istio
enforcing policies on egress traffic
Please provide a description for what this PR is for: enforcing policies on egress traffic
And to help us figure out who should review this PR, please put an X in all the areas that this PR affects.
- [ ] Configuration Infrastructure
- [X] Docs
- [ ] Installation
- [ ] Networking
- [ ] Performance and Scalability
- [ ] Policies and Telemetry
- [ ] Security
- [ ] Test and Release
- [ ] User Experience
- [ ] Developer Infrastructure
Hi @nauticalmike. Thanks for your PR.
I'm waiting for a istio member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test label.
I understand the commands that are listed here.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
Why is there both a blog post and task with the same material? Should be one or the other. If a task, it probably should be in the security section, not policy enforcement section.
@frankbu the material is also related to policy enforcement which seems more appropriate in my opinion than just security, but where do we want to put it? is there a process to decide? Based on the description I found here seemed appropriate for both a blog post and a task. But if it can't be in both sections I can remove the one the community think is less appropriate based on the content. Let me know
Since it's mostly about configuring authorization policy I think this would be a good place: https://istio.io/latest/docs/tasks/security/authorization/. Notice that there is already an ingress gateway task there.
Alternatively, it seems quite related to the tasks in this section as well: https://istio.io/latest/docs/tasks/traffic-management/egress/, so it might be even better.
Also note that if you make it a task, you need to add a test for the doc. https://github.com/istio/istio.io/blob/master/README.md#testing-document-content
If you make it a blog post, instead of a task, then a test is not required.
@frankbu I just deleted the task docs while I figure out how to do a more proper task doc and tests now that I get better the purpose, can we get an ok-to-test now for this as a blog post?
🚧 This issue or pull request has been closed due to not having had activity from an Istio team member since 2022-06-22. If you feel this issue or pull request deserves attention, please reopen the issue. Please see this wiki page for more information. Thank you for your contributions.
Created by the issue and PR lifecycle manager.
@craigbox sure, this was written before there was even any egress topics at all on Istio docs. Let me know if this still applies as a blog post or if we want to do something else.
Note that any changes in the release-1.14 branch will not show up in the docs. The cherry-pick to master will get it into preliminary.istio.io
If you start as a blog post we can figure out if it would be a good part of the docs.