How to replicate / reflect NGINX Ingress TLS Secrets in all namespaces (within the same cluster)?

Ana Louro 36 Reputation points
2022-10-14T11:53:23.063+00:00

I am setting up a new dev cluster with AKS. We have multiple namespaces in this cluster for multiple clients, that use the same TLS secret. However, in the previous cluster, I have had to set up the TLS secrets in each namespace.

I have found some articles which suggest that it is possible to replicate the TLS secrets from one ns to all the other namespaces within the same cluster.
In this specific article: https://boxboat.com/2018/07/02/kubernetes-nginx-ingress-tls-secrets-all-namespaces/, 2 pods are created to search for ns and to search from secrets and reflect the default one to the other ns.

I have managed to set up both pods, all seems to be running, but the secret is not reflected to the default ns as suggested in the article.

As suggested in the article, I have managed to set up in the nginx-ingress ns:
PODS:
pod/ingress-cert-reflector-66cfc47656-zwxzz 2/2 Running 116 (31m ago) 44h
DEPLOYMENT:
deployment.apps/ingress-cert-reflector 1/1 1 1 44h
SERVICE ACCOUNT:
ingress-cert-reflector 0 44h

When I run kubectl describe pod, the outcome looks satisfying:

*Name: ingress-cert-reflector-66cfc47656-zwxzz
Namespace: nginx-ingress
Priority: 0
Node: aks-nodepool1-18131159-vmss000003/10.104.0.4
Start Time: Wed, 12 Oct 2022 16:34:31 +0100
Labels: app=ingress-cert-reflector
pod-template-hash=66cfc47656
Annotations:

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,893 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. srbhatta-MSFT 8,546 Reputation points Microsoft Employee
    2022-10-17T06:40:38.51+00:00

    Hello @Ana Louro ,
    Welcome to Microsoft QnA.
    This issue of referencing TLS secrets from different namespaces has been in discussion for a long time and many experts have contributed to an ongoing thread with their workarounds and fixes.
    I would recommend you to once go through this thread first -> 2170.

    Do let me know if that helps? :)

    ----------

    Please accept as answer if the above information is helpful.

    0 comments No comments

  2. Ana Louro 36 Reputation points
    2022-10-31T14:49:59.67+00:00

    Hi @srbhatta-MSFT ,

    Thank you for you answer and sorry it has taken me so long to reply.

    Unfortunately I had already looked at your suggested link before and I tried it again but it did not work for me.

    However, the TLS Reflector app did work in the end, with a few tweaks.

    Have a great day,
    Ana

    0 comments No comments