DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

configurable ssl_verify_client

Browse source
This commit is contained in:
Arno Uhlig 2017-10-05 13:26:07 +02:00
parent 23916be991
commit b8f7ea05c4
5 changed files with 27 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
examples/auth/client-certs/nginx/README.md
View file

@ -31,6 +31,7 @@ Certificate Authentication is achieved through 2 annotations on the Ingress, as
| --- | --- | --- |
|ingress.kubernetes.io/auth-tls-secret|Sets the secret that contains the authorized CA Chain|string|
|ingress.kubernetes.io/auth-tls-verify-depth|The verification depth Certificate Authentication will make|number (default to 1)|
|ingress.kubernetes.io/auth-tls-verify-client|Enables verification of client certificates|string (default to on)|
|ingress.kubernetes.io/auth-tls-error-page|The page that user should be redirected in case of Auth error|string (default to empty|
The following command instructs the controller to enable TLS authentication using the secret from the ``ingress.kubernetes.io/auth-tls-secret``

1
examples/auth/client-certs/nginx/nginx-tls-auth.yaml
View file

@ -5,6 +5,7 @@ metadata:
# Create this with kubectl create secret generic caingress --from-file=ca.crt --namespace=default
ingress.kubernetes.io/auth-tls-secret: "default/caingress"
ingress.kubernetes.io/auth-tls-verify-depth: "3"
ingress.kubernetes.io/auth-tls-verify-client: "on"
auth-tls-error-page: "http://www.mysite.com/error-cert.html"
kubernetes.io/ingress.class: "nginx"
name: nginx-test