Рет қаралды 2,500
Istio CA generates a self-signed root certificate and key and uses them to sign all workload certificates. In this episode, Josh van Leeuwen from Jetstack will show us how to configure Istio and use istio-csr/cert-manager to configure external CA for Istio to use.
DEMO: github.com/JoshVanL/tetrate-i...
Slides (PDF): github.com/JoshVanL/tetrate-i...
#istio #istioweekly #istio-csr #cert-manager
▬▬▬▬▬▬ Timecodes ▬▬▬▬▬▬
01:59 Weekly highlights
05:35 Introduction to external CAs with Istio
07:00 Service identity
12:42 Trust distribution
17:14 Default installation
18:05 Default installation DEMO
20:02 External CAs
22:54 Plugin external CA DEMO
25:19 Kubernetes CSR
29:10 Kubernetes CSR DEMO
34:07 cert-manager / istio-csr
38:39 cert-manager / istio-csr DEMO
43:34 Conclusion
45:24 Q&A
50:29 Final thoughts
▬▬▬▬▬▬ Episode links/notes ▬▬▬▬▬▬
Demo: github.com/JoshVanL/tetrate-i...
Slides (PDF): github.com/JoshVanL/tetrate-i...
Use Istio service mesh and deploy mTLS everywhere (Ebook): campaigns.jetstack.io/istio_s...
Jetstack: www.jetstack.io/
Secure production identity framework for everyone (SPIFFE): spiffe.io
cert-manager: github.com/jetstack/cert-manager
istio-csr: github.com/jetstack/istio-csr
Istio Workload Certificate API: docs.google.com/document/d/1Q...
▬▬▬▬▬▬ Weekly highlights ▬▬▬▬▬▬
Istio as an API Gateway: tetr8.io/istio-api-gateway
Get started with Envoy in 5 min: tetr8.io/5-minute-envoy
How to debug microservices in Kubernetes: tetr8.io/debug-microservices
Tetrate Certified Istio Administrator: tetr8.io/istio-administrator
▬▬▬▬▬▬ Connect ▬▬▬▬▬▬
Join Tetrate Community on Slack: tetr8.io/tetrate-community
Follow us on Twitter: / tetrateio
Follow us on LinkedIn: / tetrate
Past episodes: tetr8.io/istioweekly
▬▬▬▬▬▬ Participate ▬▬▬▬▬▬
Suggest an episode: tetr8.io/tetrate-community
Have a question about this episode? Comment below or in Tetrate Community Slack