In this livestream, we'll look at certificates in Istio. We'll talk about how to plugin your own CA certificates, rotate them without downtime, and show how to use cert-manager and istio-csr to issue workload certificates.
Пікірлер: 7
@ChristianAltamiranoAyala Жыл бұрын
isn't istio operator deprecated? so how to install istio with external CA without using istio operator?
@learncloudnative Жыл бұрын
The use of Istio operator pod (i.e. istioctl operator init) is discouraged. However, the IstioOperator API (and the resource) is all good. So doing istioctl operator init and using kubectl to apply the IstioOperator resource is discouraged, however, doing istioctl install -f or just Helm is the recommended way to install Istio.
@user-tl6xo1uq4m4 ай бұрын
How about rotating root certificate with cert-manager?
@learncloudnative4 ай бұрын
The idea is to use the intermediate certificates and not the root cert directly. You can configure cert-manager to manage and handle cacerts and then have istiod automatically reload them.
@sarathreddy23567 ай бұрын
Can you please share the github repo?
@learncloudnative7 ай бұрын
The github repo for all episodes is here: github.com/solo-io/hoot