Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Export pfx from secret as tls #174

Merged
merged 2 commits into from
May 4, 2021
Merged

Export pfx from secret as tls #174

merged 2 commits into from
May 4, 2021

Conversation

svjo
Copy link
Contributor

@svjo svjo commented May 3, 2021

Hi,

this PR helps using certificates stored as Base64 PFX inside a Azure Key Vault secret. These secrets are generate for example by Azure's App Service Certificate service. As this certificate isn't stored as Azure Key Vault Certificate it currently cannot be synced with akv2k8s to a Kubernetes secret.

@svjo svjo requested review from 181192 and torresdal as code owners May 3, 2021 11:46
@wimi
Copy link
Contributor

wimi commented May 3, 2021

Hello,

we believe this PR will also solve this issue: #70

@181192
Copy link
Collaborator

181192 commented May 4, 2021
edited
Loading

Thank you very much @svjo and @wimi, great work! ☺️

@181192 181192 merged commit 08549ce into SparebankenVest:master May 4, 2021
@181192
Copy link
Collaborator

181192 commented May 4, 2021

Released controller with version controller-1.3.0-beta.1

docker pull spvest/azure-keyvault-controller:1.3.0-beta.1

Would you guys @svjo and @wimi help with verify that it solves this PR and #70 ? ☺️

@svjo
Copy link
Contributor Author

svjo commented May 4, 2021

@181192 Already verified that these changes work in a real world scenario. Seems we have the same setup as described in #70. The certificate is used by our nginx controller. Important step here was that it is also using the ensureserverfirst chain order.

I can check against the beta version that you provided if you want but as the code is the same I'm expecting the same successful result.

@wimi wimi deleted the export-pfx-from-secret-as-tls branch May 4, 2021 07:45
@181192
Copy link
Collaborator

181192 commented May 4, 2021

Allright thanks @svjo! Correct, working with Ingress Nginx Controller tls secrets needs to have the server certificate first for Nginx to pick it up

@181192 181192 added this to the Version 1.3.0 milestone Aug 6, 2021
@kristeey kristeey mentioned this pull request Aug 13, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@181192 181192 Awaiting requested review from 181192 181192 is a code owner

@torresdal torresdal Awaiting requested review from torresdal torresdal is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Version 1.3.0
Development

Successfully merging this pull request may close these issues.
3 participants
@svjo @wimi @181192