Menu
To allow Kubernetes to use the TLS certificate and private key for the ingress controller, you create and use a Secret. Instead of this cant we store the .crt and .key files in Azure Key vault and create a secret and use it in Ingress?
The below article describe the steps for creating Kubernetes secret and use it in Ingress object https://learn.microsoft.com/en-us/azure/aks/ingress-own-tls
Is there any way instead of Kubernetes secrets can we use azure key vault? If so can you please give some suggestion or how can we achieve this?
217
Yes it is possible, you need to concat both .crt and .key in file and import into azure keyvault as certificate. Install azure-key-vault-controller to read secrets/certs from azure keyvault and create k8s secrets out of it.
kind: AzureKeyVaultSecret
metadata:
name: ingress-cert
namespace: default
spec:
vault:
name: <vault name> # name of key vault
object:
name: <newly created cert name from vault>
type: certificate
output:
secret:
name: ingress-secret-tls # kubernetes secret name
type: kubernetes.io/tls # kubernetes secret type
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
