8000 proxy_ssl_trusted_certificate getting cert and then crl on the same line · Issue #3732 · nginx/kubernetes-ingress · GitHub
[go: up one dir, main page]
Skip to content

proxy_ssl_trusted_certificate getting cert and then crl on the same line #3732

New issue
New issue
Closed
#3737
Closed
proxy_ssl_trusted_certificate getting cert and then crl on the same line#3732
#3737
Assignees
shaun-nx
@brianehlert

Description

@brianehlert
brianehlert
opened on Apr 6, 2023

Discussed in #3731

Originally posted by coolbry95 April 6, 2023
I believe this is breaking from this line here https://github.com/nginxinc/kubernetes-ingress/pull/3632/files#diff-0a308ab187fcddbbc7a73510aacc512d8a04022d75c6f95044b1e3fd4c483770R738.

Before it would just return the full path for the cert but now its returning the cert and the crl.

proxy_ssl_trusted_certificate /etc/nginx/secrets/asdf-trusted-ca-ca.crt /etc/nginx/secrets/asdf-trusted-ca-ca.crl;

apiVersion: k8s.nginx.org/v1
kind: Policy
metadata:
  name: egress-mtls-oauth2
spec:
  egressMTLS:
    trustedCertSecret: egress-trusted-ca
    verifyServer: true
    verifyDepth: 25
    serverName: true
    sessionReuse: true
    sslName: oauth2.googleapis.com
apiVersion: k8s.nginx.org/v1
kind: Policy
metadata:
  name: egress-mtls-pubsub
spec:
  egressMTLS:
    trustedCertSecret: egress-trusted-ca
    verifyServer: true
    verifyDepth: 25
    serverName: true
    sessionReuse: true
    sslName: pubsub.googleapis.com
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
  name: oauth
spec:
  host: oauth2.googleapis.com
  tls:
    secret: egress-proxy-tls
  policies:
    - name: ingress-mtls
    - name: egress-mtls-oauth2
  upstreams:
  - name: oauth
    service: oauth
    port: 443
    tls:
      enable: true
  routes:
  - path: /
    action:
      pass: oauth
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
  name: pubsub
spec:
  host: pubsub.googleapis.com
  tls:
    secret: egress-proxy-tls
  policies:
    - name: ingress-mtls
    - name: egress-mtls-pubsub
  upstreams:
  - name: pubsub
    service: pubsub
    port: 443
    type: grpc
    tls:
      enable: true
  routes:
  - path: /
    action:
      pass: pubsub
```</div>

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    0