It is possible to enable Client Certificate Authentication using additional annotations in the Ingress.
-
Create a file named
ca.crtcontaining the trusted certificate authority chain (all ca certificates in PEM format) to verify client certificates. -
Create a secret from this file:
kubectl create secret generic auth-tls-chain --from-file=ca.crt --namespace=default -
Add the annotations as provided in the ingress.yaml example to your ingress object.