We want to configure the istio ingress gateway to use SSL key & certificate from Azure KeyVault for our Azure managed AKS cluster(version 1.13.11).
The following links are followed
https://github.com/Azure/kubernetes-keyvault-flexvol (The ssl certificate is generated using letsencrypt)
The step to import the key into keyvault given in the document is incorrect. it doesn't support the option -f, we had to use the --pem-file to import the key. The azure cli version 2.0.72 was used.
The private key and certificate are successfully mounted on istio-ingressgateway pod, but the file contents are not the actual one that is being uploaded into the Azure KeyVault. Due to this reason, the gateway is not able to accept SSL connections.
here are the volume configurations in Kubernetes deployment
volumes:
name: kv-certs
flexVolume:
driver: "azure/kv"
secretRef:
name: azure-keyvault-credential #This is a secret in kubernetes namespace
options:
usepodidentity: "false"
usevmmanagedidentity: "false"
keyvaultname: "my-keyvault"
keyvaultobjectnames: "certificate;privkey"
keyvaultobjecttypes: "cert;key"
tenantid:
We want to configure the istio ingress gateway to use SSL key & certificate from Azure KeyVault for our Azure managed AKS cluster(version 1.13.11).
The following links are followed
The private key and certificate are successfully mounted on istio-ingressgateway pod, but the file contents are not the actual one that is being uploaded into the Azure KeyVault. Due to this reason, the gateway is not able to accept SSL connections.
here are the volume configurations in Kubernetes deployment volumes:
name: kv-certs flexVolume: driver: "azure/kv" secretRef: name: azure-keyvault-credential #This is a secret in kubernetes namespace options: usepodidentity: "false" usevmmanagedidentity: "false" keyvaultname: "my-keyvault" keyvaultobjectnames: "certificate;privkey" keyvaultobjecttypes: "cert;key" tenantid:
volumeMounts: