Deepak Rawte
Reputation: 21
How to understand ingress-nginx (Backend Certificate Authentication)
My ingress resource:
nginx.ingress.kubernetes.io/proxy-ssl-name: <>
nginx.ingress.kubernetes.io/proxy-ssl-secret: <>
nginx.ingress.kubernetes.io/proxy-ssl-verify: "on"
spec:
rules:
- http:
paths:
- backend:
service:
name: service
port:
number: 8443
path: /somePath
pathType: Prefix
I want to understand why does above annotations adds up the proxy_ssl_ directives to default server block + at the location level
$ cat nginx.conf | grep proxy_ssl_verify
proxy_ssl_verify on; //server block
proxy_ssl_verify_depth 1;
proxy_ssl_verify on; // location block
proxy_ssl_verify_depth 1;
My expectation is, it should add only to the location block for whichever ingress resource it is defined.
Upvotes: 1
Views: 28
Answers (1)
Deepak Rawte
Reputation: 21
Figured out the WA for this: Use below config in the configmap of ingress-controller: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#proxy-ssl-location-only
Upvotes: 1
Related Questions
- Kubernates, Ingress controller and certificate
- Exposing AKS cluster application using ingress
- Exposing kubernetes Dashboard with clusterIP service externally using Ingress rules
- Redirect from an IP address to a domain
- oauth2-proxy authentication calls slow on kubernetes cluster with auth annotations for nginx ingress
- Unable to access Kubernetes ClusterIP services via nginx-ingress-controller