AKS cluster, traefik as ingress controller and an application gateway doing the TLS termination

Hi team,

We are running kubernetes on Azure, using AKS. We are also using traefik as our ingress controller. In front of traefik, there is an application gateway doing the TLS termination. I'm trying to change the default certificate used by traefik, but I'm having a hard time mounting the volumes.
We need to get Cert Manager to create Kubernetes Secrets inside an Azure Key Vault so that both the Azure Application Gateway and Ingress Controller can consume the certificate.
I was using this command from a Microsoft documentation link:

helm install traefik traefik/traefik \
    --namespace traefik \
    --set controller.replicaCount=2 \
    --set controller.nodeSelector."kubernetes\.io/os"=linux \
    --set defaultBackend.nodeSelector."kubernetes\.io/os"=linux \
    --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-health-probe-request-path"=/healthz \
    --set controller.podLabels.aadpodidbinding=$AAD_POD_IDENTITY_NAME \
    -f - <<EOF
      - name: secrets-store-inline
          driver: secrets-store.csi.k8s.io
          readOnly: true
            secretProviderClass: "azure-tls"
      - name: secrets-store-inline
        mountPath: "/mnt/secrets-store"
        readOnly: true

It's using the CSI driver. I can mount it with another pod creating a manifest from zero. But using helm + traefik, I can't make it work. The extra volumes aren't mounted. Any tips?
Sorry if it's a confusing topic. I can provide more details if needed. Plus, my experience with Azure is kind noob :slight_smile:

Kind regards,
Vitor Jr.