Is mutual SSL / client certificate authentication supported by the Rancher agent?
We already have an Apache reverse proxy in front of the Rancher server to provide SSL, however, we would also like to do an SSLVerifyClient Require to prevent unauthorized (or any really) access to the Rancher API without a valid client certificate.
I think we’ll try to implement some kind of split interface design where users of a public vip are required to present a client certificate, however, API users will have their own endpoint that doesn’t require one.