DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ingress-nginx-helm/docs/examples/auth/client-certs/README.md
Ashley Davis 72de2600d7 Add some extra detail to the client cert auth example 
Multiple people within my work organisation were caught out by the fact
that the trusted client cert issuers must be given in a file named
`ca.crt` and that other filenames will fail to work.

This change makes it more clear to those who stumble across the
documentation that this is a potential gotcha.
2018-10-09 22:51:00 +01:00

726 B
Raw Blame History

Client Certificate Authentication

It is possible to enable Client Certificate Authentication using additional annotations in Ingress resources, created by you.

Setup Instructions

  1. Create a file named ca.crt containing the trusted certificate authority chain to verify client certificates. All of the certificates must be in PEM format.
    NB: The file containing the trusted certificates must be named ca.crt exactly - this is expected to be found in the secret.

  2. Create a secret from this file:
    kubectl create secret generic auth-tls-chain --from-file=ca.crt --namespace=default

  3. Add the annotations as provided in the ingress.yaml example to your own ingress resources as required.