Hallöchen! Am Freitag, 3. Februar 2017 14:30:47 UTC+1 schrieb Alex Creek: > > Nginx is stripping out the client cert when it proxies the request. You > have to setup raw tcp forwarding instead of http proxying. You can use > the ngx_stream_proxy_module available in nginx 1.9.0 or haproxy which does > it out of the box. >
Note that it is nginx – rather than k8s – that denies the request. If I switch off client certificate checking in nginx, I can communicate successfully with k8s. This is because I told nginx to use that same cert when contacting k8s. So the second part works but not the first part. Seemingly, the cert is not sent from kubectl in the first place. But why shouldn't it? I got it working now by using Basic Auth between kubectl and nginx, and the TLS cert between nginx and k8s. It would still be nice if both connections used the client certificate. -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
