Skip to content

Istio listening on stale certificates even after new certificates are available #39985

Closed
#40137
Closed
Istio listening on stale certificates even after new certificates are available#39985
#40137
Labels
area/security
@nirvanagit

Description

@nirvanagit
nirvanagit
opened on Jul 19, 2022

Bug Description

Issue 1

When istio proxy comes up for the first time, and it is given certificates via SDS, it was observed that it stores duplicate entries of the certificate as seen in the /certs endpoint.

Issue 2

Envoy continues to listen on stale certificates, even when /certs endpoint shows that it has new certificates. One thing to note here is, that the /certs endpoint shows both new as well as old certificates.

Envoy is serving stale certificates only when there are more than 1 unique certificates found in the /certs endpoint.

Version

$ istioctl version
1.13.4

$ kubectl version
1.21 (both)

Additional data points

It is consistently seen that the /certs endpoints shows constant occurrences of the old certificate:

k exec -it debug-62rg9 -c istio-proxy -- `echo $certs_json` | grep cert_chain -A 11 | grep c34eeb5c60ab46b7b7afd046aab7823c | wc -l
      39

Even when certificates rotate, the count of the original certificate remains consistent in /certs endpoint.

Some parsed data from the /certs endpoint:

╰─$ cat ratings-v1-b6994bb9-vjhtq.certs.json| grep cert_chain | wc -l
      29
╭─aaeron@macos-C02G72ZBMD6T ~/workspace/setup/istio/releases/istio-1.13.4
╰─$ cat ratings-v1-b6994bb9-vjhtq.certs.json| grep cert_chain -A 3 | grep serial | wc -l
      29
╭─aaeron@macos-C02G72ZBMD6T ~/workspace/setup/istio/releases/istio-1.13.4
╰─$ cat ratings-v1-b6994bb9-vjhtq.certs.json| grep cert_chain -A 3 | grep serial | sort -u
     "serial_number": "26931ad6c653ea029212660e6edb781c",

The above command show that there are 29 instances of cert_chain, even though the serial number of all the certificates are the same. Which means that /certs endpoint is storing duplicate entries.

Data from /certs endpoint in cluster created via kind.

{
 "certificates": [
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  },
  {
   "ca_cert": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "e2110e139cc6cc7a",
     "subject_alt_names": [],
     "days_until_expiration": "34863",
     "valid_from": "2018-01-24T19:15:51Z",
     "expiration_time": "2117-12-31T19:15:51Z"
    }
   ],
   "cert_chain": [
    {
     "path": "\u003cinline\u003e",
     "serial_number": "26931ad6c653ea029212660e6edb781c",
     "subject_alt_names": [
      {
       "uri": "spiffe://cluster.local/ns/bookinfo/sa/bookinfo-ratings"
      }
     ],
     "days_until_expiration": "0",
     "valid_from": "2022-07-19T05:18:54Z",
     "expiration_time": "2022-07-20T05:20:54Z"
    }
   ]
  }
 ]
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/security

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions