How to enable mTLS authentication when using NGF? #3184
-
|
How do I enable MTLS checks when using Gateway Fabric? Is this a limitation that Also found the below issues. Are these related and thus, can only be used by Nginx Ingress Controller? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Hey @vazkarvishal! We currently don't have support for mTLS for client to NGF connections, nor NGF to the backend. The Gateway API sig has not yet finalized how mTLS should work, but for those issues you found above, we'll be pulling ahead the design they do have. The last issue there is for enforcing mTLS between applications - a bit like a lightweight service mesh. Which one were you looking for specifically? There MAY be a way to enable this right now using our SnippetFilter, but that might be tough since we need a file that contains your certificates... I'll let a maintainer chime in here. |
Beta Was this translation helpful? Give feedback.
-
|
Does that mean that I should stick to NGINX Ingress Controller and not switch to NGF (If my project is already using the Ingress Gateway MTLS Features?). |
Beta Was this translation helpful? Give feedback.
-
|
If you need mTLS, yes. Keep an eye on those issues above for when we do implement it. Definitely a priority for us in the near future. |
Beta Was this translation helpful? Give feedback.
Hey @vazkarvishal!
We currently don't have support for mTLS for client to NGF connections, nor NGF to the backend. The Gateway API sig has not yet finalized how mTLS should work, but for those issues you found above, we'll be pulling ahead the design they do have.
The last issue there is for enforcing mTLS between applications - a bit like a lightweight service mesh.
Which one were you looking for specifically?
There MAY be a way to enable this right now using our SnippetFilter, but that might be tough since we need a file that contains your certificates... I'll let a maintainer chime in here.