Skip to content

Commit

Permalink
Mention secret types in docs
Browse files Browse the repository at this point in the history
  • Loading branch information
pleshakov committed Nov 18, 2020
1 parent d72fa95 commit ed58ce1
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ spec:
Here is a breakdown of what this Ingress resource definition means:
* The `metadata.name` field defines the name of the resource `cafe‑ingress`.
* In the `spec.tls` field we set up SSL/TLS termination:
* In the `secretName`, we reference a secret resource by its name, `cafe‑secret`. This resource contains the SSL/TLS certificate and key and it must be deployed prior to the Ingress resource.
* In the `secretName`, we reference a secret resource by its name, `cafe‑secret`. The secret must belong to the same namespace as the Ingress, it must be of the type ``kubernetes.io/tls`` and contain keys named ``tls.crt`` and ``tls.key`` that hold the certificate and private key as described [here](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls>). If the secret doesn't exist, NGINX will break any attempt to establish a TLS connection to the hosts to which the secret is applied.
* In the `hosts` field, we apply the certificate and key to our `cafe.example.com` host.
* In the `spec.rules` field, we define a host with domain name `cafe.example.com`.
* In the `paths` field, we define two path‑based rules:
Expand Down
8 changes: 4 additions & 4 deletions docs-web/configuration/policy-resource.md
Original file line number Diff line number Diff line change
Expand Up @@ -252,7 +252,7 @@ The value of the `${jwt_claim_user}` variable is the `user` claim of a JWT. For
- Type
- Required
* - ``secret``
- The name of the Kubernetes secret that stores the JWK. It must be in the same namespace as the Policy resource. The JWK must be stored in the secret under the key ``jwk``, otherwise the secret will be rejected as invalid.
- The name of the Kubernetes secret that stores the JWK. It must be in the same namespace as the Policy resource. The secret must be of the type ``nginx.org/jwk``, and the JWK must be stored in the secret under the key ``jwk``, otherwise the secret will be rejected as invalid.
- ``string``
- Yes
* - ``realm``
Expand Down Expand Up @@ -318,7 +318,7 @@ We use the `requestHeaders` of the [Action.Proxy](/nginx-ingress-controller/conf
- Type
- Required
* - ``clientCertSecret``
- The name of the Kubernetes secret that stores the CA certificate. It must be in the same namespace as the Policy resource. The certificate must be stored in the secret under the key ``ca.crt``, otherwise the secret will be rejected as invalid.
- The name of the Kubernetes secret that stores the CA certificate. It must be in the same namespace as the Policy resource. The secret must be of the type ``nginx.org/ca``, and the certificate must be stored in the secret under the key ``ca.crt``, otherwise the secret will be rejected as invalid.
- ``string``
- Yes
* - ``verifyClient``
Expand Down Expand Up @@ -365,11 +365,11 @@ egressMTLS:
- Type
- Required
* - ``tlsSecret``
- The name of the Kubernetes secret that stores the TLS certificate and key. It must be in the same namespace as the Policy resource. The certificate must be stored in the secret under the key ``tls.crt`` and ``tls.key``, otherwise the secret will be rejected as invalid.
- The name of the Kubernetes secret that stores the TLS certificate and key. It must be in the same namespace as the Policy resource. The secret must be of the type ``kubernetes.io/tls``, the certificate must be stored in the secret under the key ``tls.crt``, and the key must be stored under the key ``tls.key``, otherwise the secret will be rejected as invalid.
- ``string``
- No
* - ``trustedCertSecret``
- The name of the Kubernetes secret that stores the CA certificate. It must be in the same namespace as the Policy resource. The certificate must be stored in the secret under the key ``ca.crt``, otherwise the secret will be rejected as invalid.
- The name of the Kubernetes secret that stores the CA certificate. It must be in the same namespace as the Policy resource. The secret must be of the type ``nginx.org/ca``, and the certificate must be stored in the secret under the key ``ca.crt``, otherwise the secret will be rejected as invalid.
- ``string``
- No
* - ``verifyServer``
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ redirect:
- Type
- Required
* - ``secret``
- The name of a secret with a TLS certificate and key. The secret must belong to the same namespace as the VirtualServer. The secret must contain keys named ``tls.crt`` and ``tls.key`` that contain the certificate and private key as described `here <https://kubernetes.io/docs/concepts/services-networking/ingress/#tls>`_. If the secret doesn't exist, NGINX will break any attempt to establish a TLS connection to the host of the VirtualServer.
- The name of a secret with a TLS certificate and key. The secret must belong to the same namespace as the VirtualServer. The secret must be of the type ``kubernetes.io/tls`` and contain keys named ``tls.crt`` and ``tls.key`` that contain the certificate and private key as described `here <https://kubernetes.io/docs/concepts/services-networking/ingress/#tls>`_. If the secret doesn't exist, NGINX will break any attempt to establish a TLS connection to the host of the VirtualServer.
- ``string``
- No
* - ``redirect``
Expand Down

0 comments on commit ed58ce1

Please sign in to comment.