Is there a way to manually provision client and server certificates with Istio Citadel?
- Plug in custom CA intermediate certs to Istio
- Generate Client/Server certs via this same root of trust via Istio
- Use these certs on external (and even internal) workloads from the cluster.
I get that istiod/istio agent do this automatically for mesh workloads, but It would make things much easier if it could generate these certs for external workloads i.e. ingress communications would fall under the same root of trust as the istio-secured, mTLS mesh.