Add secret creation to docs for kubernetes backend
This commit is contained in:
parent
9bd0fff319
commit
56affb90ae
2 changed files with 69 additions and 3 deletions
|
@ -118,10 +118,10 @@ If one of the Net-Specifications are invalid, the whole list is invalid and allo
|
||||||
### Authentication
|
### Authentication
|
||||||
|
|
||||||
Is possible to add additional authentication annotations in the Ingress rule.
|
Is possible to add additional authentication annotations in the Ingress rule.
|
||||||
The source of the authentication is a secret that contains usernames and passwords inside the the key auth.
|
The source of the authentication is a secret that contains usernames and passwords inside the key auth.
|
||||||
|
|
||||||
- `ingress.kubernetes.io/auth-type`: `basic`
|
- `ingress.kubernetes.io/auth-type`: `basic`
|
||||||
- `ingress.kubernetes.io/auth-secret`
|
- `ingress.kubernetes.io/auth-secret`: `mysecret`
|
||||||
Contains the usernames and passwords with access to the paths defined in the Ingress Rule.
|
Contains the usernames and passwords with access to the paths defined in the Ingress Rule.
|
||||||
|
|
||||||
The secret must be created in the same namespace as the Ingress rule.
|
The secret must be created in the same namespace as the Ingress rule.
|
||||||
|
|
|
@ -79,7 +79,7 @@ It is possible to use Træfik with a [Deployment](https://kubernetes.io/docs/con
|
||||||
|
|
||||||
The Deployment objects looks like this:
|
The Deployment objects looks like this:
|
||||||
|
|
||||||
```yml
|
```yaml
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
|
@ -327,6 +327,72 @@ echo "$(minikube ip) traefik-ui.minikube" | sudo tee -a /etc/hosts
|
||||||
|
|
||||||
We should now be able to visit [traefik-ui.minikube](http://traefik-ui.minikube) in the browser and view the Træfik Web UI.
|
We should now be able to visit [traefik-ui.minikube](http://traefik-ui.minikube) in the browser and view the Træfik Web UI.
|
||||||
|
|
||||||
|
## Basic Authentication
|
||||||
|
|
||||||
|
It's possible to add additional authentication annotations in the Ingress rule.
|
||||||
|
The source of the authentication is a secret that contains usernames and passwords inside the key auth.
|
||||||
|
To read about basic auth limitations see the [Kubernetes Ingress](/configuration/backends/kubernetes) configuration page.
|
||||||
|
|
||||||
|
#### Creating the Secret
|
||||||
|
|
||||||
|
A. Use `htpasswd` to create a file containing the username and the base64-encoded password:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
htpasswd -c ./auth myusername
|
||||||
|
```
|
||||||
|
|
||||||
|
You will be prompted for a password which you will have to enter twice.
|
||||||
|
`htpasswd` will create a file with the following:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
cat auth
|
||||||
|
```
|
||||||
|
```
|
||||||
|
myusername:$apr1$78Jyn/1K$ERHKVRPPlzAX8eBtLuvRZ0
|
||||||
|
```
|
||||||
|
|
||||||
|
B. Now use `kubectl` to create a secret in the monitoring namespace using the file created by `htpasswd`.
|
||||||
|
|
||||||
|
```shell
|
||||||
|
kubectl create secret generic mysecret --from-file auth --namespace=monitoring
|
||||||
|
```
|
||||||
|
|
||||||
|
!!! note
|
||||||
|
Secret must be in same namespace as the ingress rule.
|
||||||
|
|
||||||
|
C. Create the ingress using the following annotations to specify basic auth and that the username and password is stored in `mysecret`.
|
||||||
|
|
||||||
|
- `ingress.kubernetes.io/auth-type: "basic"`
|
||||||
|
- `ingress.kubernetes.io/auth-secret: "mysecret"`
|
||||||
|
|
||||||
|
Following is a full ingress example based on Prometheus:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: prometheus-dashboard
|
||||||
|
namespace: monitoring
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: traefik
|
||||||
|
ingress.kubernetes.io/auth-type: "basic"
|
||||||
|
ingress.kubernetes.io/auth-secret: "mysecret"
|
||||||
|
spec:
|
||||||
|
rules:
|
||||||
|
- host: dashboard.prometheus.example.com
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- backend:
|
||||||
|
serviceName: prometheus
|
||||||
|
servicePort: 9090
|
||||||
|
```
|
||||||
|
|
||||||
|
You can apply the example ingress as following:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
kubectl create -f prometheus-ingress.yaml -n monitoring
|
||||||
|
```
|
||||||
|
|
||||||
## Name based routing
|
## Name based routing
|
||||||
|
|
||||||
In this example we are going to setup websites for 3 of the United Kingdoms best loved cheeses, Cheddar, Stilton and Wensleydale.
|
In this example we are going to setup websites for 3 of the United Kingdoms best loved cheeses, Cheddar, Stilton and Wensleydale.
|
||||||
|
|
Loading…
Reference in a new issue