Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Header "Ssl-Client-Dn" missing in 0.12.0 (compared to 0.11.0) #2332

Closed
ghost opened this issue Apr 11, 2018 · 3 comments
Closed

Header "Ssl-Client-Dn" missing in 0.12.0 (compared to 0.11.0) #2332

ghost opened this issue Apr 11, 2018 · 3 comments

Comments

@ghost
Copy link

ghost commented Apr 11, 2018

NGINX Ingress controller version: 0.12.0

Kubernetes version (use kubectl version):
Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.6", GitCommit:"6260bb08c46c31eea6cb538b34a9ceb3e406689c", GitTreeState:"clean", BuildDate:"2017-12-21T06:34:11Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"9+", GitVersion:"v1.9.6-gke.0", GitCommit:"cb151369f60073317da686a6ce7de36abe2bda8d", GitTreeState:"clean", BuildDate:"2018-03-21T19:01:20Z", GoVersion:"go1.9.3b4", Compiler:"gc", Platform:"linux/amd64"}

Environment:

  • Cloud provider or hardware configuration: GKE
  • OS (e.g. from /etc/os-release): Container Optimized Image from GCP
  • Config:
  kubernetes.io/ingress.class: nginx
   nginx.ingress.kubernetes.io/auth-tls-error-page: 'https://example.com'
   nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: 'false'
   nginx.ingress.kubernetes.io/auth-tls-secret: req-dumper/beyondcorp-client-ca
   nginx.ingress.kubernetes.io/auth-tls-verify-client: 'on'
   nginx.ingress.kubernetes.io/auth-tls-verify-depth: '1'

What happened:
Upgraded from 0.11.0 to 0.12.0. Backend services were not receiving the following headers anymore:
"Ssl-Client-Dn: CN=
Ssl-Client-Verify: SUCCESS"

What you expected to happen:
I expected the headers to be present.

How to reproduce it (as minimally and precisely as possible):
Access a header-aware service with 0.11.0 and 0.12.0 and compare headers sent by ingress-nginx.
@ghost
Copy link
Author

ghost commented Apr 11, 2018

Running some further tests, I am not even sure that client certificate validation is working with 0.12.0 the same way it was done with 0.11.0.

@aledbf
Copy link
Member

aledbf commented Apr 11, 2018

@gnufied there is an issue in 0.12.0 (#2259) fixed in master.
Please use quay.io/aledbf/nginx-ingress-controller:0.354

@ghost
Copy link
Author

ghost commented Apr 13, 2018

Can confirm that quay.io/aledbf/nginx-ingress-controller:0.354 fixes the issue. Will wait for next master release and continue using 0.11.0 for now. Thanks for the quick help!

Closed.

@ghost ghost closed this as completed Apr 13, 2018
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aledbf