K
Q

Enabling client certificate passthrough without validation

4/8/2019

I'm trying to configure nginx-ingress for Kubernetes so that client certificate is passed on to backend service without validation.

Due to customer requests we are using client certificates for authentication but the certificates are not signed by the server and as such it's not really our job to validate the certificate, only to check that it is on the allowed certificates list.

Things work well on our test server where we use certificates signed by the servers CA certificate but after setting

nginx.ingress.kubernetes.io/auth-tls-verify-client: "off"

the client certificate is no longer forwarded in request header even though we still have

nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"

Does nginx-ingress even allow passing through client certificates without validation?

I expected that disabling auth-tls-verify-client would just stop nginx-ingress from validating the certificate signature and still pass it through, but instead it disappeared from the request.

-- Lasse Kulmala
kubernetes
nginx-ingress

Similar Questions

Access the interface of Zeppelin in Kubernetes cluster
Merge multiple yaml list to one list in helm
Unable to bring up kubernetes API server
Getting TLS handshake error from EOF metric-server kubernetes
Can I extend serviceNodePortRange in running kops cluster without restart

0 Answers