From 8a2f86d2af3d97f41289eb3098ee6d3562d0bf57 Mon Sep 17 00:00:00 2001
From: Maitiu O Ciarain <m.ociarain@gmail.com>
Date: Thu, 5 Dec 2024 16:31:27 +0000
Subject: [PATCH] Pass through the istio config values

---
 dev-infrastructure/modules/aks-cluster-base.bicep | 11 +++++++++++
 dev-infrastructure/templates/svc-cluster.bicep    |  1 +
 2 files changed, 12 insertions(+)

diff --git a/dev-infrastructure/modules/aks-cluster-base.bicep b/dev-infrastructure/modules/aks-cluster-base.bicep
index 2af685289..cc907a6ae 100644
--- a/dev-infrastructure/modules/aks-cluster-base.bicep
+++ b/dev-infrastructure/modules/aks-cluster-base.bicep
@@ -32,6 +32,8 @@ param podSubnetPrefix string
 param clusterType string
 param workloadIdentities array
 
+param istioCerticiateKeyVaultID string
+
 @maxLength(24)
 param aksKeyVaultName string
 
@@ -335,6 +337,15 @@ resource aksCluster 'Microsoft.ContainerService/managedClusters@2024-04-02-previ
       ? {
           mode: 'Istio'
           istio: {
+            certificateAuthority: {
+              plugin: {
+                certChainObjectName: 'cert-chain'
+                certObjectName: 'ca-cert'
+                keyObjectName: 'ca-key'
+                keyVaultId: (istioCerticiateKeyVaultID)
+                rootCertObjectName: 'root-cert'
+              }
+            }
             components: {
               ingressGateways: [
                 {
diff --git a/dev-infrastructure/templates/svc-cluster.bicep b/dev-infrastructure/templates/svc-cluster.bicep
index 337708150..ce919671c 100644
--- a/dev-infrastructure/templates/svc-cluster.bicep
+++ b/dev-infrastructure/templates/svc-cluster.bicep
@@ -200,6 +200,7 @@ module svcCluster '../modules/aks-cluster-base.bicep' = {
       }
     })
     aksKeyVaultName: aksKeyVaultName
+    istioCerticiateKeyVaultID: serviceKeyVault.id
     acrPullResourceGroups: acrPullResourceGroups
   }
 }