DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add some extra detail to the client cert auth example

Browse source 
Multiple people within my work organisation were caught out by the fact
that the trusted client cert issuers must be given in a file named
`ca.crt` and that other filenames will fail to work.

This change makes it more clear to those who stumble across the
documentation that this is a potential gotcha.
This commit is contained in:
Ashley Davis 2018-10-09 22:10:56 +01:00
parent 808c2be914
commit 72de2600d7
2 changed files with 7 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/examples/auth/client-certs/ingress.yaml
View file

@ -5,6 +5,7 @@ metadata:
# Enable client certificate authentication
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
# Create the secret containing the trusted ca certificates with `kubectl create secret generic auth-tls-chain --from-file=ca.crt --namespace=default`
# NB: The file _must_ be named "ca.crt" and nothing else. This filename is expected to be found in the secret.
nginx.ingress.kubernetes.io/auth-tls-secret: "default/auth-tls-chain"
# Specify the verification depth in the client certificates chain
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"