verify-client | Web Client for the Verify document | Authentication library

I am creating an nginx ingress on GKE.

On every reload event my controller prints to log:

I1019 13:23:31.679126 6 controller.go:145] "Configuration changes detected, backend reload required" I1019 13:23:31.776558
6 controller.go:162] "Backend successfully reloaded" I1019 13:23:31.776897 6 event.go:282] Event(v1.ObjectReference{Kind:"Pod", Namespace:"ingress-development", Name:"ingress-nginx-controller-6d55d6b5cd-g2rqh", UID:"109bb50d-b842-4e78-a9a4-ae3d4fc10166", APIVersion:"v1", ResourceVersion:"347936024", FieldPath:""}): type: 'Normal' reason: 'RELOAD' NGINX reload triggered due to a change in configuration E1019 13:23:31.777294 6 event.go:273] Unable to write event: 'can't patch an event with namespace 'ingress-development' in namespace 'development'' (may retry after sleeping)

My controller configuration:

I have an ingress controller in a GKE cluster with ingress.class:

On my production env, I have a configuration with two Nginx and the communication between the two servers is secured with this config like this: https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/

I am trying to upgrade a release and install it in case it has not been installed previously, by using the following command:

I have configure OpenVPN it is working fine. But I always need to import configuration and it has ca certificate, I enabled username and password authentication. But still I need to add this certificate.

How can I connect openvpn without certificate and configuration but only username and password.

I have configured my OpenVPN server to authenticate with google secure LDAP(Followed Document)

Here is my auth-ldap.conf file:

I'm setting up an instance of ghost and I'm trying to secure the /ghost path with client cert verification.

I've got an initial ingress up and running that serves the site quite happily with the path specified as /.

I'm trying to add a second ingress (that's mostly the same) for the /ghost path. If I do this and add the annotations for basic auth, everything seems to work. i.e. If I browse to /ghost I am prompted for credentials in the basic-auth secret, if I browse to any other URL it is served without auth.

I then switched to client cert verification based on this example: https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/auth/client-certs

When I try this either the whole site or none of the site is secured, rather than the path-based separation, I got with basic-auth. Looking at the nginx.conf from the running pod the proxy_set_header ssl-client-verify, proxy_set_header ssl-client-subject-dn & proxy_set_header ssl-client-issuer-dn elements are added under the root / path and the /ghost path. I've tried removing those (from the root only) and copying the config directly back to the pod but not luck there either.

I'm pulling nginx-ingress (Chart version 0.23.0) in as a dependency via Helm

Ingress definition for / location - this one works

I'm attempting to deploy a DNP3 server (an industrial protocol) within Kubernetes. DNP3 uses TCP communications but is a stateful protocol. I'm currently working on deploying the ingress controller configuration.

I realize that ingress controllers are intended for http/https traffic, but I'd like to use them if possible and take advantage of some of the inherent features (e.g. mutual TLS, whitelisting, etc.). Does the NGINX ingress controller require that incoming traffic be formatted as http traffic (e.g. having a header, etc.)? If it receives random TCP (non-http) traffic can it simply pass the traffic along to backend service?

The annotations I'm trying to work with include:

I have created a server.keystore and then a client.keyStore with a client.crt which i used to client.truststore

the server.keystore with alias devmyserverkey