►
From YouTube: Istio 1.6 Deep Dive Certificate Rotation (Part 2)
Description
In this 4-part series, we look at how to rotate Istio CA certs without interruption.
In this part, we see how to rotate intermediates with the same root and no disruption
About us https://solo.io
Manage multi-cluster Istio with Service Mesh Hub https://solo.io/products/service-mesh-hub/
Istio 1.6 https://istio.io/latest/news/releases/1.6.x/announcing-1.6/
Questions? https://slack.solo.io
A
A
A
Okay,
this
is
you
know,
sis,
and
we
should
see
us
your
diri,
starting
that
should
pick
up.
Our
new
intermediate
CA
over
here
put
check
proxy
status
between
the
difference
services.
We
should
see
that
it's
this
coming
up
or
that
to
configure,
has
actually
been
synced
and
then
what
we're
gonna
do
is
restart
the
HTV
pin
workload
and
you
notice
in
the
previous
demos,
but
when
we
did
this,
when
we
changed
the
CA
that
the
connections
would
break
between
the
different
workloads
now
we
don't
want
that
to
happen.
A
Alright,
so
let's,
let's
try
it
again
between
sleep
and
HTTP.
Pin,
oh,
it
works.
It
works
this
time
and
the
reason
for
that
is
because
we
changed
the
intermediate
to
a
different
CA
and
now
new
workloads
are
being
signed
with
that
CA,
but
it's
still
anchored
in
the
same
route
route
a
and
so
we
can.
We
can
validate
that
or
show
that
so
in
HT
pin,
which
is
a
new
workload
I
guess
we
started
it.
It's
shell
into
it.
Come
over
here.
Do
the
curl.
A
Inspect
should
see
65.
This
is
the
serial
number
for
the
route
65
ec
v
ec,
so
these
are
definitely
anchored
in
the
same
route,
which
is
why
we
didn't
see
the
traffic
disruption
now
in
the
next
video.
What
we're
going
to
look
at
is
introducing
the
a
new
route
and
in
video
number
2
we
saw
that
that
would
break
our
connections.
We're
gonna
do
that
in
such
a
way
that
it
doesn't
break
the
connections
in
the
next
video,
so
go,
go!
Watch
that
and
in
stay
tuned
to
this
series.