make it easier to contribute to
15 | Istio documentation. The following should be used as the standard way of prioritizing,
16 | labeling, and interacting with issues.
17 |
18 | ## Prioritizing Issues
19 |
20 | The following labels and definitions should be used to prioritize issues. If you change the priority of an issue, please comment on
21 | the issue with your reasoning for the change.
22 |
23 |
24 |
25 |
P1
26 |
27 |
Major content errors affecting more than 1 page
28 |
Broken code sample on a heavily trafficked page
29 |
Errors on a “getting started” page
30 |
Well known or highly publicized customer pain points
31 |
Automation issues
32 |
33 |
34 |
35 |
36 |
P2
37 |
38 |
Default for all new issues
39 |
Broken code for sample that is not heavily used
40 |
Minor content issues in a heavily trafficked page
41 |
Major content issues on a lower-trafficked page
42 |
43 |
44 |
45 |
46 |
P3
47 |
48 |
Typos and broken anchor links
49 |
50 |
51 |
52 |
53 | ## Handling special issue types
54 |
55 | If a single problem has one or more issues open for it, the problem should be consolidated into a single issue. You should decide which issue to keep open
56 | (or open a new issue), port over all relevant information, link related issues, and close all the other issues that describe the same problem. Only having
57 | a single issue to work on will help reduce confusion and avoid duplicating work on the same problem.
58 |
59 | Depending on where a dead link is reported, different actions are required to resolve the issue. Dead links in the reference
60 | docs are automation issues and should be assigned a P1 until the problem can be fully understood. All other dead links are issues
61 | that need to be manually fixed and can be assigned a P3.
62 |
--------------------------------------------------------------------------------
/_faq/security/cert-lifetime-config.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: How to configure the lifetime for Istio certificates?
3 | order: 70
4 | type: markdown
5 | ---
6 | {% include home.html %}
7 |
8 | For the workloads running in Kubernetes, the lifetime of their Istio certificates is controlled by the
9 | `workload-cert-ttl` flag on Istio CA. The default value is 19 hours. This value should be no greater than
10 | `max-workload-cert-ttl` of the Istio CA.
11 |
12 | The Istio CA uses a flag `max-workload-cert-ttl` to control the maximum lifetime for Istio certificates issued to
13 | workloads. The default value is 7 days. If `workload-cert-ttl` on CA or node agent is greater than
14 | `max-workload-cert-ttl`, Istio CA will fail issuing the certificate.
15 |
16 | Modify the `istio-auth.yaml` file to customize the CA configuration.
17 | The following modification specifies that the Istio certificates for workloads running in Kubernetes
18 | has 1 hours lifetime. Besides that, the maximum allowed Istio certificate lifetime is 48 hours.
19 |
20 | ```bash
21 | ...
22 | kind: Deployment
23 | ...
24 | metadata:
25 | name: istio-ca
26 | namespace: istio-system
27 | spec:
28 | ...
29 | template:
30 | ...
31 | spec:
32 | ...
33 | containers:
34 | - name: istio-ca
35 | ...
36 | args:
37 | - --workload-cert-ttl=1h # Lifetime of certificates issued to workloads in Kubernetes.
38 | - --max-workload-cert-ttl=48h # Maximum lifetime of certificates issued to workloads by the CA.
39 | ```
40 |
41 | For the workloads running on VMs and bare metal hosts, the lifetime of their Istio certificates is specified by the
42 | `workload-cert-ttl` flag on each node agent. The default value is also 19 hours. This value should be no greater than
43 | `max-workload-cert-ttl` of the Istio CA.
44 |
45 | To customize this configuration, the argument for the node agent service should be modified.
46 | After [setting up th machines]({{home}}/docs/setup/kubernetes/mesh-expansion.html#setting-up-the-machines) for Istio
47 | mesh expansion, modify the file `/lib/systemd/system/istio-auth-node-agent.service` on the VMs or bare metal hosts:
48 |
49 | ```bash
50 | ...
51 | [Service]
52 | ExecStart=/usr/local/bin/node_agent --workload-cert-ttl=24h # Specify certificate lifetime for workloads on this machine.
53 | Restart=always
54 | StartLimitInterval=0
55 | RestartSec=10
56 | ...
57 | ```
58 |
59 | The above configuraiton specifies that the Istio certificates for workloads running on this VM or bare metal host
60 | will have 24 hours lifetime.
61 |
62 | After configuring the service, restart the node agent by running `systemctl daemon-reload`.
--------------------------------------------------------------------------------
/_docs/guides/intelligent-routing.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Intelligent Routing
3 | overview: This guide demonstrates how to use various traffic management capabilities of an Istio service mesh.
4 |
5 | order: 20
6 | layout: docs
7 | type: markdown
8 | ---
9 | {% include home.html %}
10 |
11 | This guide demonstrates how to use various traffic management capabilities
12 | of an Istio service mesh.
13 |
14 | ## Overview
15 |
16 | Deploying a microservice-based application in an Istio service mesh allows one
17 | to externally control service monitoring and tracing, request (version) routing, resiliency testing,
18 | security and policy enforcement, etc., in a consistent way across the services,
19 | for the application as a whole.
20 |
21 | In this guide, we will use the [Bookinfo sample application]({{home}}/docs/guides/bookinfo.html)
22 | to show how operators can dynamically configure request routing and fault injection
23 | for a running application.
24 |
25 | ## Before you begin
26 |
27 | * Install the Istio control plane by following the instructions
28 | corresponding to your platform [installation guide]({{home}}/docs/setup/).
29 |
30 | * Run the Bookinfo sample application by following the applicable
31 | [application deployment instructions]({{home}}/docs/guides/bookinfo.html#deploying-the-application).
32 |
33 | ## Tasks
34 |
35 | 1. [Request routing]({{home}}/docs/tasks/traffic-management/request-routing.html) This task will first
36 | direct all incoming traffic for the Bookinfo application to the v1 version of the
37 | `reviews` service. It will then send traffic only from a specific test user to version v2,
38 | leaving all other users unaffected.
39 |
40 | 1. [Fault injection]({{home}}/docs/tasks/traffic-management/fault-injection.html) We will now use Istio to
41 | test the resiliency of the Bookinfo application by injecting an artificial delay in
42 | requests between the `reviews:v2` and `ratings` services. Observing the resulting behavior
43 | as the test user, we will notice that the v2 version of the `reviews` service has a bug.
44 | Note that all other users are unaware of this testing against the live system.
45 |
46 | 1. [Traffic Shifting]({{home}}/docs/tasks/traffic-management/traffic-shifting.html) Finally, we will
47 | use Istio to gradually migrate traffic for all users from to a v3 version of
48 | the `reviews` service, one which includes the fix for the bug discovered in v2.
49 |
50 | ## Cleanup
51 |
52 | When you're finished experimenting with the Bookinfo sample, you can
53 | uninstall it by following the
54 | [Bookinfo cleanup instructions]({{home}}/docs/guides/bookinfo.html#cleanup)
55 | corresponding to your environment.
56 |
--------------------------------------------------------------------------------
/img/exclamation-mark.svg:
--------------------------------------------------------------------------------
1 |
2 |
33 |
--------------------------------------------------------------------------------
/img/group.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
45 |
--------------------------------------------------------------------------------
/_docs/concepts/traffic-management/load-balancing.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Discovery & Load Balancing
3 | overview: Describes how traffic is load balanced across instances of a service in the mesh.
4 |
5 | order: 25
6 |
7 | layout: docs
8 | type: markdown
9 | toc: false
10 | ---
11 |
12 | This page describes how Istio load balances traffic across instances of a
13 | service in a service mesh.
14 |
15 | **Service registration:** Istio assumes the presence of a service registry
16 | to keep track of the pods/VMs of a service in the application. It also
17 | assumes that new instances of a service are automatically registered with
18 | the service registry and unhealthy instances are automatically removed.
19 | Platforms such as Kubernetes, Mesos already provide such functionality for
20 | container-based applications. A plethora of solutions exist for VM-based
21 | applications.
22 |
23 | **Service Discovery:** Pilot consumes information from the service
24 | registry and provides a platform-agnostic service discovery
25 | interface. Envoy instances in the mesh perform service discovery and
26 | dynamically update their load balancing pools accordingly.
27 |
28 | {% include figure.html width='80%' ratio='74.79%'
29 | img='./img/pilot/LoadBalancing.svg'
30 | alt='Discovery and Load Balancing'
31 | title='Discovery and Load Balancing'
32 | caption='Discovery and Load Balancing'
33 | %}
34 |
35 | As illustrated in the figure above, services in the mesh access each other
36 | using their DNS names. All HTTP traffic bound to a service is automatically
37 | re-routed through Envoy. Envoy distributes the traffic across instances in
38 | the load balancing pool. While Envoy supports several
39 | [sophisticated load balancing algorithms](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/load_balancing),
40 | Istio currently allows three load balancing modes:
41 | round robin, random, and weighted least request.
42 |
43 |
44 | In addition to load balancing, Envoy periodically checks the health of each
45 | instance in the pool. Envoy follows a circuit breaker style pattern to
46 | classify instances as unhealthy or healthy based on their failure rates for
47 | the health check API call. In other words, when the number of health
48 | check failures for a given instance exceeds a pre-specified threshold, it
49 | will be ejected from the load balancing pool. Similarly, when the number of
50 | health checks that pass exceed a pre-specified threshold, the instance will
51 | be added back into the load balancing pool. You can find out more about Envoy's
52 | failure-handling features in [Handling Failures](./handling-failures.html).
53 |
54 | Services can actively shed load by responding with a HTTP 503 to a health
55 | check. In such an event, the service instance will be immediately removed
56 | from the caller's load balancing pool.
57 |
--------------------------------------------------------------------------------
/_docs/guides/telemetry.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: In-Depth Telemetry
3 | overview: This sample demonstrates how to obtain uniform metrics, logs, traces across different services using Istio Mixer and Istio sidecar.
4 |
5 | order: 30
6 | layout: docs
7 | type: markdown
8 | ---
9 | {% include home.html %}
10 |
11 | This sample demonstrates how to obtain uniform metrics, logs, traces across different services using Istio Mixer and Istio sidecar.
12 |
13 | ## Overview
14 |
15 | Deploying a microservice-based application in an Istio service mesh allows one
16 | to externally control service monitoring and tracing, request (version) routing, resiliency testing,
17 | security and policy enforcement, etc., in a consistent way across the services,
18 | for the application as a whole.
19 |
20 | In this guide, we will use the [Bookinfo sample application]({{home}}/docs/guides/bookinfo.html)
21 | to show how operators can obtain uniform metrics and traces from running
22 | applications involving diverse language frameworks without relying on
23 | developers to manually instrument their applications.
24 |
25 | ## Before you begin
26 |
27 | * Install the Istio control plane by following the instructions
28 | corresponding to your platform [installation guide]({{home}}/docs/setup/).
29 |
30 | * Run the Bookinfo sample application by following the applicable
31 | [application deployment instructions]({{home}}/docs/guides/bookinfo.html#deploying-the-application).
32 |
33 | ## Tasks
34 |
35 | 1. [Collecting metrics]({{home}}/docs/tasks/telemetry/metrics-logs.html)
36 | This task will configure Mixer to collect a uniform set of metrics
37 | across all services in the Bookinfo application.
38 |
39 | 1. [Querying metrics]({{home}}/docs/tasks/telemetry/querying-metrics.html)
40 | This task installs the Prometheus add-on for metrics collection and
41 | demonstrates querying a configured Prometheus server for Istio metrics.
42 |
43 | 1. [Distributed tracing]({{home}}/docs/tasks/telemetry/distributed-tracing.html)
44 | We will now use Istio to trace how requests are flowing across services
45 | in the application. Distributed tracing speeds up troubleshooting by
46 | allowing developers to quickly understand how different services
47 | contribute to the overall end-user perceived latency. In addition, it
48 | can be a valuable tool to diagnosis and troubleshooting in distributed
49 | applications.
50 |
51 | 1. [Using the Istio Dashboard]({{home}}/docs/tasks/telemetry/using-istio-dashboard.html)
52 | This task installs the Grafana add-on with a pre-configured dashboard
53 | for monitoring mesh traffic.
54 |
55 | ## Cleanup
56 |
57 | When you're finished experimenting with the Bookinfo sample, you can
58 | uninstall it by following the
59 | [Bookinfo cleanup instructions]({{home}}/docs/guides/bookinfo.html#cleanup)
60 | corresponding to your environment.
61 |
--------------------------------------------------------------------------------
/_docs/reference/config/adapters/circonus.html:
--------------------------------------------------------------------------------
1 | ---
2 | title: Circonus
3 | overview: Adapter for circonus.com's monitoring solution.
4 | location: https://istio.io/docs/reference/config/adapters/circonus.html
5 | layout: protoc-gen-docs
6 | number_of_entries: 3
7 | ---
8 |
The circonus adapter enables Istio to deliver metric data to the
9 | Circonus monitoring backend.
111 |
112 |
--------------------------------------------------------------------------------
/_sass/layouts/_landing.scss:
--------------------------------------------------------------------------------
1 | .landing {
2 | .hero {
3 | background: $mainBrandColor linear-gradient(to right, $mainBrandColor, $secondBrandColor) no-repeat center/cover;
4 | position: relative;
5 | text-align: center;
6 |
7 | .hero-label {
8 | color: $textBrandColor;
9 | margin: 0 0 0 0;
10 | padding: 30px 0 0 0;
11 | font-size: 62px;
12 | font-family: "Verdana";
13 | }
14 |
15 | .hero-logo {
16 | height: 170px;
17 | padding: 0;
18 | margin: 28px 0 0 0;
19 | }
20 |
21 | .hero-lead {
22 | color: $textBrandColor;
23 | display: block;
24 | font-size: 18px;
25 | font-weight: $heroLeadWeight;
26 | margin: 32px 0 0 0;
27 | padding: 0;
28 | }
29 |
30 | .hero-down-arrow {
31 | color: $textBrandColor;
32 | display: inline-block;
33 | margin: 20px 0 20px 0;
34 | padding: 5px;
35 | cursor: pointer;
36 | }
37 |
38 | @media (min-width: $bp-sm) {
39 | .hero-label {
40 | padding: 80px;
41 | }
42 |
43 | .hero-logo {
44 | margin: 78px 0 0 0;
45 | }
46 |
47 | .hero-lead {
48 | margin: 82px 0 0 0;
49 | }
50 |
51 | .hero-down-arrow {
52 | margin: 60px 0 20px 0;
53 | }
54 | }
55 | }
56 |
57 | h2 {
58 | border: 0;
59 | }
60 |
61 | .landing-image {
62 | max-height: 300px;
63 | text-align: center;
64 | }
65 |
66 | .landing-text {
67 | text-align: center;
68 | }
69 |
70 | .color1 {
71 | background-color: $landingBackgroundColor1;
72 | stroke: $landingBackgroundColor1;
73 | }
74 |
75 | .color2 {
76 | background-color: $landingBackgroundColor2;
77 | stroke: $landingBackgroundColor2;
78 | }
79 |
80 | .container-fluid {
81 | padding-top: 50px;
82 | padding-bottom: 50px;
83 | }
84 |
85 | @media (min-width: $bp-md) {
86 | .landing-text {
87 | text-align: left;
88 |
89 | .alt {
90 | text-align: right;
91 | }
92 | }
93 |
94 | .landing-image {
95 | text-align: right;
96 |
97 | .alt {
98 | text-align: left;
99 | }
100 | }
101 |
102 | .container-fluid {
103 | padding-top: 30px;
104 | padding-bottom: 30px;
105 | }
106 | }
107 |
108 | .call {
109 | // margin: 80px 0 20px 0;
110 | // padding: 0;
111 | height: auto;
112 | text-align: center;
113 | }
114 | }
115 |
--------------------------------------------------------------------------------
/_docs/concepts/what-is-istio/goals.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Design Goals
3 | overview: Describes the core principles that Istio's design adheres to.
4 |
5 | order: 20
6 |
7 | layout: docs
8 | type: markdown
9 | ---
10 |
11 | This page outlines the core principles that guide Istio's design.
12 |
13 | Istio’s architecture is informed by a few key design goals that are essential to making the system capable of dealing with services at scale and with high
14 | performance.
15 |
16 | - **Maximize Transparency**.
17 | To adopt Istio, an operator or developer should be required to do the minimum amount of work possible to get real value from the system. To this end, Istio
18 | can automatically inject itself into all the network paths between services. Istio uses sidecar proxies to capture traffic, and where possible, automatically
19 | program the networking layer to route traffic through those proxies without any changes to the deployed application code. In Kubernetes, the proxies are
20 | injected into pods and traffic is captured by programming iptables rules. Once the sidecar proxies are injected and traffic routing is programmed, Istio is
21 | able to mediate all traffic. This principle also applies to performance. When applying Istio to a deployment, operators should see a minimal increase in
22 | resource costs for the
23 | functionality being provided. Components and APIs must all be designed with performance and scale in mind.
24 |
25 | - **Incrementality**.
26 | As operators and developers become more dependent on the functionality that Istio provides, the system must grow with their needs. While we expect to
27 | continue adding new features ourselves, we expect the greatest need will be the ability to extend the policy system, to integrate with other sources of policy and control and to propagate signals about mesh behavior to other systems for analysis. The policy runtime supports a standard extension mechanism for plugging in other services. In addition, it allows for the extension of its vocabulary to allow policies to be enforced based on new signals that the mesh produces.
28 |
29 | - **Portability**.
30 | The ecosystem in which Istio will be used varies along many dimensions. Istio must run on any cloud or on-prem environment with minimal effort. The task of
31 | porting Istio-based services to new environments should be trivial, and it should be possible to operate a single service deployed into multiple
32 | environments (on multiple clouds for redundancy for example) using Istio.
33 |
34 | - **Policy Uniformity**.
35 | The application of policy to API calls between services provides a great deal of control over mesh behavior, but it can be equally important to apply
36 | policies to resources which are not necessarily expressed at the API level. For example, applying quota to the amount of CPU consumed by an ML training task
37 | is more useful than applying quota to the call which initiated the work. To this end, the policy system is maintained as a distinct service with its own API
38 | rather than being baked into the proxy/sidecar, allowing services to directly integrate with it as needed.
39 |
--------------------------------------------------------------------------------
/_layouts/blog.html:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | ---
4 | {% include home.html %}
5 |
6 |
7 |
8 |
9 | {% include sidebar.html docs=site.blog bloghack=true %}
10 |
83 |
--------------------------------------------------------------------------------
/_docs/setup/kubernetes/upgrading-istio.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Upgrading Istio
3 | overview: This guide demonstrates how to upgrade the Istio control plane and data plane independently.
4 |
5 | order: 70
6 |
7 | layout: docs
8 | type: markdown
9 | ---
10 | {% include home.html %}
11 |
12 | This guide demonstrates how to upgrade the Istio control plane and data plane
13 | for the Kubernetes environment.
14 |
15 | ## Overview
16 |
17 | This guide describes how to upgrade an existing Istio deployment (including
18 | both control plane and sidecar proxy) to a new release of Istio. The upgrade
19 | process could involve new binaries as well as other changes like configuration
20 | and API schemas. The upgrade process may involve some service downtime.
21 |
22 | ## Application setup
23 |
24 | In the following steps, we assume that the Istio components are installed and
25 | upgraded in the same namespace ISTIO\_NAMESPACE.
26 |
27 | ## Tasks
28 |
29 | ### Control plane upgrade
30 | The Istio control plane components include: CA, Ingress, Pilot, Mixer, and
31 | Sidecar injector. We can use Kubernetes’ rolling update mechanism to upgrade the
32 | control plance components. It can be done by simply applying the new version
33 | yaml file directly, e.g.
34 |
35 | ```bash
36 | kubectl apply -f istio.yaml (or istio-auth.yaml)
37 | ```
38 |
39 | Note: If you have used [Helm](https://istio.io/docs/setup/kubernetes/helm.html)
40 | to generate a customized Istio deployment, please use the customized yaml files
41 | generated by Helm instead of the standard installtion yamls.
42 |
43 | The rolling update process will upgrade all deployments and configmaps to the
44 | new version. If there is any issue with the new control plane, you can rollback
45 | the changes either by applying the old version yaml files.
46 |
47 | ### Sidecar upgrade
48 | After the control plane is upgraded, you will need to re-inject the new version
49 | of sidecar proxy. There are two cases: Manual injection and Automatic injection.
50 |
51 | 1. Manual injection:
52 |
53 | If automatic sidecar injection is not enabled, you can upgrade the
54 | sidecar manually by running the following command:
55 |
56 | ```bash
57 | kubectl apply -f <(istioctl kube-inject -i $ISTIO_NAMESPACE -f $ORIGINAL_DEPLOYMENT_YAML)
58 | ```
59 |
60 | If the sidecar was previously injected with some customized inject config
61 | files, you will need to change the version tag in the config files to the new
62 | version and reinject the sidecar as follows:
63 |
64 | ```bash
65 | kubectl apply -f <(istioctl kube-inject \
66 | --injectConfigFile inject-config.yaml \
67 | --filename $ORIGINAL_DEPLOYMENT_YAML)
68 | ```
69 | 2. Automatic injection:
70 |
71 | If automatic sidecar injection is enabled, you can upgrade the sidecar
72 | by doing a rolling update for all the pods, so that the new version of
73 | sidecar will be automatically re-injected
74 |
75 | There are some tricks to reload all pods. E.g. There is a [bash script](https://gist.github.com/jmound/ff6fa539385d1a057c82fa9fa739492e)
76 | which triggers the rolling update by patching the grace termination period.
77 |
--------------------------------------------------------------------------------
/_docs/concepts/traffic-management/overview.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Overview
3 | overview: Provides a conceptual overview of traffic management in Istio and the features it enables.
4 |
5 | order: 0
6 |
7 | layout: docs
8 | type: markdown
9 | ---
10 |
11 | {% include home.html %}
12 |
13 | This page provides an overview of how traffic management works
14 | in Istio, including the benefits of its traffic management
15 | principles. It assumes that you've already read [What Is Istio?]({{home}}/docs/concepts/what-is-istio/overview.html)
16 | and are familiar with Istio's high-level architecture. You can
17 | find out more about individual traffic management features in the other
18 | guides in this section.
19 |
20 | ## Pilot and Envoy
21 |
22 | The core component used for traffic management in Istio is
23 | [Pilot](./pilot.html), which manages and configures all the Envoy
24 | proxy instances deployed in a particular Istio service mesh. It lets you
25 | specify what rules you want to use to route traffic between Envoy proxies
26 | and configure failure recovery features such as timeouts, retries, and
27 | circuit breakers. It also maintains a canonical model of all the services
28 | in the mesh and uses this to let Envoys know about the other instances in
29 | the mesh via its discovery service.
30 |
31 | Each Envoy instance maintains [load balancing information](./load-balancing.html)
32 | based on the information it gets from Pilot and periodic health-checks
33 | of other instances in its load-balancing pool, allowing it to intelligently
34 | distribute traffic between destination instances while following its specified
35 | routing rules.
36 |
37 | ## Traffic management benefits
38 |
39 | Using Istio's traffic management model essentially decouples traffic flow
40 | and infrastructure scaling, letting operators specify via Pilot what
41 | rules they want traffic to follow rather than which specific pods/VMs should
42 | receive traffic - Pilot and intelligent Envoy proxies look after the
43 | rest. So, for example, you can specify via Pilot that you want 5%
44 | of traffic for a particular service to go to a canary version irrespective
45 | of the size of the canary deployment, or send traffic to a particular version
46 | depending on the content of the request.
47 |
48 | {% include figure.html width='85%' ratio='69.52%'
49 | img='./img/pilot/TrafficManagementOverview.svg'
50 | alt='Traffic Management with Istio'
51 | title='Traffic Management with Istio'
52 | caption='Traffic Management with Istio'
53 | %}
54 |
55 | Decoupling traffic flow from infrastructure scaling like this allows Istio
56 | to provide a variety of traffic management features that live outside the
57 | application code. As well as dynamic [request routing](request-routing.html)
58 | for A/B testing, gradual rollouts, and canary releases, it also handles
59 | [failure recovery](handling-failures.html) using timeouts, retries, and
60 | circuit breakers, and finally [fault injection](fault-injection.html) to
61 | test the compatibility of failure recovery policies across services. These
62 | capabilities are all realized through the Envoy sidecars/proxies deployed
63 | across the service mesh.
64 |
65 |
--------------------------------------------------------------------------------
/_docs/setup/eureka/quick-start.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: Quick Start on Docker
3 | overview: Quick Start instructions to setup the Istio service mesh with Docker Compose.
4 |
5 | order: 10
6 |
7 | layout: docs
8 | type: markdown
9 | ---
10 |
11 | {% include home.html %}
12 |
13 | Quick Start instructions to install and configure Istio in a Docker Compose setup.
14 |
15 |
16 | ## Prerequisites
17 |
18 | * [Docker](https://docs.docker.com/engine/installation/#cloud)
19 | * [Docker Compose](https://docs.docker.com/compose/install/)
20 |
21 | ## Installation steps
22 |
23 | 1. Go to the [Istio release](https://github.com/istio/istio/releases) page to download the
24 | installation file corresponding to your OS. If you are using a MacOS or Linux system, you can also
25 | run the following command to download and extract the latest release automatically:
26 | ```bash
27 | curl -L https://git.io/getLatestIstio | sh -
28 | ```
29 |
30 | 1. Extract the installation file and change the directory to the file location. The
31 | installation directory contains:
32 | * Sample applications in `samples/`
33 | * The `istioctl` client binary in the `bin/` directory. `istioctl` is used for creating routing rules and policies.
34 | * The `istio.VERSION` configuration file
35 |
36 | 1. Add the `istioctl` client to your PATH.
37 | For example, run the following command on a MacOS or Linux system:
38 |
39 | ```bash
40 | export PATH=$PWD/bin:$PATH
41 | ```
42 |
43 | 1. Change directory to the root of the Istio installation directory.
44 |
45 | 1. Bring up the Istio control plane containers:
46 |
47 | ```bash
48 | docker-compose -f install/eureka/istio.yaml up -d
49 | ```
50 |
51 | 1. Confirm that all docker containers are running:
52 |
53 | ```bash
54 | docker ps -a
55 | ```
56 | > If the Istio Pilot container terminates, ensure that you run the `istioctl context-create` comamnd and re-run the command from the previous step.
57 |
58 | 1. Configure `istioctl` to use mapped local port for the Istio API server:
59 |
60 | ```bash
61 | istioctl context-create --context istio-local --api-server http://localhost:8080
62 | ```
63 |
64 | ## Deploy your application
65 |
66 | You can now deploy your own application or one of the sample applications provided with the
67 | installation like [Bookinfo]({{home}}/docs/guides/bookinfo.html).
68 |
69 | > Note 1: Since there is no concept of pods in a Docker setup, the Istio
70 | > sidecar runs in the same container as the application. We will use
71 | > [Registrator](https://gliderlabs.github.io/registrator/latest/) to
72 | > automatically register instances of services in the Eureka service
73 | > registry.
74 |
75 | > Note 2: the application must use HTTP/1.1 or HTTP/2.0 protocol for all its HTTP traffic because HTTP/1.0 is not supported.
76 |
77 | ```bash
78 | docker-compose -f .yaml up -d
79 | ```
80 |
81 | ## Uninstalling
82 |
83 | 1. Uninstall Istio core components by removing the docker containers:
84 |
85 | ```bash
86 | docker-compose -f install/eureka/istio.yaml down
87 | ```
88 |
89 | ## What's next
90 |
91 | * See the sample [Bookinfo]({{home}}/docs/guides/bookinfo.html) application.
92 |
--------------------------------------------------------------------------------
/scripts/grab_reference_docs.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # This script copies generated .pb.html files, which contain reference docs for protos, and installs
4 | # them in their targeted location within the _docs/reference tree of this repo. Each .pb.html file contains a
5 | # line that indicates the target directory location. The line is of the form:
6 | #
7 | # location: https://istio.io/docs/reference/...
8 | #
9 | # Additionally, this script also builds Istio components and runs them to extract their command-line docs which it
10 | # copies to _docs/reference/commands.
11 |
12 | #set -e
13 |
14 | ISTIO_BASE=$(cd "$(dirname "$0")" ; pwd -P)/..
15 | WORK_DIR=$(mktemp -d)
16 | COMMAND_DIR=$ISTIO_BASE/_docs/reference/commands
17 |
18 | # Get the source code
19 | pushd $WORK_DIR
20 | git clone https://github.com/istio/api.git
21 | git clone https://github.com/istio/istio.git
22 | rm -fr istio/vendor
23 | popd
24 |
25 | # Given the name of a .pb.html file, extracts the $location marker and then proceeds to
26 | # copy the file to that location in the _docs hierarchy.
27 | locate_file() {
28 | FILENAME=$1
29 |
30 | LOCATION=$(grep '^location: https://istio.io/docs' $FILENAME)
31 | LEN=${#LOCATION}
32 | if [ $LEN -eq 0 ]
33 | then
34 | echo "No 'location:' tag in $FILENAME, skipping"
35 | return
36 | fi
37 | FNP=${LOCATION:31}
38 | FN=$(echo $FNP | rev | cut -d'/' -f1 | rev)
39 | PP=$(echo $FNP | rev | cut -d'/' -f2- | rev)
40 | sed -e 's/href="https:\/\/istio.io/href="{{site.baseurl}}/g' ${FILENAME} >_docs${PP}/${FN}
41 | }
42 |
43 | # Given the path and name to an Istio command, builds the command and then
44 | # runs it to extract its command-line docs
45 | #
46 | # TODO: Even though this CDs into the source tree we've extracted, it's not actually
47 | # using that as input sources since imports are resolved through $GOPATH and such.
48 | # I'm not clear what voodoo is needed so I'm leaving this as-is for the time being
49 | get_command_doc() {
50 | COMMAND_PATH=$1
51 | COMMAND=$2
52 |
53 | pushd $COMMAND_PATH
54 | go build
55 | ./$COMMAND collateral -o $COMMAND_DIR --jekyll_html
56 | rm $COMMAND
57 | popd
58 | }
59 |
60 | # First delete all the current generated files so that any stale files are removed
61 | find _docs/reference -name '*.html' -type f|xargs rm
62 |
63 | for f in `find $WORK_DIR/api -type f -name '*.pb.html'`
64 | do
65 | echo "processing $f"
66 | locate_file $f
67 | done
68 |
69 | for f in `find $WORK_DIR/istio -type f -name '*.pb.html'`
70 | do
71 | echo "processing $f"
72 | locate_file $f
73 | done
74 |
75 | # get_command_doc $WORK_DIR/istio/broker/cmd/brks brks
76 | get_command_doc $WORK_DIR/istio/mixer/cmd/mixc mixc
77 | get_command_doc $WORK_DIR/istio/mixer/cmd/mixs mixs
78 | get_command_doc $WORK_DIR/istio/istioctl/cmd/istioctl istioctl
79 | get_command_doc $WORK_DIR/istio/pilot/cmd/pilot-agent pilot-agent
80 | get_command_doc $WORK_DIR/istio/pilot/cmd/pilot-discovery pilot-discovery
81 | get_command_doc $WORK_DIR/istio/pilot/cmd/sidecar-injector sidecar-injector
82 | get_command_doc $WORK_DIR/istio/security/cmd/istio_ca istio_ca
83 | get_command_doc $WORK_DIR/istio/security/cmd/node_agent node_agent
84 |
85 | rm -fr $WORK_DIR
86 |
--------------------------------------------------------------------------------
/js/misc.min.js:
--------------------------------------------------------------------------------
1 | ---
2 | ---
3 | {% include home.html %}
4 | 'use strict';$(function(a){function b(){var d=a('#search_form'),e=a('#search_textbox'),f=a('#navbar-links');d.removeClass('active'),f.addClass('active'),e.val(''),e.removeClass('grow')}function c(){var d=a('#search_form'),e=a('#search_textbox'),f=a('#navbar-links');d.addClass('active'),f.removeClass('active'),e.addClass('grow'),e.focus()}a('body').on('keyup',function(d){27==d.which&&b()}),a('#search_show').on('click',function(d){d.preventDefault(),c()}),a('#search_close').on('click',function(d){d.preventDefault(),b()}),a('#search_form').submit(function(d){d.preventDefault();var e=a('#search_textbox'),f='{{home}}/search.html?q='+e.val();b(),window.location.assign(f)}),a(document).ready(function(){a('[data-toggle="offcanvas"]').on('click',function(){a('.row-offcanvas').toggleClass('active'),a(this).children('i.fa').toggleClass('fa-chevron-right'),a(this).children('i.fa').toggleClass('fa-chevron-left')}),a(document).on('click','.tree-toggle',function(){a(this).children('i.fa').toggleClass('fa-caret-right'),a(this).children('i.fa').toggleClass('fa-caret-down'),a(this).parent().children('ul.tree').toggle(200)}),a(document).on('mouseenter','pre',function(){a(this).next().toggleClass('copy-show',!0),a(this).next().toggleClass('copy-hide',!1)}),a(document).on('mouseleave','pre',function(){a(this).next().toggleClass('copy-show',!1),a(this).next().toggleClass('copy-hide',!0)}),a(document).on('mouseenter','button.copy',function(){a(this).toggleClass('copy-show',!0),a(this).toggleClass('copy-hide',!1)}),a(document).on('mouseleave','button.copy',function(){a(this).toggleClass('copy-show',!1),a(this).toggleClass('copy-hide',!0)})})}(jQuery));function patchDOM(){function b(g){var h=document.createElement('i');h.className='fa fa-link';var j=document.createElement('a');j.className='header-link',j.href='#'+g.id,j.appendChild(h),g.appendChild(j)}(function(){for(var j,g=document.getElementsByTagName('PRE'),h=0;h=g;g++){h=document.getElementsByTagName('h'+g);for(var k,j=0;jm.text()).then(m=>{k.firstChild.innerText=m})}for(var h=document.getElementsByTagName('PRE'),j=0;j
14 | 
24 |
25 |