我正在尝试使用kubernetes入口注释规则以启用X509身份验证。我的入口Yaml文件定义如下:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
namespace: bdf-opengie-test
name: keycloak-opengie-test-ssl
labels:
app: keycloak-opengie
annotations:
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.ingress.kubernetes.io/auth-tls-secret: "opengie-tls-secret"
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "3"
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
spec:
rules:
- host: keycloak-opengie-test-ssl.bdf-clu4.paas.eclair.local
http:
paths:
- path: /
backend:
serviceName: keycloak-opengie
servicePort: http
tls:
- hosts:
- keycloak-opengie-test-ssl.bdf-clu4.paas.eclair.local
当我调用应用程序URL时,我期望看到一个弹出窗口要求提供证书,但是没有任何反应。注释在入口定义中似乎没有任何作用。有人可以告诉我我的入口定义出了什么问题。我正在使用Nginx Ingress:0.15.0和Kubernetes 1.10.5