Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Override TLS Client Auth (potentially other TLSOptions) per Ingress/Route #3295

Open
rickhlx opened this issue Oct 31, 2024 · 0 comments
Open

Comments

@rickhlx
Copy link
Contributor

rickhlx commented Oct 31, 2024

Is your feature request related to a problem? Please describe.
With the recently implemented TLS Client Auth config in #3281 we are restricted to setting the TLS Client Option to all routes skipper is handling. This unfortunately prevents us from using since we do not want to have browsers request a client auth certificate for all routes.

Describe the solution you would like
An ingress annotation and/or route group CRD parameter to enable TLS Client Auth per route.

Describe alternatives you've considered (optional)
None.

Additional context (optional)
The traefik project allows per ingress changes to TLS Options including TLS CLient Auth using ingress annotations.

To explicitly use a different TLSOption (and using the Kubernetes Ingress resources) you'll have to add an annotation to the Ingress in the following form: traefik.ingress.kubernetes.io/router.tls.options: <resource-namespace>-<resource-name>@kubernetescrd

Would you like to work on it?
Yes, but no time

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant