Allow configurable trust domain in Istio identities

**Describe the feature request**
Allow use of configurable domain in Istio identities.

**Describe alternatives you've considered**
currently all identities are hard coded to use the `cluster.local` domain.

**Additional context**
#7849 has initial work in Citadel, but needs further work in other components:

- [ ] add option support in Helm charts (incl istio-remote)
- [ ] changes in istioctl to kube-inject `verify_subject_alt_name` (e.g., [here](https://github.com/istio/istio/blob/master/pkg/bootstrap/bootstrap_config.go#L46))
- [ ] change [hard coded places](https://github.com/istio/istio/search?p=1&q=spiffe%3A%2F%2Fcluster.local&unscoped_q=spiffe%3A%2F%2Fcluster.local), except tests
- [ ] collect identity related items into a new package (e.g., `security/pkg/identity`) to avoid duplication

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow configurable trust domain in Istio identities #8661

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Allow configurable trust domain in Istio identities #8661

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions