From 1f53aa1338b632b62dd176f950ee29c03bbeae89 Mon Sep 17 00:00:00 2001 From: Brenda Rearden Date: Mon, 5 Oct 2020 14:32:24 -0700 Subject: [PATCH] Update tables, add urls --- content/rancher/v2.x/en/istio/_index.md | 10 +++---- content/rancher/v2.x/en/istio/rbac/_index.md | 26 +++++++++---------- .../rancher/v2.x/en/istio/resources/_index.md | 6 ++--- .../en/istio/setup/deploy-workloads/_index.md | 1 + .../setup/enable-istio-in-cluster/_index.md | 4 +-- .../en/istio/setup/view-traffic/_index.md | 3 +-- 6 files changed, 25 insertions(+), 25 deletions(-) diff --git a/content/rancher/v2.x/en/istio/_index.md b/content/rancher/v2.x/en/istio/_index.md index e1f14e7fa75..2a7005bc834 100644 --- a/content/rancher/v2.x/en/istio/_index.md +++ b/content/rancher/v2.x/en/istio/_index.md @@ -34,7 +34,7 @@ The overall architecture of Istio has been simplified. A single component, Istio Addons that were previously installed by Istio (cert-manager, Grafana, Jaeger, Kiali, Prometheus, Zipkin) will now need to be installed separately. Istio will support installation of integrations that are from the Istio Project and will maintain compatibility with those that are not. -A Prometheus integration will still be available through an installation of [Rancher Monitoring,](../../monitoring-alerting) or by installing your own Prometheus operator. Rancher's Istio chart will also install Kiali by default to ensure you can get a full picture of your microservices out of the box. +A Prometheus integration will still be available through an installation of [Rancher Monitoring]({{}}/rancher/v2.x/en/monitoring-alerting/), or by installing your own Prometheus operator. Rancher's Istio chart will also install Kiali by default to ensure you can get a full picture of your microservices out of the box. Istio has migrated away from Helm as a way to install Istio and now provides installation through the istioctl binary or Istio Operator. To ensure the easiest interaction with Istio, Rancher's Istio will maintain a Helm chart that utilizes the istioctl binary to manage your Istio installation. @@ -50,7 +50,7 @@ Refer to the [setup guide]({{}}/rancher/v2.x/en/cluster-admin/tools/ist # Remove Istio -To remove Istio components from a cluster, namespace, or workload, refer to the section on [uninstalling Istio.]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/disabling-istio) +To remove Istio components from a cluster, namespace, or workload, refer to the section on [uninstalling Istio.]({{}}/rancher/v2.x/en/istio/disabling-istio/) # Migrate From Previous Istio Version @@ -66,7 +66,7 @@ To access the Grafana and Prometheus visualizations, from the **Cluster Explorer To access the Kiali visualization, from the **Cluster Explorer** navigate to the **Istio** app overview page, and click on **Kiali**. From here you can access the **Traffic Graph** tab or the **Traffic Metrics** tab to see network visualizations and metrics. -By default, all namespace will picked up by prometheus and make data available for Kiali graphs. Refer to [selector/scrape config setup](URLNEEDED) if you would like to use a different configuration for prometheus data scraping. +By default, all namespace will picked up by prometheus and make data available for Kiali graphs. Refer to [selector/scrape config setup]({{}}/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/#selectors-scrape-configs) if you would like to use a different configuration for prometheus data scraping. Your access to the visualizations depend on your role. Grafana and Prometheus are only available for `cluster-admin` roles. The Kiali UI is available only to `cluster-admin` by default, but `cluster-admin` can allow other roles to access them by editing the Istio values.yaml. @@ -86,8 +86,8 @@ By default, each Rancher-provisioned cluster has one NGINX ingress controller al ![In an Istio-enabled cluster, you can have two ingresses: the default Nginx ingress, and the default Istio controller.]({{}}/img/rancher/istio-ingress.svg) - Additional Istio Ingress gateways can be enabled via the [overlay file](URLNEEDED). + Additional Istio Ingress gateways can be enabled via the [overlay file]({{}}/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/#overlay-file). ### Egress Support -By default the Egress gateway is disabled, but can be enabled on install or upgrade through the values.yaml or via the [overlay file](URLNEEDED) \ No newline at end of file +By default the Egress gateway is disabled, but can be enabled on install or upgrade through the values.yaml or via the [overlay file]({{}}/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/#overlay-file). \ No newline at end of file diff --git a/content/rancher/v2.x/en/istio/rbac/_index.md b/content/rancher/v2.x/en/istio/rbac/_index.md index b4ee158ea23..cdd75c9867a 100644 --- a/content/rancher/v2.x/en/istio/rbac/_index.md +++ b/content/rancher/v2.x/en/istio/rbac/_index.md @@ -9,7 +9,7 @@ This section describes the permissions required to access Istio features. The rancher istio chart installs three `ClusterRoles` -# Cluster-Admin Access +## Cluster-Admin Access By default, only those with the `cluster-admin` `ClusterRole` can: @@ -26,21 +26,21 @@ By default, only Admin and Edit roles can: - View the traffic metrics and traffic graph for the cluster - Configure Istio's resources (such as the gateway, destination rules, or virtual services) -# Summary of Default Permissions for Kubernetes Default roles +## Summary of Default Permissions for Kubernetes Default roles Istio creates three `ClusterRoles` and adds Istio CRD access to the following default K8s `ClusterRole`: -| ClusterRole create by chart | Default K8s ClusterRole | Rancher Role | -| ------------------------------| ---------------------------|---------| -| `istio-admin` | admin| Project Owner, Project Member | -| `istio-edit`| edit | Project Owner, Project Member | -| `istio-view` | view | Read-only | +ClusterRole create by chart | Default K8s ClusterRole | Rancher Role | + ------------------------------:| ---------------------------:|---------:| + `istio-admin` | admin| Project Owner, Project Member | + `istio-edit`| edit | Project Owner, Project Member | + `istio-view` | view | Read-only | -Rancher will continue to use cluster-owner, cluster-member, project-owner, project-member, etc as role names, but will utilize default roles to determine access. For each default K8s `ClusterRole` there are different Istio CRD permissions and K8s actions (Create (C), Get (G), List (L), Update (U), Patch (P), Delete(D), All (*)) that can be performed. +Rancher will continue to use cluster-owner, cluster-member, project-owner, project-member, etc as role names, but will utilize default roles to determine access. For each default K8s `ClusterRole` there are different Istio CRD permissions and K8s actions (Create ( C ), Get ( G ), List ( L ), Update ( U ), Patch ( P ), Delete( D ), All ( * )) that can be performed. -|CRDs | Admin | Edit | View | -|----------------------------| ------| -----| -----| -|
  • `config.istio.io`
    • `adapters`
    • `attributemanifests`
    • `handlers`
    • `httpapispecbindings`
    • `httpapispecs`
    • `instances`
    • `quotaspecbindings`
    • `quotaspecs`
    • `rules`
    • `templates`
| GLW | GLW | GLW| -|
  • `networking.istio.io`
    • `destinationrules`
    • `envoyfilters`
    • `gateways`
    • `serviceentries`
    • `sidecars`
    • `virtualservices`
    • `workloadentries`
| * | * | GLW | -|
  • `security.istio.io`
    • `authorizationpolicies`
    • `peerauthentications`
    • `requestauthentications`
| * | * | GLW | \ No newline at end of file +|CRDs | Admin | Edit | View +|----------------------------| ------| -----| ----- +|
  • `config.istio.io`
    • `adapters`
    • `attributemanifests`
    • `handlers`
    • `httpapispecbindings`
    • `httpapispecs`
    • `instances`
    • `quotaspecbindings`
    • `quotaspecs`
    • `rules`
    • `templates`
| GLW | GLW | GLW +|
  • `networking.istio.io`
    • `destinationrules`
    • `envoyfilters`
    • `gateways`
    • `serviceentries`
    • `sidecars`
    • `virtualservices`
    • `workloadentries`
| * | * | GLW +|
  • `security.istio.io`
    • `authorizationpolicies`
    • `peerauthentications`
    • `requestauthentications`
| * | * | GLW \ No newline at end of file diff --git a/content/rancher/v2.x/en/istio/resources/_index.md b/content/rancher/v2.x/en/istio/resources/_index.md index 2aea1303e56..9a13b076b69 100644 --- a/content/rancher/v2.x/en/istio/resources/_index.md +++ b/content/rancher/v2.x/en/istio/resources/_index.md @@ -6,7 +6,7 @@ aliases: - /rancher/v2.x/en/project-admin/istio/config/ - /rancher/v2.x/en/cluster-admin/tools/istio/resources --- -_This section applies to Istio in Rancher v2.5.0. If you are using Rancher v2.4.x, refer to [this section.](../../legacy/resources)_ +_This section applies to Istio in Rancher v2.5.0. If you are using Rancher v2.4.x, refer to [this section.]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/)_ This section describes the minimum recommended computing resources for the Istio components in a cluster. @@ -36,12 +36,12 @@ You can individually configure the resource allocation for each type of Istio co To make it easier to schedule the workloads to a node, a cluster-admin can reduce the CPU and memory resource requests for the component. However, the default CPU and memory allocations are the minimum that we recommend. -You can find more information about Istio configuration in the [official Istio documentation](https://istio.io/docs/concepts/what-is-istio). +You can find more information about Istio configuration in the [official Istio documentation](https://istio.io/). To configure the resources allocated to an Istio component, 1. In the Rancher **Cluster Explorer**, navigate to your Istio installation in **Apps & Marketplace** -1. Click **Upgrade** to edit the base components via changes the values.yaml or add an [overlay file](URLNEEDED). +1. Click **Upgrade** to edit the base components via changes the values.yaml or add an [overlay file]({{}}/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/#overlay-file). 1. Change the CPU or memory allocations, the nodes where each component will be scheduled to, or the node tolerations. 1. Click **Upgrade.** to rollout changes diff --git a/content/rancher/v2.x/en/istio/setup/deploy-workloads/_index.md b/content/rancher/v2.x/en/istio/setup/deploy-workloads/_index.md index 1c8b19cfc67..017ee200eed 100644 --- a/content/rancher/v2.x/en/istio/setup/deploy-workloads/_index.md +++ b/content/rancher/v2.x/en/istio/setup/deploy-workloads/_index.md @@ -34,6 +34,7 @@ To add a **Service** to your namespace 1. Click **Create** You can also create deployments and services using the kubectl **shell** + 1. Run `kubectl create -f .yaml` if your file is stored locally in the cluster 1. Or run `cat<< EOF | kubectl apply -f -`, paste the file contents into the terminal, then run `EOF` to complete the command. diff --git a/content/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/_index.md b/content/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/_index.md index ce4536c6780..06fc840f7d0 100644 --- a/content/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/_index.md +++ b/content/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/_index.md @@ -9,7 +9,6 @@ Only a user with the following [Kubernetes default roles](https://kubernetes.io/ - `cluster-admin` -> If the cluster has a Pod Security Policy enabled there are [prerequisites steps.]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/setup/enable-istio-in-cluster/enable-istio-with-psp/) 1. From the **Cluster Explorer**, navigate to available **Charts** in **Apps & Marketplace** 1. Select the Istio chart from the rancher provided charts @@ -114,7 +113,8 @@ spec: This enables monitoring accross namespaces by giving prometheus additional scrape configurations. - >Usability tradeoff is that all of prometheus' additionalScrapeConfigs are maintained in a single Secret. This could make upgrading difficult if monitoring is already deployed with additionalScrapeConfigs prior to installing Istio. + >Usability tradeoff is that all of prometheus' `additionalScrapeConfigs` are maintained in a single Secret. This could make upgrading difficult if monitoring is already deployed with additionalScrapeConfigs prior to installing Istio. + 1. If starting a new install, **Click** the **rancher-monitoring** chart, then in **Chart Options** click **Edit as Yaml**. 1. If updating an existing installation, click on **Upgrade**, then in **Chart Options** click **Edit as Yaml**. 1. If updating an existing installation, click on **Upgrade** and then **Preview Yaml**. diff --git a/content/rancher/v2.x/en/istio/setup/view-traffic/_index.md b/content/rancher/v2.x/en/istio/setup/view-traffic/_index.md index b6be6ae7864..e0aad92e277 100644 --- a/content/rancher/v2.x/en/istio/setup/view-traffic/_index.md +++ b/content/rancher/v2.x/en/istio/setup/view-traffic/_index.md @@ -11,11 +11,10 @@ This section describes how to view the traffic that is being managed by Istio. The Istio overpage provides a link to the Kiali dashboard. From the Kiali dashboard, you are able to view graphs for each namespace. The Kiali graph provides a powerful way to visualize the topology of your Istio service mesh. It shows you which services communicate with each other. ->**Prerequisite:** To enable traffic to show up in the graph, ensure you have enabled one of the [Selectors & Scrape Configs](NEEDSURL) options. If you do not have this configured, you will not see information on the graph. +>**Prerequisite:** To enable traffic to show up in the graph, ensure you have enabled one of the [Selectors & Scrape Configs]({{}}/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/#selectors-scrape-configs)options. If you do not have this configured, you will not see information on the graph. To see the traffic graph, - 1. From the **Cluster Explorer**, select **Istio** from the nav dropdown. 1. Click the **Kiali** link on the Istio **Overview** page. 1. Click on **Graph** in the side nav.