Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: Disable authentication for specific locations #2214

Closed
Justkant opened this issue Mar 19, 2018 · 2 comments
Closed

Feature request: Disable authentication for specific locations #2214

Justkant opened this issue Mar 19, 2018 · 2 comments
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature.

Comments

@Justkant
Copy link

Is this a request for help? : no

What keywords did you search in NGINX Ingress controller issues before filing this one? : cert-manager auth authentification basic

Is this a BUG REPORT or FEATURE REQUEST? (choose one): FEATURE REQUEST

NGINX Ingress controller version: v0.11.0

Kubernetes version (use kubectl version): v1.8.6

What happened:
cert-manager fails to get certificates on ingress protected with authentication (e.g. basic auth)

What you expected to happen:
cert-manager should be able to provision certificates for any ingress

How to reproduce it (as minimally and precisely as possible):
You need cert-manager deployed with the ingress-shim and an ingress with those annotations:

# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: basic-auth

Anything else we need to know:
nginx-ingress could bypass the auth check (if nginx conf allows it) for a given list of locations. (and probably default to /.well-known/acme-challenge)
In the same way that #2203 fixes problems with tls upgrades.
@aledbf aledbf added kind/feature Categorizes issue or PR as related to a new feature. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. labels Mar 19, 2018
@Justkant
Copy link
Author

Linked to cert-manager/cert-manager#235

@Justkant
Copy link
Author

Justkant commented Apr 4, 2018

I close this because there is already a way to manually modify any Certificate Resource that the ingress-shim creates to avoid using the same ingress. (see cert-manager/cert-manager#235 (comment) or acme-http-validation)
The only thing missing is an annotation that the ingress-shim could use to automatically switch between using the same ingress and creating a new one.
Closing in favor of cert-manager/cert-manager#235

@Justkant Justkant closed this as completed Apr 4, 2018
@Justkant Justkant mentioned this issue Apr 17, 2018
Merged
@dkozlov dkozlov mentioned this issue Jun 12, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aledbf @Justkant