-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restore secure-verify-ca-secret annotation docs #3484
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: gorshunovr If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
I kindly ask developers to re-confirm in the source code correctness of the statement below during the review process:
Thank you. |
Hello team. Please, add assignee and review. This is a documentation change only. Thank you. |
1 similar comment
Hello team. Please, add assignee and review. This is a documentation change only. Thank you. |
If you want to validate the upstream against a specific certificate, you can create a secret with it and reference the secret with the annotation `nginx.ingress.kubernetes.io/secure-verify-ca-secret`. | ||
|
||
!!! note | ||
If an invalid or non-existent secret is given, the NGINX ingress controller will ignore the `ssl-passthrough` annotation. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not correct. Using ssl-passthrough
annotation bypasses ningx and any other annotation is omitted (we already mention this in the docs)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the review, Manuel.
Then how is secure-verify-ca-secret
defined in internal/ingress/annotations/secureupstream/main.go supposed to work?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this still needed, or can be closed as invalid? Or is it valid (see previous comment)? Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just checked the upstream docs and doens't say anything in them but that the annotation nginx.ingress.kubernetes.io/secure-verify-ca-secret exists but not how to use it. So, I think this is still valid/needed.
I've been waiting for that annotation for a while now actually, but never found it till now.
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Is this still needed, or can be closed as invalid? Or is it valid (see previous comment)? Thanks! |
/remove-lifecycle stale |
/remove-lifecycle rotten |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle rotten |
secure-verify-ca-secret annotation docs are still missing. Please, review. Thank you. |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@gorshunovr: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@fejta-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What this PR does / why we need it: this PR restores
secure-verify-ca-secret
annotation docs added in #2169, which were removed in #3203.Which issue this PR fixes: n/a
Special notes for your reviewer: n/a