I have started working on istio implementation and able to see some progress. Have got few doubts and I see myself missing something in the documentation…
Currently, I am using a gateway, virtual service, destination rules, authorization services for 2 deployments and I am able to see the graph with mTLS enabled in the kiali dashboard. and it’s all working fine.
As I have to use now GoDaddy CA certs , gone through the documentation regarding " Plug in certificates and key into the cluster ", looks like during the fresh installation of the istio it’s picking custom CA certs but with below errors
2022-02-03T16:23:31.337162Z info initializing mesh networks from mesh config watcher
2022-02-03T16:23:31.337167Z info initializing mesh handlers
2022-02-03T16:23:31.337178Z info creating CA and initializing public key
2022-02-03T16:23:31.337214Z info Use local CA certificate
Error: failed to create discovery service: failed to create CA: failed to create an istiod CA: certificate is not authorized to sign other certificates
2022-02-03T16:23:31.338090Z error failed to create discovery service: failed to create CA: failed to create an istiod CA: certificate is not authorized to sign other certificates
I am stuck in this and exploring for any other approaches if I have to look into anything if I am missing.
Can you please advise with some of the inputs regarding this