Nginx ingress with host specific client-auth

Asking for help? Comment out what you need so we can get more information to help you!

Cluster information:

Kubernetes version: v1.19.0
Cloud being used: bare-metal
Installation method: minikube
Host OS: Ubuntu 20.04
CNI and version: N/A
CRI and version: N/A

Hi, I am running a minikube cluster on my local machine to test out nginx ingress. I have a requirement where the container that is running my app needs to support tls on some paths and mtls on some paths.

something like myserver/api1 which doesn’t require mtls and myserver/api2 which does require mtls.

I created an ingress resource with following ingress host settings.

  - host: mytlsserver
    paths: [ '/api1' ]
  - host: mymtlsserver
    paths: [ '/api2' ]

and my ingress annotations read something like:
kubernetes .io / ingress.class: nginx
nginx .ingress .kubernetes .io / auth-tls-verify-client: “on”
nginx .ingress .kubernetes .io / auth-tls-secret: “default/client-ca”
nginx .ingress .kubernetes .io / auth-tls-verify-depth: “1”
nginx .ingress .kubernetes .io / auth-tls-pass-certificate-to-upstream: “true”
nginx .ingress .kubernetes .io / service-upstream: “true”
nginx .ingress .kubernetes .io / upstream-vhost: myserver.default

Now the thing is these two annotations are applied for the ingress resource:
nginx .ingress .kubernetes .io/auth-tls-verify-client: “on”
nginx .ingress .kubernetes .io/auth-tls-secret: “default/client-ca”

Is there a way to enable client certificate verification host specific.
so that when someone calls https : // mytlsserver /api1 client cert verification is not done and when someone calls https : // mymtlsserver /api2 client cert verification is performed.