By default, Citadel manages the DNS certificates of the Istio control plane. Citadel is a large component that maintains its own private signing key, and acts as a Certificate Authority (CA). New in Istio 1.4, we introduce a feature to securely provision and manage DNS certificates signed by the Kubernetes CA, which has the following advantages. Lighter weight DNS certificate management with no dependency on Citadel. Unlike Citadel, this feature doesn’t maintain a private signing key, which...
