32 lines
1 KiB
YAML
32 lines
1 KiB
YAML
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
annotations:
|
|
# Enable client certificate authentication
|
|
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
|
|
# Create the secret containing the trusted ca certificates
|
|
nginx.ingress.kubernetes.io/auth-tls-secret: "default/ca-secret"
|
|
# Specify the verification depth in the client certificates chain
|
|
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
|
|
# Specify an error page to be redirected to verification errors
|
|
nginx.ingress.kubernetes.io/auth-tls-error-page: "http://www.mysite.com/error-cert.html"
|
|
# Specify if certificates are passed to upstream server
|
|
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
|
|
name: nginx-test
|
|
namespace: default
|
|
spec:
|
|
rules:
|
|
- host: mydomain.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: http-svc
|
|
port:
|
|
number: 80
|
|
tls:
|
|
- hosts:
|
|
- mydomain.com
|
|
secretName: tls-secret
|