Chiron for mTLS certificates

Hey folks,

I’ve noticed the availability of Chiron. Are there any plans to support that workflow for mTLS certificates as well (e.g. use k8s own CA as a signing authority for workload proxies)?
It seems the only use case at the moment is istio’s service-2-service communication (unless I got it all wrong).


Chiron is used for signing control plane certificate and webhook certificate using k8s CA. Are you asking about using k8s CA to sign workload certificates? @leitang

Using k8s CA as a signing authority for workload proxies is not planned for Istio 1.5, but may be planned after 1.5 (no concrete timeline yet).

Indeed that’s what I was asking.
Thanks for the update.

Is there any documentation on using Chiron?