Adds hard coded commonName: istiod.istio-system.svc
to istiod Certificate
#91
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds
commonName: istiod.istio-system.svc
as a hard coded value to the istiod Certificate. This is to allow for easier integration with Issuers that have default constraints on X509 Subjects being present when requesting certificates with DNS names. This is true for the AWSPCA Issuer.This value is hardcoded and is not configurable through options such as
app.istio.revisions
. This is done under the assumption that thecommonName
doesn't actually need to match one of the DNS names in the cases where revisions are used, but not thedefault
revision. If this is not the case, a workaround for users is to include thedefault
revision, even if their istio installation doesn't include adefault
revision.Once merged, we should release a new helm chart version to include this and #86 changes in the public repo.
fixes #90
/assign @irbekrm