DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deploy GitHub Pages

Browse source
This commit is contained in:
Travis Bot 2018-10-22 19:51:36 +00:00
parent fb3af12755
commit c77e86233b
5 changed files with 87 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
examples/auth/client-certs/index.html
View file

@ -837,6 +837,13 @@
<label class="md-nav__title" for="__toc">Table of contents</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#creating-certificate-secrets" title="Creating Certificate Secrets" class="md-nav__link">
Creating Certificate Secrets
</a>
</li>
<li class="md-nav__item">
<a href="#setup-instructions" title="Setup Instructions" class="md-nav__link">
Setup Instructions
@ -1089,6 +1096,13 @@
<label class="md-nav__title" for="__toc">Table of contents</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#creating-certificate-secrets" title="Creating Certificate Secrets" class="md-nav__link">
Creating Certificate Secrets
</a>
</li>
<li class="md-nav__item">
<a href="#setup-instructions" title="Setup Instructions" class="md-nav__link">
Setup Instructions
@ -1116,21 +1130,38 @@
<h1 id="client-certificate-authentication">Client Certificate Authentication<a class="headerlink" href="#client-certificate-authentication" title="Permanent link">&para;</a></h1>
<p>It is possible to enable Client Certificate Authentication using additional annotations in Ingress resources, created by you.</p>
<h2 id="setup-instructions">Setup Instructions<a class="headerlink" href="#setup-instructions" title="Permanent link">&para;</a></h2>
<p>It is possible to enable Client-Certificate Authentication by adding additional annotations to your Ingress Resource.
Before getting started you must have the following Certificates Setup:</p>
<ol>
<li>CA certificate and Key(Intermediate Certs need to be in CA)</li>
<li>Server Certificate(Signed by CA) and Key (CN should be equal the the hostname you will use)</li>
<li>Client Certificate(Signed by CA) and Key</li>
</ol>
<h2 id="creating-certificate-secrets">Creating Certificate Secrets<a class="headerlink" href="#creating-certificate-secrets" title="Permanent link">&para;</a></h2>
<p>There are many different ways of configuring your secrets to enable Client-Certificate
Authentication to work properly.</p>
<ol>
<li>
<p>Create a file named <code class="codehilite">ca.crt</code> containing the trusted certificate authority chain to verify client certificates. All of the certificates must be in PEM format.<br />
<em>NB:</em> The file containing the trusted certificates must be named <code class="codehilite">ca.crt</code> exactly - this is expected to be found in the secret.</p>
<p>You can create a secret containing just the CA certificate and another
Secret containing the Server Certificate which is Signed by the CA.
<div class="codehilite"><pre><span></span>$ kubectl create secret generic ca-secret --from-file<span class="o">=</span>ca.crt<span class="o">=</span>ca.crt
$ kubectl create secret generic tls-secret --from-file<span class="o">=</span>tls.crt<span class="o">=</span>server.crt --from-file<span class="o">=</span>tls.key<span class="o">=</span>server.key
</pre></div></p>
</li>
<li>
<p>Create a secret from this file:<br />
<code class="codehilite">kubectl create secret generic auth-tls-chain --from-file=ca.crt --namespace=default</code></p>
</li>
<li>
<p>Add the annotations as provided in the <a href="ingress.yaml">ingress.yaml</a> example to your own ingress resources as required.</p>
<p>You can create a secret containing CA certificate along with the Server
Certificate, that can be used for both TLS and Client Auth.
<div class="codehilite"><pre><span></span>$ kubectl create secret generic ca-secret --from-file<span class="o">=</span>tls.crt<span class="o">=</span>server.crt --from-file<span class="o">=</span>tls.key<span class="o">=</span>server.key --from-file<span class="o">=</span>ca.crt<span class="o">=</span>ca.crt
</pre></div></p>
</li>
</ol>
<p>Note: The CA Certificate must contain the trusted certificate authority chain to verify client certificates.</p>
<h2 id="setup-instructions">Setup Instructions<a class="headerlink" href="#setup-instructions" title="Permanent link">&para;</a></h2>
<ol>
<li>Add the annotations as provided in the <a href="ingress.yaml">ingress.yaml</a> example to your own ingress resources as required.</li>
<li>Test by performing a curl against the Ingress Path without the Client Cert and expect a Status Code 400.</li>
<li>Test by performing a curl against the Ingress Path with the Client Cert and expect a Status Code 200.</li>
</ol>

5
examples/auth/client-certs/ingress.yaml
View file

@ -4,9 +4,8 @@ metadata:
annotations:
# Enable client certificate authentication
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
# Create the secret containing the trusted ca certificates with `kubectl create secret generic auth-tls-chain --from-file=ca.crt --namespace=default`
# NB: The file _must_ be named "ca.crt" and nothing else. This filename is expected to be found in the secret.
nginx.ingress.kubernetes.io/auth-tls-secret: "default/auth-tls-chain"
# Create the secret containing the trusted ca certificates
nginx.ingress.kubernetes.io/auth-tls-secret: "default/ca-secret"
# Specify the verification depth in the client certificates chain
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
# Specify an error page to be redirected to verification errors

2
search/search_index.json
View file

File diff suppressed because one or more lines are too long

88
sitemap.xml
View file

@ -2,222 +2,222 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>None</loc>
<lastmod>2018-10-19</lastmod>
<lastmod>2018-10-22</lastmod>
<changefreq>daily</changefreq>
</url>
</urlset>

BIN
sitemap.xml.gz
View file

Binary file not shown.