The new installer is intended to be modular and very explicit about what is installed. It has
far more steps than the Istio installer - but each step is smaller and focused on a specific
feature, and can be performed by different people/teams at different times.

It is strongly recommended that different namespaces are used, with different service accounts.
In particular access to the security-critical production components (root CA, policy, control)

  // - All: all dry run stages will be processed
  // +optional
  repeated string dryRun = 1;

  // Force is going to "force" Apply requests. It means user will
  // re-acquire conflicting fields owned by other people.
  optional bool force = 2;

  // fieldManager is a name associated with the actor or entity
  // that is making these changes. The value must be less than or

'environment'. ## Installing The new installer is intended to be modular and very explicit about what is installed. It has far more steps than the Istio installer - but each step is smaller and focused on a specific feature, and can be performed by different people/teams at different times. It is strongly recommended that different namespaces are used, with different service accounts. In particular access to the security-critical production components (root CA, policy, control) should be locked down and restricted....

[label="Send CSR gRPC Request"] subgraph cluster_istioagent { label = "Istio Agent" color="orange" sds SecretManager -> caClient [label="Sign CSR"] caClient -> grpc grpc -> TokenProvider [dir=none,label="Fetch JWT",color=purple] grpc -> cfiles [dir=none,label="Fetch Cert",color=purple] sds -> SecretManager [label="Generate certificate"] SecretManager -> cfiles [label="Write certs to file"] cfiles [label="Certificate Files"] grpc [shape=diamond] } subgraph cluster_istiod { label = "Istiod" color="lightblue"...

digraph { envoy -> sds [dir=both, label="SDS"] envoy -> xdsproxy [dir=both, label="ADS"] sds -> ca [label="CSR"] xdsproxy -> discovery [dir=both,label="ADS"] envoy [shape=hexagon, color=purple] subgraph cluster_istioagent { label = "Istio Agent" color="orange" sds xdsproxy } subgraph cluster_istiod { label = "Istiod" color="lightblue" ca discovery } }...