Install Citadel

When to follow these instructions

Follow the instructions below only if you want to start using Citadel to customize your Istio certificates. Various components that rely on Citadel’s custom certificates will direct you to this page.

Prerequisite

Citadel needs access to the same CA certificate used by Istio. Follow the instructions on configuring certificates to plug in CA certificates. With the custom CA certificate in place, Citadel certificates will be interoperable with Istio.

About Citadel configuration

The Helm chart for Citadel includes a values.yaml file that contains fields that Helm uses to generate the manifest files during an installation or an upgrade. You can change the default value of a field by doing both of the following:

• Include the field in the override values file for Citadel and specify a different value.

• Specify the override values file and a namespace when installing or upgrading Citadel.

Create an override values file for Citadel

1. Change to the Aspen Mesh release directory.

2. Change to the directory for Citadel:

   $ cd manifests/charts/security
   

3. Create an override values file for Citadel by copying the Citadel values.yaml file to a new file (for example, citadel-override-values.yaml):

   $ cp values.yaml <citadelOverrideValuesFilename>
   

4. Open the override values file for Citadel in a text editor.

5. Read the comments for each field and comment out or remove any unrequired fields that you don’t want to override.

6. Change the values of the remaining fields.

7. Save and close the file.

8. Move the override values file for Citadel to a permanent location.

   You’ll need access to this file when installing or upgrading Citadel, and you should keep the file under version control.

Install Citadel

1. Open your Aspen Mesh override values file (for example, aspen-mesh-override-values.yaml) in a text editor.

2. Does the file contain the following information related to Citadel?

   global:
     certificateCustomFields: true
   

   • Yes:

     • Close the file.

     • Go to step 3.

   • No:

     • Add the information.

     • Save and close the file.

     • Perform an upgrade of Aspen Mesh.

3. Install Citadel:

   $ helm install citadel manifests/charts/security \
       --namespace istio-system \
       --values <citadelOverrideValuesFilename>