diff --git a/content/docs/tasks/security/plugin-ca-cert/index.md b/content/docs/tasks/security/plugin-ca-cert/index.md index c1ed3de3f9..fdf990e996 100644 --- a/content/docs/tasks/security/plugin-ca-cert/index.md +++ b/content/docs/tasks/security/plugin-ca-cert/index.md @@ -14,15 +14,8 @@ operator-specified root certificate. This task demonstrates an example to plug c ## Before you begin * Set up Istio by following the instructions in the - [quick start](/docs/setup/kubernetes/quick-start/) with global mutual TLS enabled: - - {{< text bash >}} - $ kubectl apply -f install/kubernetes/istio-demo-auth.yaml - {{< /text >}} - - _**OR**_ - - Using [Helm](/docs/setup/kubernetes/helm-install/) with `global.mtls.enabled` to `true`. + [quick start](/docs/setup/kubernetes/quick-start/) with global mutual TLS enabled by using [Helm](/docs/setup/kubernetes/helm-install/) + with `global.mtls.enabled` set to `true`. > Starting with Istio 0.7, you can use [authentication policy](/docs/concepts/security/#authentication-policy) to configure mutual TLS for all/selected services in a namespace (repeated for all namespaces to get global setting). See [authentication policy task](/docs/tasks/security/authn-policy/) @@ -52,14 +45,8 @@ The following steps enable plugging in the certificates and key into Citadel: --from-file=samples/certs/cert-chain.pem {{< /text >}} -1. Redeploy Citadel, which reads the certificates and key from the secret-mount files: - - {{< text bash >}} - $ kubectl apply -f install/kubernetes/istio-citadel-plugin-certs.yaml - {{< /text >}} - - > Note: if you are using different certificate/key file or secret names, - you need to change corresponding volume mounts and arguments in `istio-citadel-plugin-certs.yaml`. +1. Redeploy Citadel, which reads the certificates and key from the secret-mount files by using [Helm](/docs/setup/kubernetes/helm-install/) + with `global.mtls.enabled` set to `true` and `security.selfSigned` to `false`. 1. To make sure the workloads obtain the new certificates promptly, delete the secrets generated by Citadel (named as istio.\*).