K
Q

Kubernetes mutual trust using multiple intermediate certificates

9/18/2019

I am trying out a scenario where mutual trust can be established between the client and server using kubernetes ingress controller.

We have two types of clients who would access our service deployed in k8s:

  1. Internal systems/users
  2. External systems/users

The idea is to build a certificate chain in the following way:

  1. For internal systems/users, issue client certificates signed by Internal intermediate CA (Internal intermediate CA is signed by Root CA)

    Root CA -> Internal intermediate CA -> internal client cert

  2. For external systems/users, issue client certificates signed by External intermediate CA (External intermediate CA is signed by Internal intermediate CA)

    Root CA -> Internal intermediate CA -> External intermediate CA -> external client cert

How can we accomplish mutual trust for the above scenario? Can we create a ca-cert secret with Root CA and the two intermediate CA certs and configure it in ingress for mutual trust.

-- dinup24
client-certificates
kubernetes
kubernetes-ingress
mutual-authentication
ssl

Similar Questions

spec.volumes[1].name: Duplicate value: "workspace-volume"
Is it possible to apply & maintain the CIS Benchmarks Compliance on Managed Kubernetes Clusters such as Azure Kubernetes Service?
files stored on PV persistent storage by pod application are not visible on host machine [GKE]
Where do the logs come from when we fire kubectl logs -f <podname> command?

0 Answers