istio · istio-testing · Mar 21, 2019 · Feb 21, 2019 · Feb 21, 2019 · Feb 21, 2019
@@ -154,7 +154,7 @@ message Jwt {
   // the issuer or (b) inferred from the email domain of the issuer (e.g. a
   // Google service account).
   //
-  // Example: https://www.googleapis.com/oauth2/v1/certs
+  // Example: `https://www.googleapis.com/oauth2/v1/certs`
   //
   // Note: Only one of jwks_uri and jwks should be used.
   string jwks_uri = 3;

@@ -13,6 +13,7 @@ jitter
 JSON
 JWT
 Kubernetes
+LightStep
 MCP
 multicluster
 NACK
@@ -27,6 +28,7 @@ scalability
 SDS
 SNI
 SPIFFE
+subnet
 TCP
 TLS
 UDP
@@ -35,3 +37,5 @@ unmanaged
 unterminated
 URI
 URL
+VM
+Zipkin
@@ -69,15 +69,14 @@ message DataSource {
   }
 }
 
-// This message specifies how a JSON Web Token (JWT) can be verified. JWT format is defined
-// `here <https://tools.ietf.org/html/rfc7519>`_. Please see `OAuth2.0
-//  <https://tools.ietf.org/html/rfc6749>`_ and `OIDC1.0  <http://openid.net/connect>`_ for
+// This message specifies how a JSON Web Token (JWT) can be verified. See the [JWT format definition](https://tools.ietf.org/html/rfc7519)
+// for details. Please see [OAuth2.0](https://tools.ietf.org/html/rfc6749) and
+// [OIDC1.0](http://openid.net/connect) for
 // the authentication flow.
 //
 // Example:
 //
-// .. code-block:: yaml
-//
+// ```yaml
 //     issuer: https://example.com
 //     audiences:
 //     - bookstore_android.apps.googleusercontent.com
@@ -88,8 +87,7 @@ message DataSource {
 //         cluster: example_jwks_cluster
 //       cache_duration:
 //       - seconds: 300
-//
-// [#not-implemented-hide:]
+// ```
 message JwtRule {
   // Identifies the principal that issued the JWT. See `here
   //  <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_. Usually a URL or an email address.

@@ -196,7 +196,7 @@ message MeshConfig {
 
   // $hide_from_docs
   // This flag is used by secret discovery service(SDS).
-  // If set to true(prerequisite: https://kubernetes.io/docs/concepts/storage/volumes/#projected), Istio will inject volumes mount
+  // If set to true ([prerequisite](https://kubernetes.io/docs/concepts/storage/volumes/#projected)), Istio will inject volumes mount
   // for Kubernetes service account trustworthy JWT(which is available with Kubernetes 1.12 or higher), so that the Kubernetes API server
   // mounts Kubernetes service account trustworthy JWT to the Envoy container, which will be used to request key/cert eventually.
   // This isn't supported for non-Kubernetes cases.
@@ -261,7 +261,7 @@ message MeshConfig {
 
   // $hide_from_docs
   // The namespace to treat as the administrative root namespace for
-  // istio configuration. When processing a leaf namespace Istio will search for
+  // Istio configuration. When processing a leaf namespace Istio will search for
   // declarations in that namespace first and if none are found it will
   // search in the root namespace. Any matching declaration found in the root
   // namespace is processed as if it were declared in the leaf namespace.
@@ -270,8 +270,8 @@ message MeshConfig {
   // type.
   //
   // There is no default value for this flag in 1.1 but in later releases it
-  // is expected to default to a new namespace, "istio-config", which is
-  // maintained separately from the "istio-system" namespace where an instance
+  // is expected to default to a new namespace, `istio-config`, which is
+  // maintained separately from the `istio-system` namespace where an instance
   // of the control plane runtime is deployed. This separates the concerns of
   // configuring the control-plane runtime from configuration of the mesh.
   string root_namespace = 34;
@@ -297,7 +297,7 @@ message ConfigSource {
 
   // Use the tls_settings to specify the tls mode to use. If the MCP server
   // uses Istio mutual TLS and shares the root CA with Pilot, specify the TLS
-  // mode as ISTIO_MUTUAL.
+  // mode as `ISTIO_MUTUAL`.
   istio.networking.v1alpha3.TLSSettings tls_settings = 2;
 }
 
@@ -385,7 +385,7 @@ message LocalityLoadBalancerSetting{
 
   // Optional: only one of distribute or failover can be set.
   // Explicitly specify loadbalancing weight across different zones and geographical locations.
-  // Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/load_balancing.html?highlight=load_balancing_weight#locality-weighted-load-balancing)
+  // Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/load_balancing/locality_weight)
   // If empty, the locality weight is set according to the endpoints number within it.
   repeated Distribute distribute = 1;
 

@@ -31,11 +31,11 @@ message Network {
   // 1. Implicitly: If the registry explicitly provides information about
   // the network to which the endpoint belongs to. In some cases, its
   // possible to indicate the network associated with the endpoint by
-  // adding ISTIO_META_NETWORK environment variable to the sidecar.
+  // adding the `ISTIO_META_NETWORK` environment variable to the sidecar.
   //
   // 2. Explicitly:
   //
-  //    a. By matching the registry name with one of the "from_registries"
+  //    a. By matching the registry name with one of the "fromRegistry"
   //    in the mesh config. A "from_registry" can only be assigned to a
   //    single network.
   //
@@ -52,7 +52,7 @@ message Network {
 
     // Add all endpoints from the specified registry into this network.
     // The names of the registries should correspond to the secret name
-    // that was used to configure the registry (kubernetes multicluster) or
+    // that was used to configure the registry (Kubernetes multicluster) or
     // supplied by MCP server.
     string from_registry = 2;
     }
@@ -97,17 +97,20 @@ message Network {
 //
 // MeshNetworks(file/config map):
 // networks:
-// - network1:
+//   network1:
 //   - endpoints:
-//     - fromRegistry: registry1 #must match secret name inKubernetes
+//     - fromRegistry: registry1 #must match secret name in Kubernetes
 //     - fromCidr: 192.168.100.0/22 #a VM network for example
 //     gateways:
 //     - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local
 //       port: 15443
 //       locality: us-east-1a
+//     - address: 192.168.100.1
+//       port: 15443
+//       locality: us-east-1a
 message MeshNetworks {
   // REQUIRED: The set of networks inside this mesh. Each network should
   // have a unique name and information about how to infer the endpoints in
   // the network as well as the gateways associated with the network.
   map<string, Network> networks = 1;
-}
+}
@@ -128,13 +128,13 @@ message ProxyConfig {
   string statsd_udp_address = 10;
 
   // Address of the Envoy Metrics Service implementation (e.g. metrics-service:15000).
-  // See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto
+  // See [Metric Service](https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto)
   // for details about Envoy's Metrics Service API.
   string envoy_metrics_service_address = 20;
 
   // Port on which Envoy should listen for administrative commands.
   int32 proxy_admin_port = 11;
-  
+
   // $hide_from_docs
   string availability_zone = 12 [deprecated=true];
-Original file line number
+Diff line change
@@ Expand Up / @@ -13,6 +13,7 @@ jitter @@
     JSON
     JWT
     Kubernetes
+    LightStep
     MCP
     multicluster
     NACK
@@ Expand All / @@ -27,6 +28,7 @@ scalability @@
     SDS
     SNI
     SPIFFE
+    subnet
     TCP
     TLS
     UDP
@@ Expand All / @@ -35,3 +37,5 @@ unmanaged @@
     unterminated
     URI
     URL
+    VM
+    Zipkin