Create a Signer Profile

In the context of Service Mesh, the term "Singer" refers to Kubernetes resources that are responsible for configuring and enabling the external CA signing mode. These resources facilitate the provision of signed certificates to workloads within the Service Mesh.

To enable an external CA signing mode in service mesh,

  1. Go to menu > KUBE+ > Cluster Security > Secure Service Mesh .
  2. Click .
  3. On the Create Signer page, enter/select the field information.
    Table 1. Filed and Description for Signer Creation
    Field Description
    Name Enter a unique name for the signer.
    Mesh Name Select a service mesh configuration associated to the cluster onboarded in earlier.
    CA Mode Select a designated issuance mode for the associated Mesh Certificate Authority.
    Profile Name Enter a unique profile name. For example, <domain>/istio.
    External Secret Name Enter the name of the secret where the trust store certificate should be synchronized.
    External Secret Namespace Enter the namespace of the secret.
    Duration Enter the duration in the hours.
  4. Click Generate YAML to get the commands in the Singer YAML field.
    Note:
    • To see the commands in the full screen view, click the .
    • To copy the command, click .
  5. Click Add to add the signer to the Signer inventory list.