Container setup, kubernetes ingress bypass

I’m currently struggling with our new setup of Icinga in (Azure-)Kubernetes. I got it installed and configured with modules (director, …) and everything, but I fail to add agents due to PKI errors. This is the error on agent’s side:

information/pki: Writing certificate to file '/var/lib/icinga2/certs/trusted-master.crt'.
critical/cli: Could not fetch valid response. Please check the master log.
ERROR: Could not retrieve final certificate from host

The master shows nothing at all in it’s log. I assume this is a problem with the (NGinX-)Ingress in between, which of course is not able to sign certificate requests.

I already tried to configure the ingress to pass auth-tls to the upstream. I’m out of ideas ¯\(ツ)
Anyone here who could point out another possible solution to this?

Hello @verboese!

Well, you have to forward the SSL traffic as-is.