Adds support for error page in Client Certificate Authentication

2017-09-03 17:12:03 -03:00 · 2017-09-03 17:12:03 -03:00 · d33b748716
commit d33b748716
parent 54459d8d42
6 changed files with 29 additions and 6 deletions
--- a/examples/auth/client-certs/nginx/README.md
+++ b/examples/auth/client-certs/nginx/README.md
@ -32,7 +32,7 @@ Certificate Authentication is achieved through 2 annotations on the Ingress, as
 | --- | --- | --- |
 |ingress.kubernetes.io/auth-tls-secret|Sets the secret that contains the authorized CA Chain|string|
 |ingress.kubernetes.io/auth-tls-verify-depth|The verification depth Certificate Authentication will make|number (default to 1)|
-
+|ingress.kubernetes.io/auth-tls-error-page|The page that user should be redirected in case of Auth error|string (default to empty|

 The following command instructs the controller to enable TLS authentication using the secret from the ``ingress.kubernetes.io/auth-tls-secret``
 annotation on the Ingress. Clients must present this cert to the loadbalancer, or they will receive a HTTP 400 response
@ -61,6 +61,7 @@ Rules:
 Annotations:
  auth-tls-secret:	default/caingress
  auth-tls-verify-depth: 3
+  auth-tls-error-page: http://www.mysite.com/error-cert.html

 Events:
  FirstSeen	LastSeen	Count	From				SubObjectPath	Type		Reason	Message
--- a/examples/auth/client-certs/nginx/nginx-tls-auth.yaml
+++ b/examples/auth/client-certs/nginx/nginx-tls-auth.yaml
@ -5,6 +5,7 @@ metadata:
    # Create this with kubectl create secret generic caingress --from-file=ca.crt --namespace=default
    ingress.kubernetes.io/auth-tls-secret: "default/caingress"
    ingress.kubernetes.io/auth-tls-verify-depth: "3"
+    auth-tls-error-page: "http://www.mysite.com/error-cert.html"
    kubernetes.io/ingress.class: "nginx"
  name: nginx-test
  namespace: default