K
Q

Setting NGINX TLS with certificate/key loaded by initContainer

9/5/2019

I've found several pages describing how to set NGINX to use HTTPS/TLS.
However, all suggest setting a secret tls with the key & cert.
We want to be able to use TLS but ask NGINX to load the key/cert via init-container which in this case implemented by acs-keyvault-agent.

Any ideas?

-- SagiLow
azure
kubernetes
nginx
ssl

Similar Questions

cannot get kubernetes resource "events" using metricbeat, getting error "Failure 403 events is forbidden:"
In k8s how to setup to demo `kubectl taint nodes --all node-role.kubernetes.io/master-`?
PERMISSION_DENIED: Insufficient project quota to satisfy request: resource
Rancher Stuck At Waiting For SSH to be Avilable
Restrict access to service to only some pods

1 Answer

9/5/2019

If your only goal is to obtain the TLS key/cert from Azure Key Vault, then you're probably better of going with the Key Vault FlexVolume project from Azure. This would have the advantage of not using init containers at all and just dealing with volumes and volume mounts.

Since you explicitly want to use Hexadite/acs-keyvault-agent and in default mode (which uses volume mounts btw) there is a full example of how to do this in the projects examples folder here: examples/acs-keyvault-deployment.yaml#L40-L47.

Obviously you need to build, push, and configure the container correctly for your environment. Then you will need to conifgure Nginx to use the CertFileName.pem and KeyFilename.pem from the /secrets/certs_keys/ folder.

Hope this helps.

-- cewood
Source: StackOverflow