Details
-
Task
-
Resolution: Done
-
Major
-
None
-
None
Description
How to integrate cert-manager with OSSM:
- Customer want to use cert-manager as an issuer
- they wont use the self-signed certificates that the mesh uses by default
- We need a own certificate provider that generates certificate
so cu configured in this waycertificateAuthority: type: Custom custom: address: cert-manager-istio-csr.cert-manager.svc:443
- However, istiod still uses a self-signed certificated for the communication from gateway – virtual-service.
- They want istio itself also request a certificate from cert-manager.
However customer achieved the integration but wants to here from engineer side best and possible way.....
Upstream resources that Praneeth found.
https://cert-manager.io/docs/tutorials/istio-csr/istio-csr/
https://www.jetstack.io/blog/cert-manager-istio-integration/
https://medium.com/@gregoire.waymel/istio-cert-manager-lets-encrypt-demystified-c1cbed011d67
Attachments
Issue Links
- documents
-
OSSM-568 Integration with (external) cert-manager
-
- Closed
-
- is blocked by
-
OSSM-1330 Allow specifying secret as pilot server cert when using CertificateAuthority: Custom
-
- Closed
-
- is related to
-
-
- Closed
-
- relates to
-
-
- Closed
-
- links to
(5 links to)
1.
|
Review new feature checklist |
|
Closed | 
|
Unassigned |
