Nginx is stripping out the client cert when it proxies the request. You have to setup raw tcp forwarding instead of http proxying. You can use the ngx_stream_proxy_module available in nginx 1.9.0 or haproxy which does it out of the box.
Alex On 2/3/17, 2:37 AM, "Torsten Bronger" <kubernetes-users@googlegroups.com on behalf of bron...@physik.rwth-aachen.de> wrote: >Hallöchen! > >I have a k8s API server behind an nginx as reverse proxy. Because my >kubectl uses client certificate authentication, the nginx must check >that. However, the nginx replies to the kubectl that ³No required >SSL certificate was sent². The ~/.kube/config file clearly contains >TLS cert data for that user (and this works locally, without nginx >inbetween). Must kubectl be triggered or forced somehow to actually >sent the TLS cert data? > >Tschö, >Torsten. > >-- >Torsten Bronger > >-- >You received this message because you are subscribed to the Google Groups >"Kubernetes user discussion and Q&A" group. >To unsubscribe from this group and stop receiving emails from it, send an >email to kubernetes-users+unsubscr...@googlegroups.com. >To post to this group, send email to kubernetes-users@googlegroups.com. >Visit this group at https://groups.google.com/group/kubernetes-users. >For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
