5

To allow Kubernetes to use the TLS certificate and private key for the ingress controller, you create and use a Secret. Instead of this cant we store the .crt and .key files in Azure Key vault and create a secret and use it in Ingress?

The below article describe the steps for creating Kubernetes secret and use it in Ingress object https://learn.microsoft.com/en-us/azure/aks/ingress-own-tls

Is there any way instead of Kubernetes secrets can we use azure key vault? If so can you please give some suggestion or how can we achieve this?

Rajesh Saradka Narayana
  • 91
  • 6
  • Good question, seems logical, but I think this is just not possible because the microsoft documentation does not say it is not possible nor possible. But I agree this is a natural place to do it. Microsoft's Load balancer is level 4 without SSL and only choice is ingress (or AG) and looks like ingress cannot get it from keyvault. Half baked products of Microsoft. The documentation from Microsoft says AKS is not integrated with Keyvault, but I guess they do not mean this case though. https://learn.microsoft.com/en-us/azure/aks/faq#is-azure-key-vault-integrated-with-aks – SijuMathew Jan 02 '20 at 11:44

2 Answers2

1

Yes it is possible, you need to concat both .crt and .key in file and import into azure keyvault as certificate. Install azure-key-vault-controller to read secrets/certs from azure keyvault and create k8s secrets out of it.

kind: AzureKeyVaultSecret
metadata:
  name: ingress-cert
  namespace: default
spec:
  vault:
    name: <vault name> # name of key vault
    object:
      name: <newly created cert name from vault>
      type: certificate
  output:
    secret:
      name: ingress-secret-tls # kubernetes secret name
      type: kubernetes.io/tls # kubernetes secret type
Ashwa
  • 25
  • 4
0

The best approach would be using azure FlexVol https://github.com/Azure/kubernetes-keyvault-flexvol and getting your secret from an attached volume to the pod.

Please refer to the official documentation for more details and options.

Yunus Temurlenk
  • 4,085
  • 4
  • 18
  • 39
Chams Mansouri
  • 71
  • 2
  • 11