search

kubernetes-sigs / gateway-api

Repository for the next iteration of composite service (e.g. Ingress) and load balancing APIs.
https://gateway-api.sigs.k8s.io
Apache License 2.0
1.86k stars 482 forks source link

Ability to pass client certificate to backend #3402

Open Exobitt opened 1 month ago

Exobitt commented 1 month ago

What would you like to be added: The ability to pass client certificates to the backend when using frontendValidation within the Gateway resource. The path is: spec.listeners.tls.frontendValidation. When this is enabled, the frontend prompts the client to provide their certificate, which should then be passed to the backend services in a header.

Why this is needed: In a lot of scenarios, some applications needs a client certificate. This is a standard procedure, a lot of other ingress controllers has.

howardjohn commented 1 month ago

Are you talking about XFCC or something else?

Exobitt commented 1 month ago

Are you talking about XFCC or something else?

Exactly that, yes. In Traefik its X-Forwarded-Tls-Client-Cert. Apparently, Envoy is X-Forwarded-Client-Cert