How to hand client certificate to the server on Kubernetes cluster?

Question

Hi. We attempt to distinguish every user from others by client certificate's subject. Our BIG-IP is connecting to kubernetes cluster which uses calico as cni. Now, BIG-IP receives request on port 443(https), and servers receive on port 80(http). But when do it, servers cannot get client certificate's subject. I tried to apply iRules to the virtual server, but it's configured by f5-bigip-ctrl, and iRules always dissappeared. How should I do? Thanks!

rodrigo_albuque · Answer

Hi Yoko,&nbsp;Are you talking about production traffic? If server-side connection is HTTP, there should be no client certificate sent over to your servers. I guess I didn't quite understand what you're trying to do?

yk1 · Answer

Rodrigo, thank you for your reply.I'm trying to get subject of client certificate (actually, our application server uses it for user authentication, and cannot recognize who access to without subject). I want only subject, so not necessary to send client certificate itself. Best solution is ssl passthrough (because all BIG-IP has to do is to through requests, I think), but our BIG-IP somehow wouldn't do ssl passthrough, so I'm seeking another solution.

Forum Discussion

How to hand client certificate to the server on Kubernetes cluster?

Recent Discussions

Statistics ›› Analytics : HTTP : Overview

VS FORWARDING & ROUTE

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

Related Content

Integrating with your IPv6 Kubernetes Cluster

Multiple Kubernetes Clusters and Path-Based Routing with F5 Distributed Cloud

Multi-cluster Kubernetes/Openshift with GSLB-TOOL

Use Kubernetes Cert-Manager to Maintain Let's Encrypt Certificates

Securing Kubernetes Cluster with PodSecurityPolicy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS