Automate root-cert provisioning to Application Gateway based on a Kubernetes secret

[shashankram]

While using a custom CA for backend services, the CA root certificate needs to be manually provisioned to Azure Application Gateway, and the name of the root certificate provisioned in Application Gateway is used as the value in the appgw.ingress.kubernetes.io/appgw-trusted-root-certificate annotation.

A simpler workflow for users would be to simply reference a Kubernetes secret that contains the CA certificate, which AGIC could read and provision into Application Gateway without having the user to manually do this.

For example, nginx-ingress uses the nginx.ingress.kubernetes.io/proxy-ssl-secret annotation which contains the root CA as the value to the ca.crt key in the secret.

[Annegies]

This feature is also essential for our setup. Any idea or timeline for this feature?

[c3-davidtran]

Any news on this feature request ?

AGIC v1.4.0, can create the application gateway if it does not already exist. As part of this creation, we should be able to provide a list of existing k8s secret to be added as application gateway certificates.

Since the current workflow suppose we manually add the certificates separately, there is no easy way for us to dynamically support multiple domains for any Application gateway managed by AGIC.