/v1.3/docs/ops/security/Recent content in Security on IstioHugo -- gohugo.ioen-us/v1.3/docs/ops/security/harden-docker-images/Mon, 01 Jan 0001 00:00:00 +0000/v1.3/docs/ops/security/harden-docker-images/To ease the process of hardening docker images, Istio provides a set of images based on distroless images The distroless images are work-in-progress. The following images haven’t been updated to support distroless: proxyproxy proxy_debug kubectl app_sidecar For ease of the installation, they are available with a -distroless suffix. Install distroless images You should follow the Installation Steps to setup Istio. You can pass the following parameter to helm to use the distroless images/v1.3/docs/ops/security/root-transition/Mon, 01 Jan 0001 00:00:00 +0000/v1.3/docs/ops/security/root-transition/Istio self-signed certificates have historically had a 1 year default lifetime. If you are using Istio self-signed certificates, you need to be mindful about the expiration date of the root certificate. The expiration of a root certificate may lead to an unexpected cluster-wide outage. To evaluate the lifetime remaining for your root certificate, please refer to the first step in the procedure below. The steps below show you how to transition to a new root certificate.