Hi,
We try to get a secret for Nginx for mTLS (show this doc: Client Certificate Authentication - Ingress-Nginx Controller)
For that we need a secret with 2 files:
- ca.crt: with the root ca and intermediate ca
- ca.crl: with the root crl and the intermediate crl
here is an example with the ricoberger (we use templating):
apiVersion: ricoberger.de/v1alpha1
kind: VaultSecret
metadata:
name: api-client-ca
namespace: nginx-ingress
spec:
isBinary: false
reconcileStrategy: Merge
paths:
ca_root: "pki/cert/ca"
ca_api: "pki_api/cert/ca"
crl_root: "pki/cert/crl"
crl_api: "pki_api/cert/crl"
templates:
ca.crt: "{% .ca_root.Secrets.certificate %}\n{% .ca_api.Secrets.certificate %}"
ca.crl: "{% .crl_root.Secrets.certificate %}\n{% .crl_api.Secrets.certificate %}"
type: Opaque
This secret is used with the annotation nginx.ingress.kubernetes.io/auth-tls-secret