From b4c2aabd81d71d6746eb67cd2608121ffd225867 Mon Sep 17 00:00:00 2001
From: Jess <jess@jessie.cafe>
Date: Sun, 22 Dec 2024 18:36:26 +1300
Subject: [PATCH] k8s/dashboard: setup mtls

---
 k8s/k8s-dashboard.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/k8s/k8s-dashboard.yaml b/k8s/k8s-dashboard.yaml
index b441d6e..d049405 100644
--- a/k8s/k8s-dashboard.yaml
+++ b/k8s/k8s-dashboard.yaml
@@ -26,6 +26,12 @@ spec:
               scope: cluster
             hosts:
               - dashboard.k8s.jessie.cafe
+            annotations:
+              nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
+              # FIXME: part of declarative secret management
+              nginx.ingress.kubernetes.io/auth-tls-secret: default/ca-secret
+              nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
+              nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
   destination:
     server: "https://kubernetes.default.svc"
     namespace: kubernetes-dashboard