Neuvector cert-upgrader needs a second look
Currently, we set autoGenerateCert: true
and autoRotateCert: true
Its not clear if we need to do this while running in Istio.
Furthermore, because we do this we need to add exceptions to the istio mesh to allow the internal cert-upgrader job to talk to the healthcheck port 18500
.
We need to evaluate a path forward here and likely communicate with Neuvector maintainers to determine the proper next steps.
Edited by Dax McDonald