'AKS ingress with nginx and Key Vault certificates issue with creating secret nginx cannot find specific specific cert from vault
AKS ingress with nginx and Key Vault certificates issue with creating secret from cert in vault. Cert is in the key vault has all required permissions. I've imported cert to vault as pfx.
How can I fix the error seen in the Nginx logs?
nginx csi yaml:
apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
kind: SecretProviderClass
metadata:
name: ingress-tls
namespace: xxxxx
spec:
provider: azure
secretObjects:
- secretName: ingress-tls-csi #name of the secret that gets created - this is the value we provide to nginx
type: kubernetes.io/tls
data:
- objectName: xxxxx # cernt name in vault
key: tls.key
- objectName: # cer name name in vault
key: tls.crt
parameters:
usePodIdentity: "true" #since we are using aad pod identity we set this to true
#userAssignedIdentityID: ""
keyvaultName: "kv-xxxxx"
objects: |
array:
- |
objectName: xxxxxxx
objectType: secret
tenantId: xxxxxxxxxxxxxxxxx
-----------------------------
part of app deployment yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: portal-ingress
namespace: xxxxxx
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/affinity: cookie
nginx.ingress.kubernetes.io/affinity-mode: persistent
spec:
# ingressClassName: "traefik-internal"
tls:
- hosts:
- xxxxxxx
secretName: ingress-tls-csi
rules:
- host: "*xxxxxxxxxxxx"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: xxxx
port:
number: 80
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|