istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix minor nits on the security tasks page Plugin CA Certificate (#12709) 

* Fix minor nits on the security tasks page Plugin CA Certificate

Partially fixes: #12695

* Fix minor  nits on the security tasks page for certificate management
This commit is contained in:
majeshps 2023-03-03 18:09:06 +00:00 committed by GitHub
parent e24e58affa
commit e9ecc67a71
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 46 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
content/en/docs/tasks/security/cert-management/plugin-ca-cert/index.md
View File

@ -39,7 +39,7 @@ security protection.
{{< /warning >}}
{{< warning >}}
Support for SHA-1 signatures is [disabled by default in Go 1.18](https://github.com/golang/go/issues/41682). If you are generating the certificate on macOS make sure you are using OpenSSL [as described in GitHub issue 38049](https://github.com/istio/istio/issues/38049).
Support for SHA-1 signatures is [disabled by default in Go 1.18](https://github.com/golang/go/issues/41682). If you are generating the certificate on macOS make sure you are using OpenSSL as described in [GitHub issue 38049](https://github.com/istio/istio/issues/38049).
{{< /warning >}}
1. In the top-level directory of the Istio installation package, create a directory to hold certificates and keys:
@ -188,11 +188,33 @@ openssl command is expected.
$ rm -rf certs
{{< /text >}}
* Remove the secret `cacerts`, and the `foo` and `istio-system` namespaces:
* Remove the secret `cacerts`:
{{< text bash >}}
$ kubectl delete secret cacerts -n istio-system
$ kubectl delete ns foo istio-system
{{< /text >}}
* To remove the Istio components: follow the [uninstall instructions](/docs/setup/getting-started/#uninstall) to remove.
* Remove the authentication policy from the `foo` namespace:
{{< text bash >}}
$ kubectl delete peerauthentication -n foo default
{{< /text >}}
* Remove the sample applications `sleep` and `httpbin`:
{{< text bash >}}
$ kubectl delete -f samples/sleep/sleep.yaml -n foo
$ kubectl delete -f samples/httpbin/httpbin.yaml -n foo
{{< /text >}}
* Uninstall Istio from the cluster:
{{< text bash >}}
$ istioctl uninstall --purge -y
{{< /text >}}
* Remove the namespace `foo` and `istio-system` from the cluster:
{{< text bash >}}
$ kubectl delete ns foo istio-system
{{< /text >}}

16
content/en/docs/tasks/security/cert-management/plugin-ca-cert/snips.sh
View File

@ -111,5 +111,21 @@ rm -rf certs
snip_cleanup_2() {
kubectl delete secret cacerts -n istio-system
}
snip_cleanup_3() {
kubectl delete peerauthentication -n foo default
}
snip_cleanup_4() {
kubectl delete -f samples/sleep/sleep.yaml -n foo
kubectl delete -f samples/httpbin/httpbin.yaml -n foo
}
snip_cleanup_5() {
istioctl uninstall --purge -y
}
snip_cleanup_6() {
kubectl delete ns foo istio-system
}

7
content/en/docs/tasks/security/cert-management/plugin-ca-cert/test.sh
View File

@ -60,6 +60,7 @@ _verify_same snip_verifying_the_certificates_5 "$snip_verifying_the_certificates
# @cleanup
snip_cleanup_1
snip_cleanup_2
#TODO fix cleanup instructions in doc and then remove the following 2 lines
kubectl get validatingwebhookconfigurations -o custom-columns=NAME:.metadata.name --no-headers | xargs kubectl delete validatingwebhookconfigurations
kubectl get mutatingwebhookconfigurations -o custom-columns=NAME:.metadata.name --no-headers | xargs kubectl delete mutatingwebhookconfigurations
snip_cleanup_3
snip_cleanup_4
snip_cleanup_5
snip_cleanup_6