Add feature page for custom ca integration using k8s CSR

features.yaml

@@ -276,6 +276,14 @@ features:
       maturity: Experimental
       nextExpectedPromotion: ""
     area: Security and policy enforcement
+  - name: "Custom CA Integration using Kubernetes CSR"
+    id: "security.custom_ca_integration"
+    link: "/docs/tasks/security/cert-management/custom-ca-k8s"
+    level:
+      checklist: features/custom_ca_k8s_csr.md
+      maturity: Experimental
+      nextExpectedPromotion: ""
+    area: Security and policy enforcement
   - name: "In-Cluster Operator"
     id: "core.in_cluster_operator"
     link: "/docs/setup/install/operator/"
@@ -399,7 +407,7 @@ features:
     id: "core.dual_stack"
     level:
       checklist: features/dual-stack-support.md
-      maturity: Experimental 
+      maturity: Experimental
       maturityNotes: Dual Stack IPv4 and IPv6 is supported.
       nextExpectedPromotion: ""
     area: Core

features/custom_ca_k8s_csr.md

@@ -0,0 +1,230 @@
+[//]: # (The syntax preceeding this line is a comment marker used to help guide the author in populating this document)
+[//]: # (to github. Unlike HTML comments commonly used throughout istio.io documentation, this comment will not be rendered)
+[//]: # (by github. Comments must be separated by carriage return preceding and concluding the text and be a single line.)
+
+[//]: # (This is a living document representing the maturity of a feature. Completion of this template enables Istio work groups)
+[//]: # (to collect information on potential new functionality. This template should be completed before users are exposed to)
+[//]: # (any new experimental feature. Please complete this template during development.)
+
+[//]: # (The feature implementation section must be completed before submission of the document.)
+
+# Feature:
+
+[//]: # (All information in this section is mandatory.)
+
+**Feature name:**
+
+Custom CA Integration using Kubernetes CSR
+[//]: # (The name of the feature, e.g. Multiple control planes)
+
+**Primary lead(s):**
+
+
+[//]: # (The primary lead or leads responsible for the feature. These individuals serve as a point of contact for the feature.)
+
+**Short description:**
+
+Provision Workload Certificates using a custom certificate authority that integrates with the Kubernetes CSR API.
+[//]: # (A short description of the feature. One or two sentences maximum.)
+
+
+**Design Docs:**
+
+* [Istio Integrating with custom CAs](https://docs.google.com/document/d/1KAw8-0FivdYQAcWMVTMl-JYvVCn2fpNTbu6Ya3y9d1E/)
+* [Istio - Custom CA Integration with Istiod as RA](https://docs.google.com/document/d/1AvhgOU4vlmSOtIUsOZYa5R4Dz8NHzuaCi_Y0FrSAceM/)
+* [Istio custom CA Integration: Implementation Spec](https://docs.google.com/document/d/1X_BSNv7EztNAvND1JJs9YKFzWzn65cYXMeTkPh9ncr4/)
+
+[//]: # (Design docs for feature)
+
+
+**Relevant Documentation:**
+
+* https://istio.io/latest/docs/tasks/security/cert-management/custom-ca-k8s/
+* https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/
+
+[//]: # (Links to relevant documentation for feature)
+
+**RFC:**
+
+[//]: # (Link to RFC for feature)
+N/A. Design doc presented instead.
+
+
+---
+
+## Experimental
+
+### Requirements:
+
+[//]: # (All information in this section is mandatory for promotion. Please modify the links in this)
+[//]: # (section.)
+
+- [ ] [User stories](insert_your_link_here) reviewed in a work group meeting.
+
+[//]: # (User stories are a way to communicate user value. User stories follow the style)
+[//]: # (as a [type of user], I want [an action] so that [a benefit/a value]. Istio currently has no user)
+[//]: # (story template. Maybe you can make one?)
+
+[//]: # (User stories must be presented in a work group meeting. They need no approval and are later integrated)
+[//]: # (into the RFCs, which do need approval for alpha. You may find value to negotiate within the work group where the)
+[//]: # (user stories are presented to help clarify the user stories.)
+
+- [ ] [RFC Authored] - [create an RFC using template](https://docs.google.com/document/d/1ewJoCcw5-04crH-M0xw4zFxz1cfwVCPnNyW4K3m4Yyc/template/preview).
+
+> Design Doc :
+
+[//]: # (An RFC is mandatory to graduate to experimental. The RFC does not have to be reviewed in a work group)
+[//]: # (meeting to graduate to experimental.)
+
+- [X] [Documentation](insert_your_link_here) for enabling and using the feature.
+
+> A task is created for the feature : https://istio.io/latest/docs/tasks/security/cert-management/custom-ca-k8s/
+
+[//]: # (The documentation instructions may exist on the developer wiki or the team drive. They may include instructions)
+[//]: # (for building running a `istioctl experimental command`, or using the preview profile,)
+[//]: # (or any other relevant information.)
+
+- [ ] [Feedback plan](insert_your_link_here).
+
+[//]: # (This may include user feedback meetings, discuss.istio.io conversations, GitHub issues, or mailing lists.)
+
+- [X] Disabled by default.
+
+- [X] No impact on performance when the feature is disabled.
+
+
+[//]: # (Once all other items are completed, features.yaml should be updated to promote the feature)
+
+- [X] [features.yaml](https://github.com/istio/enhancements/blob/master/features.yaml) updated for this feature
+---
+
+## Alpha
+
+### Requirements:
+
+**Design**
+
+- [] RFC has been approved describing the intention of the feature as well as the user stories behind the feature.
+
+**Config**
+
+- [] Explicit user action is required to enable this feature (e.g. a config field, config resource, or installation action).
+
+**Docs**
+
+- [] Reference docs are published to preliminary.istio.io or the Istio wiki.
+
+- [] Basic feature docs are published on preliminary.istio.io describing what the feature does, how to use it, and any caveats. 
+
+- [] Release notes entries added as appropriate
+
+- [] Upgrade notes entries added as appropriate
+
+**Tests**
+
+- [] Automated integration tests cover core use cases with the feature enabled.
+- [] When disabled, the feature does not affect system stability or performance.
+
+**API**
+
+- [ ] Initial API review.
+
+**Approvals**
+
+- [] The appropriate work group(s) have reviewed and approved promotion of the feature.
+- [] The TOC has reviewed and approved promotion of the feature as part of the
+	roadmap for a release.
+
+**Promotion**
+
+[//]: # (Once all other items are completed, features.yaml should be updated to promote the feature)
+
+- [] [features.yaml](https://github.com/istio/enhancements/blob/master/features.yaml) updated for this feature
+
+---
+
+## Beta
+
+### Requirements:
+
+**Design**
+
+- [] Design doc describing the intention of the feature, how it will be
+	implemented, and any thoughts on how to test the feature has been approved by
+	relevant work group leads
+- [] Feature coverage and test plans written and approved.
+
+**Docs**
+
+- [ ] Documentation on istio.io includes performance expectations; may have caveats.
+- [] Documentation on istio.io includes samples/tutorials.
+- [] Documentation on istio.io includes appropriate glossary entries.
+- [] All new documentation containing user actions includes istio.io tests.
+- [] Release notes have been added.
+- [] Upgrade notes have been added.
+
+**Tests**
+
+- [] Integration tests cover feature edge cases
+- [] End-to-end tests cover samples/tutorials
+- [] Fixed issues have tests to prevent regressions
+- [ ] Stability/stress test suite includes coverage for the feature.
+
+**Performance**
+
+- [ ] Feature coverage and test plans written and approved
+- [ ] Tests exist with the feature enabled that can be integrated with our automated performance testing.
+
+**API**
+
+- [ ] TOC has reviewed the API and determined it to be complete.
+
+**Tooling**
+
+- [ ] Any necessary tooling to use/debug the feature has been implemented and is complete.
+
+**Bugs**
+
+- [] Feature has no known major issues.
+
+**Approvals**
+
+- [] The appropriate work group(s) have reviewed and approved promotion of the feature.
+- [ ] The supportability review panel has reviewed promotion of the feature.
+- [ ] The TOC has reviewed and approved promotion of the feature as part of the
+	road map for a release.
+
+
+**Promotion**
+
+[//]: # (Once all other items are completed, features.yaml should be updated to promote the feature)
+
+- [] [features.yaml](https://github.com/istio/enhancements/blob/master/features.yaml) updated for this feature
+---
+
+## Stable
+
+### Requirements:
+
+**Performance**
+
+- [ ] Latency, throughput, and scalability are quantified and documented on
+	istio.io.
+
+**Bugs**
+
+- [ ] Feature has no known major issues.
+
+**Approvals**
+
+- [ ] The appropriate work group(s) have reviewed and approved promotion of the feature.
+- [ ] The [supportability review panel](https://docs.google.com/document/d/1w0epyFhhDSf_TwFEfa_lrn1v61mXNJKpEp_kUgp4sSc/edit#) has reviewed the feature in order to find any supportability concerns.
+- [ ] The TOC has reviewed and approved promotion of the feature as part of the
+	roadmap for a release.
+
+
+**Promotion**
+
+[//]: # (Once all other items are completed, features.yaml should be updated to promote the feature)
+
+- [ ] [features.yaml](https://github.com/istio/enhancements/blob/master/features.yaml) updated for this feature