Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: support for upstream client authentication #348

Closed
hbagdi opened this issue Aug 7, 2019 · 2 comments · Fixed by #483
Closed

Feature request: support for upstream client authentication #348

hbagdi opened this issue Aug 7, 2019 · 2 comments · Fixed by #483
Labels
area/feature New feature or request
Milestone
0.7.0

Comments

@hbagdi
Copy link
Member

hbagdi commented Aug 7, 2019

Kong 1.3 will ship with support for client authentication on the upstream side.
This means that Kong can authenticate itself to the upstream and upstream service can accept traffic only from Kong if needed.
@hbagdi hbagdi added the area/feature New feature or request label Aug 7, 2019
@hbagdi hbagdi added this to the 0.7.0 milestone Aug 7, 2019
hbagdi added a commit that referenced this issue Dec 9, 2019
@hbagdi
feat: upstream client certificate for each service
9619a6f 
Kong can present a client certificate during a TLS handshake to the
upstream service. This is configurable for each service in Kong (each
kubernetes service maps to a service in Kong).

Users can use `configuration.konghq.com/client-cert` annotation on the
service resource in k8s to specify the secret which should be used by
Kong for client authentication.

Fix #348
@hbagdi hbagdi mentioned this issue Dec 9, 2019
Merged
@vietwow
Copy link

vietwow commented Dec 12, 2019

Hi @hbagdi , this feature is about mutual ssl authentication ?

@hbagdi
Copy link
Member Author

hbagdi commented Dec 12, 2019

Yes, it is one part to mutual TLS authentication. The other part, Kong verify upstream's certificate is already supported.
So, once this is merged in, you can essentially perform mTLS between Kong and your service.

hbagdi added a commit that referenced this issue Dec 13, 2019
@hbagdi
feat: upstream client certificate for each service
9bd6a8c 
Kong can present a client certificate during a TLS handshake to the
upstream service. This is configurable for each service in Kong (each
kubernetes service maps to a service in Kong).

Users can use `configuration.konghq.com/client-cert` annotation on the
service resource in k8s to specify the secret which should be used by
Kong for client authentication.

Fix #348
From #483
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/feature New feature or request
Projects
None yet
Milestone
0.7.0
Development

Successfully merging a pull request may close this issue.

feat: upstream client certificate for each service Kong/kubernetes-ingress-controller
2 participants
@hbagdi @vietwow