Hi team,
We are running kubernetes on Azure, using AKS. We are also using traefik as our ingress controller. In front of traefik, there is an application gateway doing the TLS termination. I'm trying to change the default certificate used by traefik, but I'm having a hard time mounting the volumes.
We need to get Cert Manager to create Kubernetes Secrets inside an Azure Key Vault so that both the Azure Application Gateway and Ingress Controller can consume the certificate.
I was using this command from a Microsoft documentation link:
helm install traefik traefik/traefik \
--namespace traefik \
--set controller.replicaCount=2 \
--set controller.nodeSelector."kubernetes\.io/os"=linux \
--set defaultBackend.nodeSelector."kubernetes\.io/os"=linux \
--set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-health-probe-request-path"=/healthz \
--set controller.podLabels.aadpodidbinding=$AAD_POD_IDENTITY_NAME \
-f - <<EOF
controller:
extraVolumes:
- name: secrets-store-inline
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: "azure-tls"
extraVolumeMounts:
- name: secrets-store-inline
mountPath: "/mnt/secrets-store"
readOnly: true
EOF
It's using the CSI driver. I can mount it with another pod creating a manifest from zero. But using helm + traefik, I can't make it work. The extra volumes aren't mounted. Any tips?
Sorry if it's a confusing topic. I can provide more details if needed. Plus, my experience with Azure is kind noob 
Kind regards,
Vitor Jr.