I am currently trying to setup the auto_encrypt feature on my client agents.
Setup is working fine as expected in the documentation:
But I’m facing a challenge when it comes to my sidecars registering their services and connecting their envoy to the agent.
I’m facing a “x509 : signed by unknow authority” , I understand that when using auto_encrypt, consul manages an other CA which is obviously not the same as the one I bootstrap and sign my certificates with.
Related github issue : https://github.com/hashicorp/consul/issues/8636
How to bootstrap those dynamic certs onto my sidecars? Since, as I understand it, its signed with specific SPIFFE which are dependant on the cluster-id which is non-deterministic.
Thanks for your help.