istio.io

istio.io copied to clipboard

Description

This PR adds a blog post about how to use OPA with Istio and the benefits of both.

Adding co-author to the loop: @charlieegan3

Reviewers

• [ ] Ambient
• [ ] Docs
• [ ] Installation
• [ ] Networking
• [ ] Performance and Scalability
• [x] Extensions and Telemetry
• [ ] Security
• [ ] Test and Release
• [ ] User Experience
• [ ] Developer Infrastructure
• [ ] Localization/Translation

Skipping CI for Draft Pull Request. If you want CI signal for your change, please convert it to an actual PR. You can still manually trigger a test run with /test all

😊 Welcome! This is either your first contribution to the Istio documentation repo, or it's been a while since you've been here. A few things you should know:

• You can learn about how we write and maintain documentation, our style guidelines, and the available web site features by visiting Contributing to the Docs.

• In the next few minutes, an automatic preview of your change will be built with a full copy of the istio.io website. You can find this preview by clicking on the Details link next to the deploy/netlify entry in the status section of this page.

• We care about quality, so we've put in place a number of checks to ensure our documentation is top-notch. We do spell checking, sanitize the Markdown, ensure all hyperlinks point to a valid location, and more. If your PR doesn't pass one of these checks, you'll see a red X in the lint_istio.io entry in the status section. Click on the Details link to get a list of the problems with your PR. Fix those problems and push an update; this will automatically re-run the tests. Hopefully this time everything will be perfect!

• Once your changes are accepted and merged into the repository, they will initially show up on https://preliminary.istio.io. The changes will be published to https://istio.io the next time we do a major release (which typically happens every 3 months or so). To publish them sooner, add a cherrypick/release-x.xx label, where x.xx is the current release of Istio.

Thanks for contributing!

Courtesy of your friendly welcome wagon.

/retest

Thanks for the submission, @antonioberben!

Some thoughts before diving into a full edit:

• For content that is timeless and more "how to do something", you probably want to write it as a documentation guide rather than a blog post. This would make a good integration guide with a blog post to announce the publication of it.
• I think you need to better level-set as to what a "platform" is: we talk about platform teams and platforms as if we all agree on what they are, which I suspect we do not
• I feel the "how it works" section needs to come before "try it out", so we know what we're trying
• you say a cluster with Istio installed is a pre-requisite, and then you tell people how to install Istio with iop.yaml which isn't obviously provided
• Likewise, opa.yaml needs to be provided. For a blog post or guide, we'd normally expect these files to be inline with an explanation of what they contain

Let me know how you'd like to proceed and I can either help get this into shape for a doc page or a revised blog post.

Hi @antonioberben Nice blog - does this instruction work with ambient as well?

Hi @linsun , it does not work in ambient. I could not make it work with it

@craigbox , can you suggest which is the best place where to add this as part of the documentation? Under Tasks? Under More Guides?

@craigbox , how does it look now?

/retest

@craigbox , please, can you review?

I've suggested to Antonio that we get this one into a Google doc for review there. The current setup won't work as a blog post, because it relies on files that people don't have. We can rework all the content into the doc or the blog as appropriate.

removed from draft so tests run

Tests are passing. Now awaiting @antonioberben to test the revised post top to bottom and take in @dhawton's fixes.

@craigbox , @dhawton , all claims are solved. The full post is self-contained from top to bottom.

I have changed the publish date to Oct, 14th

If you can double-check and approve after all tests pass, it would be awesome.

Thanks for your support

Have you actually verified my changes? I offer no guarantee they work at all.

Yes, it is tested from top to bottom. If @dhawton can run it quickly, then we can finish it today

I've reviewed the instructions and the rendered post this morning, lgtm 👍

@craigbox , @dhawton , do you need anything else to approve this? @charlieegan3 has already tested it too. Thanks

that'll do me

(p.s. every time I see this PR I think "OPA Gangnam style")

In response to a cherrypick label: #15134 failed to apply on top of branch "release-1.23":

Applying: add blog post
Applying: Add intro, adjust policy
Applying: Remove other titles and descriptions
Applying: Pass lint
Applying: sort alphabetically
Using index info to reconstruct a base tree...
M	.spelling
Falling back to patching base and 3-way merge...
Auto-merging .spelling
CONFLICT (content): Merge conflict in .spelling
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0005 sort alphabetically
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to a cherrypick label: new issue created for failed cherrypick: #15798

Will go live when https://github.com/istio/istio.io/pull/15799 is approved