About the Aspen Mesh CAs#
Introduction#
Before working with certificates and the certificate authorities (CAs) in Aspen Mesh, it helps to understand the types of pods the CAs support and the function each CA performs.
Types of supported pods#
The Aspen Mesh CAs support (manage workload certificates for) the following types of pods:
Pod type |
Definition |
---|---|
Off-mesh, on-cluster non-gateway pod |
A pod that: |
On-mesh non-gateway pod |
A pod that: |
Istio gateway pod |
A pod that: |
Example: Types of supported pods#
This is an example of a Kubernetes cluster with one instance of each type of pod that’s supported by the Aspen Mesh CAs:
The Aspen Mesh CAs#
There are two CAs in Aspen Mesh:
CA |
Function |
---|---|
Istiod |
Manages (creates, signs, and rotates) workload certificates for the following on-mesh items: |
Citadel |
If installed and other conditions are met, manages (creates, signs, and rotates) workload certificates for the following off-mesh items: |