Merge pull request #1424 from SpectralHiss/hef/fix-istio-csr-installation-docs

jetstack-bot · web-flow · commit b86451d6c0a4 · 2024-02-15T19:57:18.000Z
Update istio-csr installation for Istio &gt;= 1.16
diff --git a/content/docs/tutorials/istio-csr/example/istio-config-getting-started.yaml b/content/docs/tutorials/istio-csr/example/istio-config-getting-started.yaml
@@ -19,39 +19,3 @@ spec:
           # Disable istiod CA Sever functionality
         - name: ENABLE_CA_SERVER
           value: "false"
-        overlays:
-        - apiVersion: apps/v1
-          kind: Deployment
-          name: istiod
-          patches:
-
-            # Mount istiod serving and webhook certificate from Secret mount
-          - path: spec.template.spec.containers.[name:discovery].args[-1]
-            value: "--tlsCertFile=/etc/cert-manager/tls/tls.crt"
-          - path: spec.template.spec.containers.[name:discovery].args[-1]
-            value: "--tlsKeyFile=/etc/cert-manager/tls/tls.key"
-          - path: spec.template.spec.containers.[name:discovery].args[-1]
-            value: "--caCertFile=/etc/cert-manager/ca/root-cert.pem"
-
-          - path: spec.template.spec.containers.[name:discovery].volumeMounts[-1]
-            value:
-              name: cert-manager
-              mountPath: "/etc/cert-manager/tls"
-              readOnly: true
-          - path: spec.template.spec.containers.[name:discovery].volumeMounts[-1]
-            value:
-              name: ca-root-cert
-              mountPath: "/etc/cert-manager/ca"
-              readOnly: true
-
-          - path: spec.template.spec.volumes[-1]
-            value:
-              name: cert-manager
-              secret:
-                secretName: istiod-tls
-          - path: spec.template.spec.volumes[-1]
-            value:
-              name: ca-root-cert
-              configMap:
-                defaultMode: 420
-                name: istio-ca-root-cert
diff --git a/content/docs/tutorials/istio-csr/istio-csr.md b/content/docs/tutorials/istio-csr/istio-csr.md
@@ -110,15 +110,16 @@ We use the `istioctl` CLI to install Istio, configured using a custom IstioOpera
 The custom manifest does the following:
 
 - Disables the CA server in istiod,
-- Ensures that Istio workloads request certificates from istio-csr,
-- Ensures that the istiod certificates and keys are mounted from the Certificate created when installing istio-csr.
+- Ensures that Istio workloads request certificates from istio-csr
 
 First we download our demo manifest and then we apply it.
 
 ```console
 curl -sSL https://raw.githubusercontent.com/cert-manager/website/master/content/docs/tutorials/istio-csr/example/istio-config-getting-started.yaml > istio-install-config.yaml
 ```
 
+> Note: for versions before Istio 1.16 you need to mount a few extra volumes by using an alternate Istio installation manifest as [shown here](https://github.com/cert-manager/website/blob/98579eb092b2f2c41049b7347c1e34bcf3c6396a/content/docs/tutorials/istio-csr/istio-csr.md#installing-istio-csr)
+
 You may wish to inspect and tweak `istio-install-config.yaml` if you know what you're doing,
 but this manifest should work for example purposes as-is.
 
