Skip to content

Commit dc4941f

Browse files
JackStrombergJackStromberg
authored
Add secret creation and rename names to proper references
1 parent c1d4b64 commit dc4941f

File tree

1 file changed

+26
-8
lines changed

1 file changed

+26
-8
lines changed

articles/application-gateway/for-containers/how-to-frontend-mtls-gateway-api.md

Lines changed: 26 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ author: greglin
66
ms.service: azure-application-gateway
77
ms.subservice: appgw-for-containers
88
ms.topic: how-to
9-
ms.date: 9/16/2024
9+
ms.date: 9/17/2024
1010
ms.author: greglin
1111
---
1212

@@ -103,7 +103,7 @@ spec:
103103
certificateRefs:
104104
- kind : Secret
105105
group: ""
106-
name: contoso.com
106+
name: listener-tls-secret
107107
EOF
108108
```
109109

@@ -147,7 +147,7 @@ EOF
147147
certificateRefs:
148148
- kind : Secret
149149
group: ""
150-
name: contoso.com
150+
name: listener-tls-secret
151151
addresses:
152152
- type: alb.networking.azure.io/alb-frontend
153153
value: $FRONTEND_NAME
@@ -223,8 +223,8 @@ spec:
223223
- name: gateway-01
224224
rules:
225225
- backendRefs:
226-
- name: mtls-app
227-
port: 443
226+
- name: echo
227+
port: 80
228228
EOF
229229
```
230230

@@ -266,6 +266,12 @@ status:
266266
namespace: test-infra
267267
```
268268

269+
Create a Kubernetes secret using kubectl that contains the certificate chain to the client certificate.
270+
271+
```bash
272+
kubectl create secret generic ca.bundle -n test-infra --from-file=ca.crt=root.crt
273+
```
274+
269275
Create a FrontendTLSPolicy
270276

271277
```bash
@@ -290,7 +296,6 @@ spec:
290296
group: ""
291297
kind: Secret
292298
namespace: test-infra
293-
subjectAltName: "contoso-client"
294299
EOF
295300
```
296301

@@ -321,10 +326,23 @@ Now we're ready to send some traffic to our sample application, via the FQDN ass
321326
fqdn=$(kubectl get gateway gateway-01 -n test-infra -o jsonpath='{.status.addresses[0].value}')
322327
```
323328
324-
Curling this FQDN should return responses from the backend as configured on the HTTPRoute.
329+
Curling the FQDN of your frontend without the client certificate.
330+
331+
```bash
332+
curl --insecure https://$fqdn/```
333+
334+
Note the response alerts a certificate is required.
335+
336+
```
337+
curl: (56) OpenSSL SSL_read: OpenSSL/1.1.1k: error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required, errno 0
338+
```
339+
340+
Curl the FQDN presenting the client certificate generated.
325341
326342
```bash
327343
curl --cert client.crt --key client.key --insecure https://$fqdn/
328344
```
329345
330-
Congratulations, you have installed ALB Controller, deployed a backend application, authenticated via client certificate, and routed traffic to the application via the gateway on Application Gateway for Containers.
346+
Note the response is from the backend service behind Application Gateway for Containers.
347+
348+
Congratulations, you have installed ALB Controller, deployed a backend application, authenticated via client certificate, and returned traffic from your backend service via Application Gateway for Containers.

0 commit comments

Comments
 (0)