I've found several pages describing how to set NGINX
to use HTTPS/TLS.
However, all suggest setting a secret tls
with the key & cert.
We want to be able to use TLS but ask NGINX to load the key/cert via init-container which in this case implemented by acs-keyvault-agent.
Any ideas?
If your only goal is to obtain the TLS key/cert from Azure Key Vault, then you're probably better of going with the Key Vault FlexVolume project from Azure. This would have the advantage of not using init containers at all and just dealing with volumes and volume mounts.
Since you explicitly want to use Hexadite/acs-keyvault-agent and in default mode (which uses volume mounts btw) there is a full example of how to do this in the projects examples folder here: examples/acs-keyvault-deployment.yaml#L40-L47.
Obviously you need to build, push, and configure the container correctly for your environment. Then you will need to conifgure Nginx to use the CertFileName.pem
and KeyFilename.pem
from the /secrets/certs_keys/
folder.
Hope this helps.