Kubernetes's Ingress annotations for x509 certificate authentificate
First of all you are missing the secret with SSL files issued for your domain. (if we are talking about a native k8s secret management) You secret should be created by:
kubectl --namespace bdf-opengie-test create secret tls <secret_name> --key <key_path> --cert <cert_path>
Then your Ingress
.yml file should contain this secret:
... tls: - hosts: - keycloak-opengie-test-ssl.<domain> secretName: <secret_name>
Only after this you can think about any annotations for auth or something else which is not working
Note: the secret is a namespaced object.
ingress: hostname: id.login.example.com annotations: nginx.ingress.kubernetes.io/configuration-snippet: "more_clear_input_headers \"x-forwarded-client-cert\";\n more_set_input_headers \"x-forwarded-client-cert: $ssl_client_cert\";\n" nginx.ingress.kubernetes.io/server-snippet: | ssl_verify_client on; ssl_client_certificate /etc/nginx/truststore-development.crt; ssl_verify_depth 2; ssl_session_cache off;