I am trying to enable Mutual TLS based authentication for an application deployed in a Kubernetes cluster.
Use cases:
I tried setting up Mutual TLS at kuberentes ingress controller (nginx based), by adding the following annotations.
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.ingress.kubernetes.io/auth-tls-secret: "ca-cert"
ca-cert
is the kubernetes secret containing the CA certificate used to issue client certs. In this way ingress validates the client certificate sent as part of the request against ca-cert
.
This works very well for any client certs signed by ca-cert
. I am trying to come up with solution for certificate revocation process. Need advice on this.
Is it possible to trust individual client cert instead of a CA Cert in ingress? This will help us revoke individual client certs.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.