Certificates with Azure Key Vault and Nginx Ingress Controller
ฝัง
- เผยแพร่เมื่อ 4 ธ.ค. 2020
- A quick walkthrough of pulling a certificate from Azure Key Vault to Azure Kubernetes Service and using it with Nginx Ingress Controller
Blog post: blog.baeke.info/2020/12/07/ce...
Alternative option with secrets store CSI driver: blog.baeke.info/2020/12/07/az...
#kubernetes #ingress #certificates #azure - วิทยาศาสตร์และเทคโนโลยี
Greatly and neatly explained with so much clarity
Thank you very much Geert :) your video is really helpful
Hi @Geert, great video. Have you tried akv secret store csi to sync cert? Is there an advantage of using akv2aks components?
I have worked with the secrets store CSI driver and the provider for Azure Key Vault. The advantage is of course its support for multiple providers and not just Key Vault. In general though, if it's AKS and Key Vault, I tend to go for this akv2k8s controller due to its simplicity. The CSI driver is a bit more complex. akv2aks also has an injector if you want to inject secrets into pods directly... Thanks for watching!
Hi @Geert, does akv2k8s controller only syncs self-signed cert from KV? I tried with a certificate issued by an integrated CA in KV and it does not work, it did generated a tls secret but when I run kubectl view cert, it return empty. When try use this tls secret in ingress and deploy, the cert shows invalid:NET::ERR_CERT_AUTHORITY_INVALID and has the wrong issuer, it shows Issued by: Kubernetes Ingress Controller Fake Certificate.