mirror of https://github.com/istio/istio.io.git
6 lines
1.9 KiB
XML
6 lines
1.9 KiB
XML
<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Security on Istio</title><link>/v1.3/docs/ops/security/</link><description>Recent content in Security on Istio</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><atom:link href="/v1.3/docs/ops/security/feed.xml" rel="self" type="application/rss+xml"/><item><title>Harden Docker Container Images</title><link>/v1.3/docs/ops/security/harden-docker-images/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/v1.3/docs/ops/security/harden-docker-images/</guid><description>To ease the process of hardening docker images, Istio provides a set of images based on distroless images
|
|
The distroless images are work-in-progress. The following images haven&rsquo;t been updated to support distroless:
|
|
proxyproxy proxy_debug kubectl app_sidecar For ease of the installation, they are available with a -distroless suffix.
|
|
Install distroless images You should follow the Installation Steps to setup Istio. You can pass the following parameter to helm to use the distroless images</description></item><item><title>Extending Self-Signed Certificate Lifetime</title><link>/v1.3/docs/ops/security/root-transition/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/v1.3/docs/ops/security/root-transition/</guid><description>Istio self-signed certificates have historically had a 1 year default lifetime. If you are using Istio self-signed certificates, you need to be mindful about the expiration date of the root certificate. The expiration of a root certificate may lead to an unexpected cluster-wide outage.
|
|
To evaluate the lifetime remaining for your root certificate, please refer to the first step in the procedure below.
|
|
The steps below show you how to transition to a new root certificate.</description></item></channel></rss> |