I’m currently struggling with our new setup of Icinga in (Azure-)Kubernetes. I got it installed and configured with modules (director, …) and everything, but I fail to add agents due to PKI errors. This is the error on agent’s side:
information/pki: Writing certificate to file '/var/lib/icinga2/certs/trusted-master.crt'.
critical/cli: Could not fetch valid response. Please check the master log.
ERROR: Could not retrieve final certificate from host icinga-api.my.fqdn.cxm
The master shows nothing at all in it’s log. I assume this is a problem with the (NGinX-)Ingress in between, which of course is not able to sign certificate requests.
I already tried to configure the ingress to pass auth-tls to the upstream. I’m out of ideas ¯\(ツ)/¯
Anyone here who could point out another possible solution to this?