You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, the current istio-csr istiod certificate does not allow these custom DNSs to be configured within the certificate, so using istiod webhook with a custom DNS in these environments will result in a certificate error.
Therefore, I would like to add a feature so that istio-csr's istiod certificate can also use custom DNS.
I thought it would be better to set istiodCertificateEnable to false and create your own certificate if you want to use custom DNS.
I don't think we need to support this feature, so I am closing this issue.
Currently, only the following dns names are supported for istiod certificates created by istio-csr's helm chart.
https://github.com/cert-manager/istio-csr/blob/main/deploy/charts/istio-csr/templates/certificate.yaml#L15-L31
istio supports external control plane and istiod may be published by an external LB provider or custom DNS.
https://istio.io/latest/docs/setup/install/external-controlplane/
However, the current istio-csr istiod certificate does not allow these custom DNSs to be configured within the certificate, so using istiod webhook with a custom DNS in these environments will result in a certificate error.
Therefore, I would like to add a feature so that istio-csr's istiod certificate can also use custom DNS.
By the way, istiod's built-in ca server already supports the same feature.
It is possible to set custom DNS for istiod certificate using istiod's environment variable
ISTIOD_CUSTOM_HOST
.https://istio.io/latest/docs/reference/commands/pilot-discovery/
The text was updated successfully, but these errors were encountered: