Houssem El Fekih

To recap the state of this issue, and possible workarounds: There is a clean and secure permanent bounded service account support that would solve this issue in [Draft PR](https://github.com/jetstack/cert-manager/pull/4524) Meanwwhile,...

:+1: This is useful for doing accurate total pod start time calculation, instead of trying to infer from ready count or something, in my particular case trying to benchmark the...

One potential solution to help would be to have another sidecar on the workloads running https://github.com/jimmidyson/configmap-reload, which can watch when the trust bundle configmap changes and send a restart proxy...

After further consideration it's probably not a good idea to run a watcher just for this particularly infrequent operation, can just have a step to run the exec SIGINT as...

Hey @sgran, It does work to distribute anything you feed it, but this is not first-class support as you still need to whip out `keytool` to create the java trust...

/retest-required

/retest-required

> /test integ-security-multicluster_istio Thanks for kicking this @GregHanson , I think i fixed all them pesky CLA violation, it was different emails setup on different machines.. once all tests pass...

> > /test integ-security-multicluster_istio > > Thanks for kicking this @GregHanson , I think i fixed all them pesky CLA violation, it was different emails setup on different machines.. once...

> still seems to require root to run Sorry, i just missed a dot for the `PilotWellKnownDNSCaCertPath` , can you try again because i still have the other problem that...