Istio + AWS PCA reports - no subject #168
Comments
|
Hi @tabnul, unfortunately istio-csr isn't able to re-write the contents of the certificate signing request that istio workloads make. To implement this would require either changes in istio, or setting on your issuer (in this case AWS PCA). I'm going to close this for now since there is nothing this project can do. |
|
/close |
|
@JoshVanL: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We are using istio together with AWS PCA.
All works fine, certificates get created.
However, AWS PCA reports do not report the SAN attributes, they only log the subject.
This means that when using Istio, this AWS PCA will be full of untraceable certificates. (subject: O=)
While i do understand this is in principle an AWS PCA issue, it would be very handy to have the CN filled in with something relatable to at least the origin K8S cluster.
What can i do to overcome this limitation?
Can i override the certificate requests CN in some way? (without tricks/hacks such as using Open Policy Agent)
The text was updated successfully, but these errors were encountered: