DNS Certificate Management

Provision and manage DNS certificates in Istio.

Nov 14, 2019 | By Lei Tang - Google

By default, Citadel manages the DNS certificates of the Istio control plane. Citadel is a large component that maintains its own private signing key, and acts as a Certificate Authority (CA).

New in Istio 1.4, we introduce a feature to securely provision and manage DNS certificates signed by the Kubernetes CA, which has the following advantages.

The following diagram shows the architecture of provisioning and managing DNS certificates in Istio. Chiron is the component provisioning and managing DNS certificates in Istio.

The architecture of provisioning and managing DNS certificates in Istio
The architecture of provisioning and managing DNS certificates in Istio

To try this new feature, refer to the DNS certificate management task.