Setting pilot.jwksResolverExtraRootCA using Secrets

DineshKrishnanG · December 22, 2020, 4:50am

Hi All,

I see extra root CA can be set using below options
1. When installing via helm, you can now specify a PEM-encoded certificate in pilot.jwksResolverExtraRootCA in your values.yaml to trust an additional CA certificate
2. During installation you can directly specify your certificate as a command-line argument
Reference: https://github.com/istio/istio/pull/17176

But looking for an option to set the pilot.jwksResolverExtraRootCA contents from secrets. Like, storing the pem content in secret and reference the mount path in values.yaml.

Kindly advice on how to proceed. Thanks in advance.

Thanks,
G Dinesh Krishnan

YangminZhu · January 7, 2021, 2:28am

I think this is a useful feature, would you to open a feature request on github? thanks.

DineshKrishnanG · January 7, 2021, 6:49am

Thank you for the response.

Raised feature request for the same - Setting pilot.jwksResolverExtraRootCA using Secrets · Issue #29901 · istio/istio · GitHub

Topic		Replies	Views
Setting pilot.jwksResolverExtraRootCA in IstioOperator	6	3003	October 10, 2023
Istio JWT verification against JWKS with internally signed certificate Security	7	3755	November 9, 2020
Providing additional root certificates in caCertificates in meshConfig doesn't work	2	1369	June 28, 2023
How to tell pilot to fetch JWKS certs using mTLS? Security security	5	1938	July 8, 2022
Istio Multicluster Custom CA Issues Security	9	2372	April 20, 2020

Setting pilot.jwksResolverExtraRootCA using Secrets

Related topics