Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation for Client-Cert Authentication misleading #10687

Closed
clauspruefer opened this issue Nov 28, 2023 · 4 comments · Fixed by #10705
Closed

Documentation for Client-Cert Authentication misleading #10687

clauspruefer opened this issue Nov 28, 2023 · 4 comments · Fixed by #10705
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-priority triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@clauspruefer
Copy link
Contributor

clauspruefer commented Nov 28, 2023
edited
Loading

What happened:

Documentation @ https://kubernetes.github.io/ingress-nginx/examples/auth/client-certs/ contains wrong information about Creating Certificate Secrets.

kubectl create secret generic tls-secret --from-file=tls.crt=server.crt --from-file=tls.key=server.key does not work in general (2 = signs), also creates a secret of wrong type (correct type should be: tls).

What you expected to happen:

kubectl create secret tls tls-secret-name --cert server.crt --key server.key works fine.

NGINX Ingress controller version (exec into the pod and run nginx-ingress-controller --version.):

NGINX Ingress controller
Release: v1.8.0
Build: 35f5082
Repository: https://github.com/kubernetes/ingress-nginx
nginx version: nginx/1.21.6

Kubernetes version (use kubectl version):

Client Version: v1.28.4
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.27.7
Environment:

How to reproduce this issue:

Not required, just documentation fix needed in my oppinion.
@clauspruefer clauspruefer added the kind/bug Categorizes issue or PR as related to a bug. label Nov 28, 2023
@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority labels Nov 28, 2023
@strongjz
Copy link
Member

@clauspruefer Please open a PR to fix the documentation, and we will get it updated.

@longwuyuan
Copy link
Contributor

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Nov 30, 2023
@clauspruefer
Copy link
Contributor Author

On the way...

@clauspruefer clauspruefer mentioned this issue Nov 30, 2023
Merged
4 tasks
@clauspruefer
Copy link
Contributor Author

It is not true, my tests proof, both ways work exact the same:

kubectl create secret generic tls-secret-name --from-file=tls.crt=server.crt --from-file=tls.key=server.key
and
kubectl create secret tls tls-secret-name --cert server.crt --key server.key

@strongjz But please review my PR, the updated documentation should be fine now.

@clauspruefer clauspruefer changed the title Documentation for Client-Cert Authentication contains wrong information Documentation for Client-Cert Authentication misleading Dec 4, 2023
k8s-ci-robot pushed a commit that referenced this issue Dec 9, 2023
@clauspruefer
Update Documentation for Client-Cert Authentication misleading #10687 (
14d8be4 
…#10705)

* Update README.md

Update / restructure "Client Cert Authentication" Documentation sub-section

* Update README.md

* Update README.md

* Update README.md

* Update README.md

Add openssl subjectAltName and remark for future releases.

* Update README.md

Moved subjectAltName to new topic "Remarks", i think it is not annotation / ingress related

* Update README.md

Typo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-priority triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
[SIG Network] Ingress NGINX
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Documentation for Client-Cert Authentication misleading #10687 clauspruefer/ingress-nginx
4 participants
@strongjz @longwuyuan @clauspruefer @k8s-ci-robot