istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/archive/v0.8/docs/tasks/security/plugin-ca-cert/index.html

7983 lines
121 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en" itemscope itemtype="https://schema.org/WebPage">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="theme-color" content="#466BB0"/>
<meta name="title" content="Plugging in external CA key and certificate">
<meta name="description" content="Shows how operators can configure Citadel with existing root certificate, signing certificate and key.">
<meta name="og:title" content="Plugging in external CA key and certificate">
<meta name="og:description" content="Shows how operators can configure Citadel with existing root certificate, signing certificate and key.">
<meta name="og:url" content="/v0.8/docs/tasks/security/plugin-ca-cert/">
<meta name="og.site_name" content="Istio">
<title>Istioldie 0.8 / Plugging in external CA key and certificate</title>
<script>
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-98480406-2', 'auto');
ga('send', 'pageview');
</script>
<script async src='https://www.google-analytics.com/analytics.js'></script>
<script>
var branchName = "release-0.8";
</script>
<link rel="alternate" type="application/rss+xml" title="Istio Blog" href="/v0.8/feed.xml">
<link rel="shortcut icon" href="/v0.8/favicons/favicon.ico" >
<link rel="apple-touch-icon" href="/v0.8/favicons/apple-touch-icon-180x180.png" sizes="180x180">
<link rel="icon" type="image/png" href="/v0.8/favicons/favicon-16x16.png" sizes="16x16">
<link rel="icon" type="image/png" href="/v0.8/favicons/favicon-32x32.png" sizes="32x32">
<link rel="icon" type="image/png" href="/v0.8/favicons/android-36x36.png" sizes="36x36">
<link rel="icon" type="image/png" href="/v0.8/favicons/android-48x48.png" sizes="48x48">
<link rel="icon" type="image/png" href="/v0.8/favicons/android-72x72.png" sizes="72x72">
<link rel="icon" type="image/png" href="/v0.8/favicons/android-96x196.png" sizes="96x196">
<link rel="icon" type="image/png" href="/v0.8/favicons/android-144x144.png" sizes="144x144">
<link rel="icon" type="image/png" href="/v0.8/favicons/android-192x192.png" sizes="192x192">
<link rel="manifest" href="/v0.8/manifest.json">
<meta name="apple-mobile-web-app-title" content="Istio">
<meta name="application-name" content="Istio">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic,900,900italic">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.6/css/all.css">
<link rel="stylesheet" href="/v0.8/css/light_theme_archive.css" title="light">
<link rel="alternate stylesheet" href="/v0.8/css/dark_theme_archive.css" title="dark">
<script src="/v0.8/js/styleSwitcher.min.js"></script>
</head>
<body class="language-unknown">
<header>
<nav class="navbar navbar-expand-md navbar-dark fixed-top bg-dark justify-content-between">
<a class="navbar-brand" href="/v0.8/">
<span class="logo"><svg viewBox="0 0 300 300">
<circle cx="150" cy="150" r="150" stroke-width="2" />
<polygon points="65,240 225,240 125,270"/>
<polygon points="65,230 125,220 125,110"/>
<polygon points="135,220 225,230 135,30"/>
</svg>
</span>
<span class="brand-name">Istioldie 0.8</span>
</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarCollapse" aria-controls="navbarCollapse" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse justify-content-end" id="navbarCollapse">
<ul id="navbar-links" class="navbar-nav active">
<li class="nav-item">
<a class="nav-link active" href="/v0.8/docs/">Docs</a>
</li>
<li class="nav-item">
<a class="nav-link " href="/v0.8/blog/2018/egress-monitoring-access-control/">Blog</a>
</li>
<li class="nav-item">
<a class="nav-link " href="/v0.8/help/">Help</a>
</li>
<li class="nav-item">
<a class="nav-link " href="/v0.8/community/">Community</a>
</li>
<li class="nav-item">
<a class="nav-link " href="/v0.8/about/">About</a>
</li>
<li class="nav-item dropdown" id="gearDropdown" style="white-space: nowrap">
<a href="" class="nav-link" data-toggle="dropdown" aria-label="Tools" aria-haspopup="true" aria-expanded="false">
<i style="width: 1em" class='fa fa-lg fa-cog'></i>
</a>
<div class="dropdown-menu dropdown-menu-right" aria-labelledby="gearDropdown">
<a class="dropdown-item" id="light-theme-item" href="" onclick="setActiveStyleSheet('light');return false;">Light Theme</a>
<a class="dropdown-item" id="dark-theme-item" href="" onclick="setActiveStyleSheet('dark');return false;">Dark Theme</a>
<div class="dropdown-divider"></div>
<h6 class="dropdown-header">Other versions of this site</h6>
<a href="https://istio.io" class="dropdown-item">Current Release</a>
<a href="https://preliminary.istio.io" class="dropdown-item">Next Release</a>
<a href="https://archive.istio.io" class="dropdown-item">Older Releases</a>
</div>
</li>
<li class="nav-item">
<a id="search_show" class="nav-link" href="" aria-label="Search"><i style="width: 1em" class="fa fa-lg fa-search"></i></a>
</li>
</ul>
<form name="cse" id="search_form" class="form-inline mr-sm-2" role="search">
<input type="hidden" name="cx" value="013699703217164175118:iwwf17ikgf4" />
<input type="hidden" name="ie" value="utf-8" />
<input type="hidden" name="hl" value="en" />
<input type="hidden" id="search_page_url" value="/v0.8/search.html" />
<input id="search_textbox" class="form-control" name="q" type="text" aria-label="Search this site"/>
<button id="search_close" type="reset" aria-label="Cancel Search"><i class="far fa-lg fa-times-circle"></i></button>
</form>
</div>
</nav>
</header>
<div class="container-fluid">
<div class="row row-offcanvas">
<div class="col-0 col-md-3 col-xl-2 sidebar-offcanvas">
<nav class="sidebar d-print-none">
<div class="spacer"></div>
<div class="directory" role="tablist">
<div class="card">
<div class="card-header" role="tab" id="header7">
<a data-toggle="collapse" href="#collapse7" title="Concepts help you learn about the different parts of the Istio system and the abstractions it uses." role="button" aria-controls="collapse7">
<div>
Concepts
</div>
</a>
</div>
<div id="collapse7" class="collapse" data-parent="#sidebar" role="tabpanel" aria-labelledby="header7">
<div class="card-body">
<ul class="tree">
<li class="sublist">
<label class='tree-toggle'>
<i class='fa fa-lg fa-caret-right'></i>
<a title="A broad overview of the Istio system." href="/v0.8/docs/concepts/what-is-istio/">What is Istio? </a>
</label>
<ul class="tree collapse">
<li>
<a title="Provides a conceptual introduction to Istio, including the problems it solves and its high-level architecture." href="/v0.8/docs/concepts/what-is-istio/overview/">Overview</a>
</li>
<li>
<a title="Describes the core principles that Istio&#39;s design adheres to." href="/v0.8/docs/concepts/what-is-istio/goals/">Design Goals</a>
</li>
</ul>
</li>
<li class="sublist">
<label class='tree-toggle'>
<i class='fa fa-lg fa-caret-right'></i>
<a title="Describes the various Istio features focused on traffic routing and control." href="/v0.8/docs/concepts/traffic-management/">Traffic Management </a>
</label>
<ul class="tree collapse">
<li>
<a title="Provides a conceptual overview of traffic management in Istio and the features it enables." href="/v0.8/docs/concepts/traffic-management/overview/">Overview</a>
</li>
<li>
<a title="Introduces Pilot, the component responsible for managing a distributed deployment of Envoy proxies in the service mesh." href="/v0.8/docs/concepts/traffic-management/pilot/">Pilot</a>
</li>
<li>
<a title="Describes how requests are routed between services in an Istio service mesh." href="/v0.8/docs/concepts/traffic-management/request-routing/">Request Routing</a>
</li>
<li>
<a title="Describes how traffic is load balanced across instances of a service in the mesh." href="/v0.8/docs/concepts/traffic-management/load-balancing/">Discovery &amp; Load Balancing</a>
</li>
<li>
<a title="An overview of failure recovery capabilities in Envoy that can be leveraged by unmodified applications to improve robustness and prevent cascading failures." href="/v0.8/docs/concepts/traffic-management/handling-failures/">Handling Failures</a>
</li>
<li>
<a title="Introduces the idea of systematic fault injection that can be used to uncover conflicting failure recovery policies across services." href="/v0.8/docs/concepts/traffic-management/fault-injection/">Fault Injection</a>
</li>
<li>
<a title="Provides a high-level overview of the configuration model used by Istio to configure traffic management rules in the service mesh." href="/v0.8/docs/concepts/traffic-management/rules-configuration/">Rules Configuration</a>
</li>
</ul>
</li>
<li class="sublist">
<label class='tree-toggle'>
<i class='fa fa-lg fa-caret-right'></i>
<a title="Describes Istio&#39;s authorization and authentication functionality." href="/v0.8/docs/concepts/security/">Security </a>
</label>
<ul class="tree collapse">
<li>
<a title="Describes Istio&#39;s authentication policy" href="/v0.8/docs/concepts/security/authn-policy/">Authentication Policy</a>
</li>
<li>
<a title="Describes Istio&#39;s mutual TLS authentication architecture which provides a strong service identity and secure communication channels between services." href="/v0.8/docs/concepts/security/mutual-tls/">Mutual TLS Authentication</a>
</li>
<li>
<a title="Describes Istio RBAC which provides access control for services in Istio Mesh." href="/v0.8/docs/concepts/security/rbac/">Istio Role-Based Access Control (RBAC)</a>
</li>
</ul>
</li>
<li class="sublist">
<label class='tree-toggle'>
<i class='fa fa-lg fa-caret-right'></i>
<a title="Introduces the policy control snd telemetry collection mechanisms." href="/v0.8/docs/concepts/policies-and-telemetry/">Policies and Telemetry </a>
</label>
<ul class="tree collapse">
<li>
<a title="Describes the design of the policy and telemetry mechanisms." href="/v0.8/docs/concepts/policies-and-telemetry/overview/">Overview</a>
</li>
<li>
<a title="An overview of the key concepts used to configure Istio&#39;s policy enforcement and telemetry collection features." href="/v0.8/docs/concepts/policies-and-telemetry/config/">Configuration</a>
</li>
</ul>
</li>
</ul>
</div>
</div>
</div>
<div class="card">
<div class="card-header" role="tab" id="header22">
<a data-toggle="collapse" href="#collapse22" title="Setup contains instructions for installing the Istio control plane in various environments (e.g., Kubernetes, Consul, etc.), as well as instructions for installing the sidecar in the application deployment." role="button" aria-controls="collapse22">
<div>
Setup
</div>
</a>
</div>
<div id="collapse22" class="collapse" data-parent="#sidebar" role="tabpanel" aria-labelledby="header22">
<div class="card-body">
<ul class="tree">
<li class="sublist">
<label class='tree-toggle'>
<i class='fa fa-lg fa-caret-right'></i>
<a title="Instructions for installing the Istio control plane on Kubernetes and adding VMs into the mesh." href="/v0.8/docs/setup/kubernetes/">Kubernetes </a>
</label>
<ul class="tree collapse">
<li>
<a title="Quick start instructions to setup the Istio service mesh in a Kubernetes cluster." href="/v0.8/docs/setup/kubernetes/quick-start/">Quick Start</a>
</li>
<li>
<a title="Quick Start instructions to setup the Istio service using Google Kubernetes Engine (GKE)" href="/v0.8/docs/setup/kubernetes/quick-start-gke-dm/">Quick Start with Google Kubernetes Engine</a>
</li>
<li>
<a title="Install Istio with the included Helm chart." href="/v0.8/docs/setup/kubernetes/helm-install/">Installation with Helm</a>
</li>
<li>
<a title="Install Istio with the included Ansible playbook." href="/v0.8/docs/setup/kubernetes/ansible-install/">Installation with Ansible</a>
</li>
<li>
<a title="Instructions for installing the Istio sidecar in application pods automatically using the sidecar injector webhook or manually using istioctl CLI." href="/v0.8/docs/setup/kubernetes/sidecar-injection/">Installing the Istio Sidecar</a>
</li>
<li>
<a title="Instructions for integrating VMs and bare metal hosts into an Istio mesh deployed on Kubernetes." href="/v0.8/docs/setup/kubernetes/mesh-expansion/">Mesh Expansion</a>
</li>
<li>
<a title="Install Istio with multicluster support." href="/v0.8/docs/setup/kubernetes/multicluster-install/">Istio Multicluster</a>
</li>
<li>
<a title="This guide demonstrates how to upgrade the Istio control plane and data plane independently." href="/v0.8/docs/setup/kubernetes/upgrading-istio/">Upgrading Istio</a>
</li>
</ul>
</li>
<li class="sublist">
<label class='tree-toggle'>
<i class='fa fa-lg fa-caret-right'></i>
<a title="Instructions for installing the Istio control plane in a Consul based environment, with or without Nomad." href="/v0.8/docs/setup/consul/">Nomad &amp; Consul </a>
</label>
<ul class="tree collapse">
<li>
<a title="Quick Start instructions to setup the Istio service mesh with Docker Compose." href="/v0.8/docs/setup/consul/quick-start/">Quick Start on Docker</a>
</li>
<li>
<a title="Instructions for installing the Istio control plane in a Consul based environment, with or without Nomad." href="/v0.8/docs/setup/consul/install/">Installation</a>
</li>
</ul>
</li>
<li class="sublist">
<label class='tree-toggle'>
<i class='fa fa-lg fa-caret-right'></i>
<a title="Instructions for installing the Istio control plane in a Eureka based environment." href="/v0.8/docs/setup/eureka/">Eureka </a>
</label>
<ul class="tree collapse">
<li>
<a title="Quick Start instructions to setup the Istio service mesh with Docker Compose." href="/v0.8/docs/setup/eureka/quick-start/">Quick Start on Docker</a>
</li>
<li>
<a title="Instructions for installing the Istio control plane in an Eureka based environment." href="/v0.8/docs/setup/eureka/install/">Installation</a>
</li>
</ul>
</li>
</ul>
</div>
</div>
</div>
<div class="card">
<div class="card-header" role="tab" id="header37">
<a data-toggle="collapse" href="#collapse37" title="Tasks show you how to do a single specific targeted activity with the Istio system." role="button" aria-controls="collapse37">
<div>
Tasks
</div>
</a>
</div>
<div id="collapse37" class="collapse show" data-parent="#sidebar" role="tabpanel" aria-labelledby="header37">
<div class="card-body">
<ul class="tree">
<li class="sublist">
<label class='tree-toggle'>
<i class='fa fa-lg fa-caret-right'></i>
<a title="Describes tasks that demonstrate traffic routing features of Istio service mesh." href="/v0.8/docs/tasks/traffic-management/">Traffic Management </a>
</label>
<ul class="tree collapse">
<li>
<a title="This task shows you how to configure dynamic request routing based on weights and HTTP headers." href="/v0.8/docs/tasks/traffic-management/request-routing/">Configuring Request Routing</a>
</li>
<li>
<a title="This task shows how to inject delays and test the resiliency of your application." href="/v0.8/docs/tasks/traffic-management/fault-injection/">Fault Injection</a>
</li>
<li>
<a title="Shows you how to migrate traffic from an old to new version of a service." href="/v0.8/docs/tasks/traffic-management/traffic-shifting/">Traffic Shifting</a>
</li>
<li>
<a title="This task shows you how to setup request timeouts in Envoy using Istio." href="/v0.8/docs/tasks/traffic-management/request-timeouts/">Setting Request Timeouts</a>
</li>
<li>
<a title="Describes how to configure Istio to expose a service outside of the service mesh." href="/v0.8/docs/tasks/traffic-management/ingress/">Control Ingress Traffic</a>
</li>
<li>
<a title="Describes how to configure Istio to expose a service outside of the service mesh, over TLS or Mutual TLS." href="/v0.8/docs/tasks/traffic-management/secure-ingress/">Securing Gateways with HTTPS</a>
</li>
<li>
<a title="Describes how to configure Istio to route traffic from services in the mesh to external services." href="/v0.8/docs/tasks/traffic-management/egress/">Control Egress Traffic</a>
</li>
<li>
<a title="Describes how to configure Istio to perform TLS origination for traffic to external services" href="/v0.8/docs/tasks/traffic-management/egress-tls-origination/">TLS Origination for Egress Traffic</a>
</li>
<li>
<a title="Describes how to configure Istio to direct traffic to external services through a dedicated gateway service" href="/v0.8/docs/tasks/traffic-management/egress-gateway/">Configure an Egress Gateway</a>
</li>
<li>
<a title="This task demonstrates the circuit-breaking capability for resilient applications" href="/v0.8/docs/tasks/traffic-management/circuit-breaking/">Circuit Breaking</a>
</li>
<li>
<a title="This task demonstrates the traffic shadowing/mirroring capabilities of Istio" href="/v0.8/docs/tasks/traffic-management/mirroring/">Mirroring</a>
</li>
</ul>
</li>
<li class="sublist">
<label class='tree-toggle'>
<i class='fa fa-lg fa-caret-down'></i>
<a title="Demonstrates how to secure the mesh." href="/v0.8/docs/tasks/security/">Security </a>
</label>
<ul class="tree">
<li>
<a title="Shows you how to use Istio authentication policy to setup mutual TLS and basic end-user authentication." href="/v0.8/docs/tasks/security/authn-policy/">Basic Authentication Policy</a>
</li>
<li>
<a title="Shows you how to verify and test Istio&#39;s automatic mutual TLS authentication." href="/v0.8/docs/tasks/security/mutual-tls/">Testing Mutual TLS</a>
</li>
<li>
<a title="Shows how to control access to a service using the Kubernetes labels." href="/v0.8/docs/tasks/security/basic-access-control/">Basic Access Control</a>
</li>
<li>
<a title="Shows how to securely control access to a service using service accounts." href="/v0.8/docs/tasks/security/secure-access-control/">Secure Access Control</a>
</li>
<li>
<a title="Shows how to set up role-based access control for services in Istio mesh." href="/v0.8/docs/tasks/security/role-based-access-control/">Role-Based Access Control</a>
</li>
<li>
<span class="current" title="Shows how operators can configure Citadel with existing root certificate, signing certificate and key.">Plugging in external CA key and certificate</span>
</li>
<li>
<a title="Shows how to enable Citadel health checking with Kubernetes." href="/v0.8/docs/tasks/security/health-check/">Citadel health checking</a>
</li>
<li>
<a title="Shows how to enable mutual TLS on HTTPS services." href="/v0.8/docs/tasks/security/https-overlay/">Mutual TLS over HTTPS</a>
</li>
</ul>
</li>
<li class="sublist">
<label class='tree-toggle'>
<i class='fa fa-lg fa-caret-right'></i>
<a title="Demonstrates policy enforcement features." href="/v0.8/docs/tasks/policy-enforcement/">Policies </a>
</label>
<ul class="tree collapse">
<li>
<a title="This task shows you how to use Istio to dynamically limit the traffic to a service." href="/v0.8/docs/tasks/policy-enforcement/rate-limiting/">Enabling Rate Limits</a>
</li>
</ul>
</li>
<li class="sublist">
<label class='tree-toggle'>
<i class='fa fa-lg fa-caret-right'></i>
<a title="Demonstrates how to collect telemetry information from the mesh." href="/v0.8/docs/tasks/telemetry/">Telemetry </a>
</label>
<ul class="tree collapse">
<li>
<a title="How to configure the proxies to send tracing requests to Zipkin or Jaeger" href="/v0.8/docs/tasks/telemetry/distributed-tracing/">Distributed Tracing</a>
</li>
<li>
<a title="This task shows you how to configure Istio to collect metrics and logs." href="/v0.8/docs/tasks/telemetry/metrics-logs/">Collecting Metrics and Logs</a>
</li>
<li>
<a title="This task shows you how to configure Istio to collect metrics for TCP services." href="/v0.8/docs/tasks/telemetry/tcp-metrics/">Collecting Metrics for TCP services</a>
</li>
<li>
<a title="This task shows you how to query for Istio Metrics using Prometheus." href="/v0.8/docs/tasks/telemetry/querying-metrics/">Querying Metrics from Prometheus</a>
</li>
<li>
<a title="This task shows you how to setup and use the Istio Dashboard to monitor mesh traffic." href="/v0.8/docs/tasks/telemetry/using-istio-dashboard/">Visualizing Metrics with Grafana</a>
</li>
<li>
<a title="This task shows you how to generate a graph of services within an Istio mesh." href="/v0.8/docs/tasks/telemetry/servicegraph/">Generating a Service Graph</a>
</li>
<li>
<a title="This task shows you how to configure Istio to log to a Fluentd daemon" href="/v0.8/docs/tasks/telemetry/fluentd/">Logging with Fluentd</a>
</li>
</ul>
</li>
</ul>
</div>
</div>
</div>
<div class="card">
<div class="card-header" role="tab" id="header48">
<a data-toggle="collapse" href="#collapse48" title="Guides include a variety of fully working example uses for Istio that you can experiment with." role="button" aria-controls="collapse48">
<div>
Guides
</div>
</a>
</div>
<div id="collapse48" class="collapse" data-parent="#sidebar" role="tabpanel" aria-labelledby="header48">
<div class="card-body">
<ul class="tree">
<li>
<a title="This guide deploys a sample application composed of four separate microservices which will be used to demonstrate various features of the Istio service mesh." href="/v0.8/docs/guides/bookinfo/">Bookinfo Sample Application</a>
</li>
<li>
<a title="This guide demonstrates how to use various traffic management capabilities of an Istio service mesh." href="/v0.8/docs/guides/intelligent-routing/">Intelligent Routing</a>
</li>
<li>
<a title="This sample demonstrates how to obtain uniform metrics, logs, traces across different services using Istio Mixer and Istio sidecar." href="/v0.8/docs/guides/telemetry/">In-Depth Telemetry</a>
</li>
<li>
<a title="Explains how to manually integrate Google Cloud Endpoints services with Istio." href="/v0.8/docs/guides/endpoints/">Install Istio for Google Cloud Endpoints Services</a>
</li>
<li>
<a title="This sample deploys the Bookinfo services across Kubernetes and a set of virtual machines, and illustrates how to use the Istio service mesh to control this infrastructure as a single mesh." href="/v0.8/docs/guides/integrating-vms/">Integrating Virtual Machines</a>
</li>
</ul>
</div>
</div>
</div>
<div class="card">
<div class="card-header" role="tab" id="header77">
<a data-toggle="collapse" href="#collapse77" title="Introduces Performance and Scalability methodology, results and best practices for Istio components." role="button" aria-controls="collapse77">
<div>
Performance and Scalability
</div>
</a>
</div>
<div id="collapse77" class="collapse" data-parent="#sidebar" role="tabpanel" aria-labelledby="header77">
<div class="card-body">
<ul class="tree">
<li>
<a title="Provides a conceptual introduction to Istio&#39;s Performance and Scalability" href="/v0.8/docs/performance-and-scalability/overview/">Overview</a>
</li>
<li>
<a title="Performance measurement through code level micro-benchmarks." href="/v0.8/docs/performance-and-scalability/microbenchmarks/">Micro Benchmarks</a>
</li>
<li>
<a title="The different scenarios we are tracking for performance and scalability." href="/v0.8/docs/performance-and-scalability/scenarios/">Testing scenarios</a>
</li>
<li>
<a title="Fortio is our simple synthetic http and grpc benchmarking tool." href="/v0.8/docs/performance-and-scalability/synthetic-benchmarks/">Synthetic End to End benchmarks</a>
</li>
<li>
<a title="Performance measurement through realistic micro service application tests." href="/v0.8/docs/performance-and-scalability/realistic-app-benchmark/">Realistic Application Benchmark</a>
</li>
<li>
<a title="How we ensure performance is tracked and improves or does not regress across releases." href="/v0.8/docs/performance-and-scalability/performance-testing-automation/">Automation</a>
</li>
<li>
<a title="Setup of Istio components to scale horizontally. High availability. Sizing guide." href="/v0.8/docs/performance-and-scalability/scalability/">Scalability and Sizing Guide</a>
</li>
</ul>
</div>
</div>
</div>
<div class="card">
<div class="card-header" role="tab" id="header85">
<a data-toggle="collapse" href="#collapse85" title="The Reference section contains detailed authoritative reference material such as command-line options, configuration options, and API calling parameters." role="button" aria-controls="collapse85">
<div>
Reference
</div>
</a>
</div>
<div id="collapse85" class="collapse" data-parent="#sidebar" role="tabpanel" aria-labelledby="header85">
<div class="card-body">
<ul class="tree">
<li class="sublist">
<label class='tree-toggle'>
<i class='fa fa-lg fa-caret-right'></i>
<a title="Detailed information on configuration options." href="/v0.8/docs/reference/config/">Configuration </a>
</label>
<ul class="tree collapse">
<li class="sublist">
<label class='tree-toggle'>
<i class='fa fa-lg fa-caret-right'></i>
<a title="Describes how to configure Istio&#39;s policy and telemetry features." href="/v0.8/docs/reference/config/policy-and-telemetry/">Policies and Telemetry </a>
</label>
<ul class="tree collapse">
<li>
<a title="Describes the base attribute vocabulary used for policy and control." href="/v0.8/docs/reference/config/policy-and-telemetry/attribute-vocabulary/">Attribute Vocabulary</a>
</li>
<li>
<a title="Mixer config expression language reference." href="/v0.8/docs/reference/config/policy-and-telemetry/expression-language/">Expression Language</a>
</li>
<li class="sublist">
<label class='tree-toggle'>
<i class='fa fa-lg fa-caret-right'></i>
<a title="Mixer adapters allow Istio to interface to a variety of infrastructure backends for such things as metrics and logs." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/">Adapters </a>
</label>
<ul class="tree collapse">
<li>
<a title="Adapter for circonus.com&#39;s monitoring solution." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/circonus/">Circonus</a>
</li>
<li>
<a title="Adapter for cloudwatch metrics." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/cloudwatch/">CloudWatch</a>
</li>
<li>
<a title="Adapter to deliver metrics to a dogstatsd agent for delivery to DataDog" href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/datadog/">Datadog</a>
</li>
<li>
<a title="Adapter that always returns a precondition denial." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/denier/">Denier</a>
</li>
<li>
<a title="Adapter that delivers logs to a fluentd daemon." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/fluentd/">Fluentd</a>
</li>
<li>
<a title="Adapter that extracts information from a Kubernetes environment." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/kubernetesenv/">Kubernetes Env</a>
</li>
<li>
<a title="Adapter that performs whitelist or blacklist checks" href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/list/">List</a>
</li>
<li>
<a title="Adapter for a simple in-memory quota management system." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/memquota/">Memory quota</a>
</li>
<li>
<a title="Adapter that implements an Open Policy Agent engine" href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/opa/">OPA</a>
</li>
<li>
<a title="Adapter that exposes Istio metrics for ingestion by a Prometheus harvester." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/prometheus/">Prometheus</a>
</li>
<li>
<a title="Adapter that exposes Istio&#39;s Role-Based Access Control model." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/rbac/">RBAC</a>
</li>
<li>
<a title="Adapter for a Redis-based quota management system." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/redisquota/">Redis Quota</a>
</li>
<li>
<a title="Adapter that delivers logs and metrics to Google Service Control" href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/servicecontrol/">Service Control</a>
</li>
<li>
<a title="Adapter to deliver logs and metrics to Papertrail and AppOptics backends" href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/solarwinds/">SolarWinds</a>
</li>
<li>
<a title="Adapter to deliver logs and metrics to Stackdriver" href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/stackdriver/">Stackdriver</a>
</li>
<li>
<a title="Adapter to deliver metrics to a StatsD backend" href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/statsd/">StatsD</a>
</li>
<li>
<a title="Adapter for outputting logs and metrics locally." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/stdio/">Stdio</a>
</li>
</ul>
</li>
<li>
<a title="Default Metrics exported from Istio through Mixer." href="/v0.8/docs/reference/config/policy-and-telemetry/metrics/">Default Metrics</a>
</li>
<li class="sublist">
<label class='tree-toggle'>
<i class='fa fa-lg fa-caret-right'></i>
<a title="Mixer templates are used to send data to individual adapters." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/">Templates </a>
</label>
<ul class="tree collapse">
<li>
<a title="A template that represents a single API key." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/apikey/">API Key</a>
</li>
<li>
<a title="A template used to represent an access control query." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/authorization/">Authorization</a>
</li>
<li>
<a title="A template that carries no data, useful for testing." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/checknothing/">Check Nothing</a>
</li>
<li>
<a title="A template that is used to control the production of Kubernetes-specific attributes." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/kubernetes/">Kubernetes</a>
</li>
<li>
<a title="A template designed to let you perform list checking operations." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/listentry/">List Entry</a>
</li>
<li>
<a title="A template that represents a single runtime log entry." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/logentry/">Log Entry</a>
</li>
<li>
<a title="A template that represents a single runtime metric." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/metric/">Metric</a>
</li>
<li>
<a title="A template that represents a quota allocation request" href="/v0.8/docs/reference/config/policy-and-telemetry/templates/quota/">Quota</a>
</li>
<li>
<a title="A template that carries no data, useful for testing." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/reportnothing/">Report Nothing</a>
</li>
<li>
<a title="A template used by the Google Service Control adapter." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/servicecontrolreport/">Service Control Report</a>
</li>
</ul>
</li>
<li>
<a title="Describes the rules used to configure Mixer&#39;s policy and telemetry features." href="/v0.8/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1/">Rules</a>
</li>
</ul>
</li>
<li>
<a title="Configuration for Role Based Access Control" href="/v0.8/docs/reference/config/istio.rbac.v1alpha1/">RBAC</a>
</li>
<li>
<a title="Configuration affecting traffic routing" href="/v0.8/docs/reference/config/istio.routing.v1alpha1/">Route Rules v1alpha1 (deprecated)</a>
</li>
<li>
<a title="Configuration affecting traffic routing" href="/v0.8/docs/reference/config/istio.networking.v1alpha3/">Route Rules v1alpha3</a>
</li>
</ul>
</li>
<li class="sublist">
<label class='tree-toggle'>
<i class='fa fa-lg fa-caret-right'></i>
<a title="Describes usage and options of the Istio commands and utilities." href="/v0.8/docs/reference/commands/">Commands </a>
</label>
<ul class="tree collapse">
<li>
<a title="Istio Certificate Authority (CA)" href="/v0.8/docs/reference/commands/istio_ca/">istio_ca</a>
</li>
<li>
<a title="Istio control interface" href="/v0.8/docs/reference/commands/istioctl/">istioctl</a>
</li>
<li>
<a title="Utility to trigger direct calls to Mixer&amp;#39;s API." href="/v0.8/docs/reference/commands/mixc/">mixc</a>
</li>
<li>
<a title="Mixer is Istio&amp;#39;s abstraction on top of infrastructure backends." href="/v0.8/docs/reference/commands/mixs/">mixs</a>
</li>
<li>
<a title="Istio security per-node agent" href="/v0.8/docs/reference/commands/node_agent/">node_agent</a>
</li>
<li>
<a title="Istio Pilot agent" href="/v0.8/docs/reference/commands/pilot-agent/">pilot-agent</a>
</li>
<li>
<a title="Istio Pilot" href="/v0.8/docs/reference/commands/pilot-discovery/">pilot-discovery</a>
</li>
<li>
<a title="Kubernetes webhook for automatic Istio sidecar injection" href="/v0.8/docs/reference/commands/sidecar-injector/">sidecar-injector</a>
</li>
</ul>
</li>
</ul>
</div>
</div>
</div>
</div>
</nav>
</div>
<div class="col-12 col-md-9 col-xl-8">
<p class="d-md-none">
<label class="sidebar-toggler" data-toggle="offcanvas">
<i class="fa fa-sign-out-alt"></i>
</label>
</p>
<main aria-labelledby="title">
<h1 id="title">Plugging in external CA key and certificate</h1>
<nav class="toc-inlined d-xl-none d-print-none" >
<div class="directory" role="directory">
<nav id="InlinedTableOfContents">
<ul>
<li><a href="#before-you-begin">Before you begin</a></li>
<li><a href="#plugging-in-the-existing-certificate-and-key">Plugging in the existing certificate and key</a></li>
<li><a href="#verifying-the-new-certificates">Verifying the new certificates</a></li>
<li><a href="#cleanup">Cleanup</a></li>
<li><a href="#whats-next">What's next</a></li>
</ul>
</nav>
</div>
</nav>
<p>This task shows how operators can configure Citadel with existing root certificate, signing certificate and key.</p>
<p>By default, Citadel generates self-signed root certificate and key, and uses them to sign the workload certificates.
Citadel can also use the operator-specified certificate and key to sign workload certificates, with
operator-specified root certificate. This task demonstrates an example to plug certificates and key into Citadel.</p>
<h2 id="before-you-begin">Before you begin</h2>
<ul>
<li>
<p>Set up Istio by following the instructions in the
<a href="/v0.8/docs/setup/kubernetes/quick-start/">quick start</a> with global mutual TLS enabled:</p>
<pre><code class="language-command" data-lang="command">$ kubectl apply -f install/kubernetes/istio-demo-auth.yaml
</code></pre><p><em><strong>OR</strong></em>
Using <a href="/v0.8/docs/setup/kubernetes/helm-install/">Helm</a> with <code>global.mtls.enabled</code> to <code>true</code>.</p>
</li>
</ul>
<blockquote>
<p>From Istio 0.7, you can use <a href="/v0.8/docs/concepts/security/authn-policy/">authentication policy</a> to configure mutual TLS for all/selected services in a namespace (repeated for all namespaces to get global setting). See <a href="/v0.8/docs/tasks/security/authn-policy/">authentication policy task</a></p>
</blockquote>
<h2 id="plugging-in-the-existing-certificate-and-key">Plugging in the existing certificate and key</h2>
<p>Suppose we want to have Citadel use the existing signing (CA) certificate <code>ca-cert.pem</code> and key <code>ca-key.pem</code>.
Furthermore, the certificate <code>ca-cert.pem</code> is signed by the root certificate <code>root-cert.pem</code>.
We would like to use <code>root-cert.pem</code> as the root certificate for Istio workloads.</p>
<p>In the following example,
Citadel's signing (CA) certificate (<code>ca-cert.pem</code>) is different from root certificate (<code>root-cert.pem</code>),
so the workload cannot validate the workload certificates directly from the root certificate.
The workload needs a <code>cert-chain.pem</code> file to specify the chain of trust,
which should include the certificates of all the intermediate CAs between the workloads and the root CA.
In our example, it contains Citadel's signing certificate, so <code>cert-chain.pem</code> is the same as <code>ca-cert.pem</code>.
Note that if your <code>ca-cert.pem</code> is the same as <code>root-cert.pem</code>, the <code>cert-chain.pem</code> file should be empty.</p>
<p>These files are ready to use in the <code>samples/certs/</code> directory.</p>
<p>The following steps enable plugging in the certificates and key into Citadel:</p>
<ol>
<li>
<p>Create a secret <code>cacert</code> including all the input files <code>ca-cert.pem</code>, <code>ca-key.pem</code>, <code>root-cert.pem</code> and <code>cert-chain.pem</code>:</p>
<pre><code class="language-command" data-lang="command">$ kubectl create secret generic cacerts -n istio-system --from-file=samples/certs/ca-cert.pem \
--from-file=samples/certs/ca-key.pem --from-file=samples/certs/root-cert.pem \
--from-file=samples/certs/cert-chain.pem
</code></pre></li>
<li>
<p>Redeploy Citadel, which reads the certificates and key from the secret-mount files:</p>
<pre><code class="language-command" data-lang="command">$ kubectl apply -f @install/kubernetes/istio-citadel-plugin-certs.yaml@
</code></pre><blockquote>
<p>Note: if you are using different certificate/key file or secret names,
you need to change corresponding volume mounts and arguments in <code>istio-citadel-plugin-certs.yaml</code>.</p>
</blockquote>
</li>
<li>
<p>To make sure the workloads obtain the new certificates promptly,
delete the secrets generated by Citadel (named as istio.*).
In this example, <code>istio.default</code>. Citadel will issue new certificates for the workloads.</p>
<pre><code class="language-command" data-lang="command">$ kubectl delete secret istio.default
</code></pre></li>
</ol>
<h2 id="verifying-the-new-certificates">Verifying the new certificates</h2>
<p>In this section, we verify that the new workload certificates and root certificates are propagated.
This requires you have <code>openssl</code> installed on your machine.</p>
<ol>
<li>
<p>Deploy the bookinfo application following the <a href="/v0.8/docs/guides/bookinfo/">instructions</a>.</p>
</li>
<li>
<p>Retrieve the mounted certificates.
In the following, we take the ratings pod as an example, and verify the certificates mounted on the pod.</p>
<p>Set the pod name to <code>RATINGSPOD</code>:</p>
<pre><code class="language-command" data-lang="command">$ RATINGSPOD=`kubectl get pods -l app=ratings -o jsonpath='{.items[0].metadata.name}'`
</code></pre><p>Run the following commands to retrieve the certificates mounted on the proxy:</p>
<pre><code class="language-command" data-lang="command">$ kubectl exec -it $RATINGSPOD -c istio-proxy -- /bin/cat /etc/certs/root-cert.pem &gt; /tmp/pod-root-cert.pem
</code></pre><p>The file <code>/tmp/pod-root-cert.pem</code> contains the root certificate propagated to the pod.</p>
<pre><code class="language-command" data-lang="command">$ kubectl exec -it $RATINGSPOD -c istio-proxy -- /bin/cat /etc/certs/cert-chain.pem &gt; /tmp/pod-cert-chain.pem
</code></pre><p>The file <code>/tmp/pod-cert-chain.pem</code> contains the workload certificate and the CA certificate propagated to the pod.</p>
</li>
<li>
<p>Verify the root certificate is the same as the one specified by operator:</p>
<pre><code class="language-command" data-lang="command">$ openssl x509 -in @samples/certs/root-cert.pem@ -text -noout &gt; /tmp/root-cert.crt.txt
$ openssl x509 -in /tmp/pod-root-cert.pem -text -noout &gt; /tmp/pod-root-cert.crt.txt
$ diff /tmp/root-cert.crt.txt /tmp/pod-root-cert.crt.txt
</code></pre><p>Expect the output to be empty.</p>
</li>
<li>
<p>Verify the CA certificate is the same as the one specified by operator:</p>
<pre><code class="language-command" data-lang="command">$ tail -n 22 /tmp/pod-cert-chain.pem &gt; /tmp/pod-cert-chain-ca.pem
$ openssl x509 -in @samples/certs/ca-cert.pem@ -text -noout &gt; /tmp/ca-cert.crt.txt
$ openssl x509 -in /tmp/pod-cert-chain-ca.pem -text -noout &gt; /tmp/pod-cert-chain-ca.crt.txt
$ diff /tmp/ca-cert.crt.txt /tmp/pod-cert-chain-ca.crt.txt
</code></pre><p>Expect the output to be empty.</p>
</li>
<li>
<p>Verify the certificate chain from the root certificate to the workload certificate:</p>
<pre><code class="language-command" data-lang="command">$ head -n 21 /tmp/pod-cert-chain.pem &gt; /tmp/pod-cert-chain-workload.pem
$ openssl verify -CAfile &lt;(cat @samples/certs/ca-cert.pem@ @samples/certs/root-cert.pem@) /tmp/pod-cert-chain-workload.pem
/tmp/pod-cert-chain-workload.pem: OK
</code></pre></li>
</ol>
<h2 id="cleanup">Cleanup</h2>
<ul>
<li>
<p>To remove the secret <code>cacerts</code>:</p>
<pre><code class="language-command" data-lang="command">$ kubectl delete secret cacerts -n istio-system
</code></pre></li>
<li>
<p>To remove the Istio components:</p>
<pre><code class="language-command" data-lang="command">$ kubectl delete -f @install/kubernetes/istio-auth.yaml@
</code></pre></li>
</ul>
<h2 id="whats-next">What's next</h2>
<ul>
<li>Read more about <a href="/v0.8/docs/reference/commands/istio_ca/">Citadel (codename is istio_ca) arguments</a>.</li>
<li>Read <a href="https://github.com/istio/istio/blob/release-0.8/security/samples/plugin_ca_certs">how the sample certificates and keys are generated</a>.</li>
</ul>
</main>
<div class="container-fluid d-print-none">
<br/><hr/><br/>
<div class="row">
<div class="col-6">
<a title="Shows how to set up role-based access control for services in Istio mesh." href="/v0.8/docs/tasks/security/role-based-access-control/"><i class="fa fa-arrow-left"></i> Role-Based Access Control</a>
</div>
<div class="col-6" style="text-align: right">
<a title="Shows how to enable Citadel health checking with Kubernetes." href="/v0.8/docs/tasks/security/health-check/">Citadel health checking <i class="fa fa-arrow-right"></i></a>
</div>
</div>
</div>
<div class="d-none d-print-block" aria-hidden="true">
<h2>Links</h2>
<ol id="endnotes"></ol>
</div>
</div>
<div class="col-12 col-md-2 d-none d-xl-block d-print-none">
<nav class="toc">
<div class="spacer"></div>
<div id="toc" class="directory" role="directory">
<nav id="TableOfContents">
<ul>
<li><a href="#before-you-begin">Before you begin</a></li>
<li><a href="#plugging-in-the-existing-certificate-and-key">Plugging in the existing certificate and key</a></li>
<li><a href="#verifying-the-new-certificates">Verifying the new certificates</a></li>
<li><a href="#cleanup">Cleanup</a></li>
<li><a href="#whats-next">What's next</a></li>
</ul>
</nav>
</div>
</nav>
</div>
</div>
</div>
<footer class="d-print-none container-fluid">
<div class="row">
<div class="col-6 col-lg-4" role="navigation">
<div class="container-fluid">
<div class="row">
<div class="icon">
<span>istio-users@</span>
<a title="Join the istio-users@ mailing list to participate in discussions and get help troubleshooting problems"
href="https://groups.google.com/forum/#!forum/istio-users" aria-label="istio-users mailing list">
<svg viewBox="0 0 490 490">
<path d="M480,410.248H10c-5.523,0-10-4.477-10-10V89.752c0-5.523,4.477-10,10-10h470c5.522,0,10,4.477,10,10v310.495
C490,405.771,485.522,410.248,480,410.248z M20,390.248h450V99.752H20V390.248z"/>
<path d="M245,286.131c-2.083,0-4.167-0.649-5.931-1.948L48.64,143.929c-4.446-3.275-5.396-9.535-2.121-13.982
c3.275-4.447,9.535-5.396,13.982-2.121L245,263.712l184.5-135.886c4.447-3.274,10.709-2.326,13.982,2.121
c3.275,4.447,2.325,10.707-2.121,13.982L250.931,284.183C249.167,285.482,247.083,286.131,245,286.131z"/>
</svg>
</a>
</div>
<div class="icon">
<span>twitter</span>
<a title="Follow us on Twitter to get the latest news"
href="https://twitter.com/IstioMesh" aria-label="Twitter">
<svg viewBox="0 0 310 310">
<path d="M302.973,57.388c-4.87,2.16-9.877,3.983-14.993,5.463c6.057-6.85,10.675-14.91,13.494-23.73
c0.632-1.977-0.023-4.141-1.648-5.434c-1.623-1.294-3.878-1.449-5.665-0.39c-10.865,6.444-22.587,11.075-34.878,13.783
c-12.381-12.098-29.197-18.983-46.581-18.983c-36.695,0-66.549,29.853-66.549,66.547c0,2.89,0.183,5.764,0.545,8.598
C101.163,99.244,58.83,76.863,29.76,41.204c-1.036-1.271-2.632-1.956-4.266-1.825c-1.635,0.128-3.104,1.05-3.93,2.467
c-5.896,10.117-9.013,21.688-9.013,33.461c0,16.035,5.725,31.249,15.838,43.137c-3.075-1.065-6.059-2.396-8.907-3.977
c-1.529-0.851-3.395-0.838-4.914,0.033c-1.52,0.871-2.473,2.473-2.513,4.224c-0.007,0.295-0.007,0.59-0.007,0.889
c0,23.935,12.882,45.484,32.577,57.229c-1.692-0.169-3.383-0.414-5.063-0.735c-1.732-0.331-3.513,0.276-4.681,1.597
c-1.17,1.32-1.557,3.16-1.018,4.84c7.29,22.76,26.059,39.501,48.749,44.605c-18.819,11.787-40.34,17.961-62.932,17.961
c-4.714,0-9.455-0.277-14.095-0.826c-2.305-0.274-4.509,1.087-5.294,3.279c-0.785,2.193,0.047,4.638,2.008,5.895
c29.023,18.609,62.582,28.445,97.047,28.445c67.754,0,110.139-31.95,133.764-58.753c29.46-33.421,46.356-77.658,46.356-121.367
c0-1.826-0.028-3.67-0.084-5.508c11.623-8.757,21.63-19.355,29.773-31.536c1.237-1.85,1.103-4.295-0.33-5.998
C307.394,57.037,305.009,56.486,302.973,57.388z"/>
</svg>
</a>
</div>
<div class="icon">
<span>stack overflow</span>
<a title="Stack Overflow is where you can ask questions and find curated answers on deploying, configuring, and using Istio"
href="https://stackoverflow.com/questions/tagged/istio" aria-label="Stack Overflow">
<svg viewBox="0 0 120 120">
<polygon points="84.4,93.8 84.4,70.6 92.1,70.6 92.1,101.5 22.6,101.5 22.6,70.6 30.3,70.6 30.3,93.8 "/>
<path d="M38.8,68.4l37.8,7.9l1.6-7.6l-37.8-7.9L38.8,68.4z M43.8,50.4l35,16.3l3.2-7l-35-16.4L43.8,50.4z M53.5,33.2
l29.7,24.7l4.9-5.9L58.4,27.3L53.5,33.2z M72.7,14.9l-6.2,4.6l23,31l6.2-4.6L72.7,14.9z M38,86h38.6v-7.7H38V86z"/>
</svg>
</a>
</div>
<div class="icon">
<span>rocket chat</span>
<a title="Interactively chat with members of the Istio community."
href="https://istio.rocket.chat" aria-label="Rocket Chat">
<svg viewBox="0 0 512 512">
<path d="M496.293,255.338c0-24.103-7.21-47.215-21.437-68.699c-12.771-19.288-30.666-36.362-53.184-50.745
c-43.474-27.771-100.612-43.065-160.885-43.065c-20.131,0-39.974,1.702-59.222,5.072c-11.942-11.176-25.919-21.233-40.712-29.187
c-79.026-38.298-144.561-0.9-144.561-0.9s60.931,50.053,51.023,93.93c-27.259,27.041-42.033,59.646-42.033,93.594
c0,0.108,0.005,0.216,0.006,0.324c-0.001,0.108-0.006,0.216-0.006,0.324c0,33.949,14.774,66.554,42.033,93.595
c9.907,43.874-51.023,93.93-51.023,93.93s65.535,37.397,144.561-0.901c14.792-7.953,28.77-18.01,40.712-29.188
c19.249,3.372,39.091,5.072,59.222,5.072c60.272,0,117.411-15.294,160.885-43.064c22.518-14.383,40.412-31.457,53.184-50.742
c14.227-21.487,21.437-44.599,21.437-68.702c0-0.107-0.006-0.216-0.006-0.324C496.287,255.554,496.293,255.446,496.293,255.338z
M260.882,387.763c-25.367,0-49.66-2.932-72.107-8.282c-22.81,27.443-72.993,65.596-121.742,53.26
c15.857-17.031,39.352-45.81,34.32-93.207c-29.218-22.738-46.759-51.832-46.759-83.541c0-72.776,92.36-131.769,206.288-131.769
c113.928,0,206.288,58.993,206.288,131.769C467.17,328.765,374.81,387.763,260.882,387.763z M288.283,255.991
c0,15.133-12.27,27.403-27.4,27.403c-15.134,0-27.402-12.271-27.402-27.403s12.268-27.401,27.402-27.401
C276.014,228.59,288.283,240.858,288.283,255.991z M356.163,228.59c-15.133,0-27.4,12.268-27.4,27.401s12.268,27.403,27.4,27.403
c15.134,0,27.399-12.271,27.399-27.403S371.297,228.59,356.163,228.59z M165.601,228.59c-15.133,0-27.4,12.268-27.4,27.401
s12.268,27.403,27.4,27.403c15.134,0,27.401-12.271,27.401-27.403S180.735,228.59,165.601,228.59z"/>
</svg>
</a>
</div>
</div>
<div class="tag row d-none d-lg-flex">
for users
</div>
</div>
</div>
<div class="col-6 col-lg-4">
<p class="text-center copyright" role="contentinfo">
Istio
Archive
0.8<br>&copy; 2018 Istio Authors, <a href="https://policies.google.com/privacy">Privacy Policy</a><br>
Archived on July 31, 2018
</p>
</div>
<div class="col-6 col-lg-4 d-none d-lg-flex" role="navigation">
<div class="container-fluid">
<div class="row justify-content-end">
<div class="icon">
<span>istio-dev@</span>
<a title="Join the istio-dev@ mailing list to discuss development issues around the Istio project"
href="https://groups.google.com/forum/#!forum/istio-dev" aria-label="istio-dev mailing list">
<svg viewBox="0 0 490 490">
<path d="M480,410.248H10c-5.523,0-10-4.477-10-10V89.752c0-5.523,4.477-10,10-10h470c5.522,0,10,4.477,10,10v310.495
C490,405.771,485.522,410.248,480,410.248z M20,390.248h450V99.752H20V390.248z"/>
<path d="M245,286.131c-2.083,0-4.167-0.649-5.931-1.948L48.64,143.929c-4.446-3.275-5.396-9.535-2.121-13.982
c3.275-4.447,9.535-5.396,13.982-2.121L245,263.712l184.5-135.886c4.447-3.274,10.709-2.326,13.982,2.121
c3.275,4.447,2.325,10.707-2.121,13.982L250.931,284.183C249.167,285.482,247.083,286.131,245,286.131z"/>
</svg>
</a>
</div>
<div class="icon">
<span>github</span>
<a title="GitHub is where development takes place on Istio code"
href="https://github.com/istio/community" aria-label="GitHub">
<svg viewBox="0 0 478.165 478.165">
<path d="M349.22,55.768c6.136,14.046,10.241,37.556,4.224,54.69
c24.426,20.999,33.073,71.904,21.079,113.704c35.006,2.73,76.666-1.235,103.642,9.484c-25.183-3.248-59.651-9.563-91.987-7.431
c-6.136,0.458-15.361-0.239-14.903,8.408c37.735,3.008,75.092,6.117,105.894,15.779c-30.702-4.981-67.74-12.552-105.894-13.668
c-15.54,30.921-47.239,46.262-90.991,49.49c4.682,10.261,13.847,14.066,15.879,30.702c3.267,24.406-4.881,60.328,3.208,76.686
c4.064,7.89,10.579,8.009,14.863,14.604c-10.699,12.871-37.257-1.395-40.186-14.604c-5.14-22.852,7.89-58.256-6.415-73.737
c0.996,24.865-5.718,59.85,0.996,82.145c2.789,8.806,10.659,12.113,8.647,20.063c-49.809,5.08-28.989-64.373-37.177-105.356
c-7.471,0.697-4.204,11.197-4.224,15.76c-0.199,40.106,8.189,94.836-34.846,89.556c-1.315-8.348,5.838-11.217,8.467-19.007
c7.91-22.434-1.454-56.045,2.112-83.161c-16.417,12.512,1.793,55.666-8.428,77.961c-5.838,12.671-24.785,18.27-39.19,12.651
c1.873-9.464,11.695-7.989,15.879-16.875c5.818-12.452,0.02-30.244,2.092-48.494c-30.423,6.097-53.993-0.877-65.608-20.023
c-5.12-8.507-6.356-18.708-12.632-26.219c-6.117-7.551-16.098-8.507-19.087-18.808c37.755-9.185,39.17,38.771,73.06,39.807
c10.44,0.418,15.799-2.909,25.402-5.16c2.749-12.113,8.428-21.039,16.875-27.494c-42.078-5.658-76.865-18.788-93.023-50.466
c-38.293,1.893-73.339,7.013-105.894,14.843c29.547-10.679,65.807-14.604,104.778-15.819c-2.351-13.807-22.434-10.022-34.866-9.543
C47.677,227.17,18.449,230.138,0,233.645c26.817-9.543,64.233-8.348,100.454-8.428c-11.038-34.767-7.232-90.014,17.015-110.615
c-6.854-17.254-4.722-45.346,4.184-58.834c27.036,1.175,43.374,12.891,60.388,24.247c21.019-6.017,43.035-9.045,71.904-7.451
c12.133,0.677,24.705,6.097,33.731,5.32c8.906-0.877,18.728-10.898,27.534-14.843C326.507,58.099,336.17,56.206,349.22,55.768z"/>
</svg>
</a>
</div>
<div class="icon">
<span>drive</span>
<a title="Access our team drive if you'd like to take a look at the Istio technical design documents"
href="https://groups.google.com/forum/#!forum/istio-team-drive-access" aria-label="team drive">
<svg viewBox="0 0 207.027 207.027">
<path d="M69.866,15.557L0,138.919l28.732,52.552l143.288-0.029l35.008-59.588L136.39,15.735L69.866,15.557z M17.166,139.046
L74.268,38.205L91.21,67.783L33.24,168.447L17.166,139.046z M99.841,82.851l23.805,41.558l-47.732-0.006L99.841,82.851z
M163.434,176.443l-117.332,0.024l21.53-37.065l64.606,0.008l0.067,0.119l52.865-0.085L163.434,176.443z M140.932,124.411
L90.157,35.767l-2.966-5.178l40.751,0.121l57.003,93.706L140.932,124.411z"/>
</svg>
</a>
</div>
<div class="icon">
<span>working groups</span>
<a title="If you'd like to contribute to the Istio project, consider participating in our working groups"
href="https://github.com/istio/community/blob/master/WORKING-GROUPS.md" aria-label="working groups">
<svg viewBox="0 -45 439.833 439.833">
<polygon points="246.048,195.833 299.966,235.085 319.497,227.296 276.278,195.833"/>
<polygon points="193.786,195.833 163.556,195.833 120.33,227.3 139.862,235.089"/>
<path d="M219.927,11.558c-23.854,0-37.057,12.362-36.814,36.182c0.348,32.623,14.211,52.414,36.814,52.068
c0,0,36.802,1.492,36.802-52.068C256.729,23.918,244.294,11.558,219.927,11.558z"/>
<path d="M285.017,124.567l-36.77-14.659l-8.608-7.256c-2.274-1.922-5.636-1.78-7.741,0.317l-11.973,11.904l-12.008-11.907
c-2.109-2.094-5.465-2.229-7.736-0.313l-8.611,7.256l-36.77,14.661c-11.842,4.715-11.83,46.647-12.848,50.497h155.93
C296.866,171.228,296.862,129.28,285.017,124.567z"/>
<path d="M77.976,228.568c0,0,36.801,1.492,36.801-52.068c0-23.82-12.434-36.182-36.801-36.182
c-23.854,0-37.057,12.362-36.814,36.182C41.509,209.124,55.372,228.915,77.976,228.568z"/>
<path d="M143.065,253.329l-36.77-14.658l-8.609-7.256c-2.275-1.923-5.635-1.781-7.742,0.315l-11.971,11.904l-12.008-11.908
c-2.109-2.094-5.465-2.229-7.736-0.312l-8.611,7.256l-36.77,14.66C1.006,258.045,1.018,299.977,0,303.827h155.93
C154.915,299.988,154.911,258.042,143.065,253.329z"/>
<path d="M361.878,228.568c0,0,36.801,1.492,36.801-52.068c0-23.82-12.434-36.182-36.801-36.182
c-23.854,0-37.057,12.362-36.812,36.182C325.411,209.124,339.274,228.915,361.878,228.568z"/>
<path d="M426.968,253.329l-36.77-14.658l-8.609-7.256c-2.273-1.923-5.635-1.781-7.742,0.315l-11.971,11.904l-12.008-11.908
c-2.109-2.094-5.465-2.229-7.736-0.312l-8.61,7.256l-36.771,14.66c-11.842,4.715-11.83,46.646-12.848,50.497h155.93
C438.817,299.988,438.812,258.042,426.968,253.329z"/>
</svg>
</a>
</div>
<div class="icon">
<span>slack</span>
<a title="Interactively discuss development issues with the Istio community on Slack (invitation-only)"
href="https://istio.slack.com" aria-label="slack">
<svg viewBox="0 0 31.444 31.443">
<path d="M31.202,16.369c-0.62-1.388-2.249-2.011-3.637-1.391l-1.325,0.594l-3.396-7.591l1.325-0.592
c1.388-0.622,2.01-2.25,1.389-3.637c-0.62-1.389-2.248-2.012-3.637-1.39l-1.324,0.593l-0.593-1.326
c-0.621-1.388-2.249-2.009-3.637-1.388c-1.388,0.62-2.009,2.247-1.389,3.637l0.593,1.325L7.98,8.598L7.388,7.273
c-0.621-1.39-2.249-2.009-3.637-1.39C2.363,6.504,1.742,8.132,2.362,9.52l0.592,1.324L1.63,11.438
c-1.388,0.621-2.01,2.247-1.389,3.636c0.62,1.388,2.249,2.01,3.637,1.39l1.325-0.594l3.394,7.592l-1.325,0.592
c-1.388,0.621-2.009,2.25-1.389,3.637c0.621,1.389,2.249,2.011,3.637,1.391l1.324-0.593l0.593,1.325
c0.621,1.389,2.249,2.01,3.637,1.389c1.387-0.62,2.009-2.248,1.388-3.636l-0.591-1.326l7.591-3.394l0.592,1.321
c0.621,1.391,2.248,2.013,3.637,1.392c1.388-0.619,2.01-2.248,1.389-3.637l-0.592-1.324l1.323-0.594
C31.201,19.384,31.823,17.757,31.202,16.369z M13.623,21.215l-3.395-7.593l7.591-3.394l3.395,7.591L13.623,21.215z"/>
</svg>
</a>
</div>
</div>
<div class="tag row justify-content-end text-right">
for developers
</div>
</div>
</div>
</div>
</footer>
<div class="d-xl-none d-print-none">
<button id="scroll-to-top" aria-hidden="true" onclick="scrollToTop()" title="Back to top"><i class="fa fa-lg fa-arrow-up"></i></button>
</div>
<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js"></script>
<script src="https://www.google.com/cse/brand?form=search_form"></script>
<script src="/v0.8/js/all.min.js" data-manual></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink