Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Override TLS Client Auth (potentially other TLSOptions) per Ingress/Route #3295

Open
rickhlx opened this issue Oct 31, 2024 · 0 comments · May be fixed by #3303
Open

Override TLS Client Auth (potentially other TLSOptions) per Ingress/Route #3295

rickhlx opened this issue Oct 31, 2024 · 0 comments · May be fixed by #3303
Labels
enhancement major moderate risk, for example new API, small filter changes that have no risk like refactoring or logs

Comments

@rickhlx
Copy link
Contributor

rickhlx commented Oct 31, 2024

Is your feature request related to a problem? Please describe.
With the recently implemented TLS Client Auth config in #3281 we are restricted to setting the TLS Client Option to all routes skipper is handling. This unfortunately prevents us from using since we do not want to have browsers request a client auth certificate for all routes.

Describe the solution you would like
An ingress annotation and/or route group CRD parameter to enable TLS Client Auth per route.

Describe alternatives you've considered (optional)
None.

Additional context (optional)
The traefik project allows per ingress changes to TLS Options including TLS CLient Auth using ingress annotations.

To explicitly use a different TLSOption (and using the Kubernetes Ingress resources) you'll have to add an annotation to the Ingress in the following form: traefik.ingress.kubernetes.io/router.tls.options: <resource-namespace>-<resource-name>@kubernetescrd

Would you like to work on it?
Yes, but no time
@szuecs szuecs added enhancement major moderate risk, for example new API, small filter changes that have no risk like refactoring or logs labels Nov 2, 2024
@rickhlx rickhlx linked a pull request Nov 8, 2024 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement major moderate risk, for example new API, small filter changes that have no risk like refactoring or logs
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feature: allow overriding tls config based on client hello rickhlx/skipper
2 participants
@szuecs @rickhlx