Pods in user-namespaces have Istio sidecars. There’s mTLS between Pods in user namespaces (between them, and IngressGateway). Questions we need to answer:
For mTLS what libraries are used by sidecars?
Is istiod distributing certificates to the sidecar charms?
Has the Service Mesh team information about this?
Is Istio-pilot charm.py using any crypto libraries?
Definition of Done
We have enough information in order to document istio work with cryptographic libraries.
Context
SSDL - Cryptography epic
What needs to get done
Pods in user-namespaces have Istio sidecars. There’s mTLS between Pods in user namespaces (between them, and IngressGateway). Questions we need to answer:
istiod
distributing certificates to thesidecar
charms?charm.py
using any crypto libraries?Definition of Done
We have enough information in order to document istio work with cryptographic libraries.