Can we store the TLS certificates in Azure Key vault as a secret and use the same in Ingress in Azure Kubernetes service

12/9/2019

To allow Kubernetes to use the TLS certificate and private key for the ingress controller, you create and use a Secret. Instead of this cant we store the .crt and .key files in Azure Key vault and create a secret and use it in Ingress?

The below article describe the steps for creating Kubernetes secret and use it in Ingress object https://docs.microsoft.com/en-us/azure/aks/ingress-own-tls

Is there any way instead of Kubernetes secrets can we use azure key vault? If so can you please give some suggestion or how can we achieve this?

-- Rajesh Saradka Narayana
azure-keyvault
azure-kubernetes
kubernetes-ingress

1 Answer

2/12/2020

The best approach would be using azure FlexVol https://github.com/Azure/kubernetes-keyvault-flexvol and getting your secret from an attached volume to the pod.

Please refer to the official documentation for more details and options.

-- Chams Mansouri
Source: StackOverflow