This epic covers the work to complete an E2E supported cert-manager integration with Istio. Today, we provide a generic integration with cert-manager, and OpenShift has the supported cert-manager operator. The last piece is istio-csr, which is an intermediary component between istio and cert-manager. Today, we document using the community isito-csr (via a helm chart). To complete the E2E story, we need to have a fully supported Istio-csr.

This work is a collaboration between the service mesh and cert-manager teams, with an agreement that the cert-manager team will cover productization, installation and configuration of istio-csr. Users will need to do this prior to installing OpenShift Service Mesh. The Service Mesh team will cover integration testing between cert-manager, istio-csr and OSSM and documentation of the integration.

Thus, for OSSM, this epic is primary to cover:

• Ongoing E2E integration testing of a supported cert-manager + istio-csr + OSSM configuration
• Documentation updates for configuring OSSM with istio-csr and cert-manager, which will live in the OSSM docs.

Related design proposal and discussion: https://github.com/openshift/enhancements/pull/1628