mt-inside
commented
6 years ago Yep, in fact I thought there was an issue for this already. Did a user prompt this, i.e. is there a deadline?
Open ZackButcher opened 6 years ago
mt-inside
commented
6 years ago Yep, in fact I thought there was an issue for this already. Did a user prompt this, i.e. is there a deadline?
ZackButcher
commented
6 years ago No, was chatting about Shriram with it re https://github.com/istio/istio.io/pull/2847. Also good for you to generally be aware of this PR, we added some stuff upstream in Istio that'll simplify the config CW needs to generate.
In order for services to use mTLS across clusters, Citadel instances in each cluster need to be configured to sign with keys in a common trust domain. The set up required today is rather involved. It would be nice to package up the cert creation and per-cluster config generation into a single tool.