I am currently migrating Istio 1.4 cluster to 1.5. We are using mesh expansion to host certain databases on baremetal machines. I am hitting a roadblock on the documentation here:
and cannot seem to find information on how to generate production certs for the VM. Is there documentation available on how to generate certs for the VM given clean kubernetes installation with fresh istio 1.5 installation? Neither the documentation linked or “Plugging in external CA” it links to seem to miss this.
The documentation states “There are many tools and procedures for managing certificates for VMs - Istio requirement is that the VM will get a certificate with an Istio-compatible SPIFEE SAN, with the correct trust domain, namespace and service account.”
Examples of such tools and command-line options would be greatly appreciated.