Houssem El Fekih
Houssem El Fekih
This approach takes an alternative approach to loading pilot DNS certs from secrets for pilot on initialisation proposed by @costinm here. We had previously opted for trying to load these...
Firstly i'd like to say thanks so much for this tool, saved me a lot of time/effort there. One thing that could be slightly improved is that judging by logic...
Hello The current istio-csr helm chart deploys the `istiod-tls` serving certificate as a cert-manager `Certificate` object at installation, As you can see in [link](https://github.com/cert-manager/istio-csr/blob/43131ddc7a9d13c86ff21a98b6c55e45c160fec5/deploy/charts/istio-csr/templates/certificate.yaml#L7), the common name is statically set...
When configuring a Vault issuer for istio-csr, the least privileged Vault role configurations are not very obvious. We have been through this particular problem recently and can supply a quick...
This is perhaps a flawed request from a security standpoint. However, it would increase the user-friendliness of the trust project potentially. Just like how currently a certificate in cert-manager has...
When an operator wants to migrate from the self-signed Citadel CA to spire backed workload identities he will encounter multiple difficulties in doing so, which seems to force him to...
Fixes https://github.com/cert-manager/cert-manager/issues/6150 * Explain when to use `kubernetes` vs `jwt` auth for secretless auth * Public clouds/generic + Openshift in-depth guide Preview: https://deploy-preview-1397--cert-manager-website.netlify.app/docs/configuration/vault/#secretless-authentication-with-a-service-account
This field is useful especially if following the advice on the first paragraph: > It is recommended to create subordinate CAs for signing leaf certificates. See the official documentation. It...