Closed alnhk closed 2 weeks ago
This issue is currently awaiting triage.
If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted
label and provide further guidance.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
@longwuyuan : not getting the answer from you at all. PLease share accordingly.
You have not answered any questions asked in the new issue template, so while there is some information here, there is not enough to take any action or reproduce your problem.
Here is a example mTLS i found on internet https://mjpereira.medium.com/mutual-tls-with-ingress-nginx-controller-83b181f3bee0
This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach #ingress-nginx-dev
on Kubernetes Slack.
@alnhk sorry my earlier answer was not directly relevant to your questions.
Visiting this after such a long time, I see that if an example has to be provided, then it requires creation of certificates and images with a server listening on HTTPS. It also means the cert can not be self-signed as the CA will have to be injected into the controller for backend-protocol: HTTPS (since the self signed CA will not be known to the controller). And then there is the certs that the curl client needs.
This is all work to be done and hopefully gets done. But there is lack of resources for doing research & experiments. In fact we are deprecating features because we can not support them.
I was wondering if you can actually use the annotations you mentioned because they are the correct ones and do a test on a cluster created with the Kind tool. Because you will have your certs and app with HTTPS etc etc. If there is a problem there, then posting all the relevant data here can be one way to analyze this. Helpful comments to solve the problem will be easier that way.
If this is no longer a issue as its been a while, please confirm and close this case. It is adding to the tally of open issues and not tracking any action item so I would like to close the issue, if there is no action item being tracked.
/support
/kind support /triage needs-information
It is possible that this is not relevant anymore based on the extended lack of activity. I will close it for now as it is adding to the tally of open issues and its not tracking any action item on any party. If it becomes relevant then please feel free to reopen the update with tests using recent releases of the controller.
There is extreme lack of resources so hard to allocate resources for research, experiment on triaging issues that take lot of work.
/close
@longwuyuan: Closing this issue.
opening the request here via github as this
Support request or question relating to Ingress NGINX in Kubernetes Slack
is not working and always hitting with...doesn’t have an account on this workspace.
and not allowing us to signup.I am following this instruction - stackoverflow link1 and link2
Question mark - Assume the certificate contains this
With help of nginx-ingress using
nginx.ingress.kubernetes.io/configuration-snippet
, how do we be able to validate the SAN or CN matching*.example.com
? for example We have this below mTLS and want to also ensure that the client certificate should also carry matching SAN or CN. As part of validation, if succeed, move forward otherwise deny.Is this something can be done ? Yes - came across this below page mentioning
nginx.ingress.kubernetes.io/auth-tls-ssl-client-subject-dn
, can validation check happen on this for instance this ?Can an examples for
nginx.ingress.kubernetes.io/auth-tls-ssl-client-subject-dn
with validation check be shared ?