You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To improve the compatibility with ingress controllers, please insert in the gateway authentication a option to use for auth a PEM header instead of sending the country flag and the hash. For instance:
Config: DGC_AUTH_HEADER: ssl-client-cert
Content: ------ BEGIN Certificate---- MII..... ---- END ... -----
Similiar to this here in the nginx ingress configuration:
If header is not present, process with other headers.
Alternativly this could be activated with an profile.
Note: This is the internal auth for the service and should not be conflicting with the mtls profile, because mtls can be still enabled, but the internal auth information are from a http header. Example: the ingress connects internally via mtls to the gateway with an certificate XY, but the auth header is from certificate YYY because the ingress has extracted it from the TLS offloading. (Ingress can not pass forward the MTLS Handshake to upstream servers)
The text was updated successfully, but these errors were encountered:
To improve the compatibility with ingress controllers, please insert in the gateway authentication a option to use for auth a PEM header instead of sending the country flag and the hash. For instance:
Config: DGC_AUTH_HEADER: ssl-client-cert
Content: ------ BEGIN Certificate---- MII..... ---- END ... -----
Similiar to this here in the nginx ingress configuration:
https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#client-certificate-authentication
The behavior should be like this:
Alternativly this could be activated with an profile.
Note: This is the internal auth for the service and should not be conflicting with the mtls profile, because mtls can be still enabled, but the internal auth information are from a http header. Example: the ingress connects internally via mtls to the gateway with an certificate XY, but the auth header is from certificate YYY because the ingress has extracted it from the TLS offloading. (Ingress can not pass forward the MTLS Handshake to upstream servers)
The text was updated successfully, but these errors were encountered: