k8s nginx ingress - basic auth on folder Andres Galindo | undefined

k8s nginx ingress - basic auth on folder

Posted 2020/04/22 00:55

Scenario

Say we have an application, like, say, a roughly made blog with a basic administration panel; we're wanting to deploy the blog so our readers can access our content but want to protect our admin panel, how can we do this easily? Thankfully, the NGINX Ingress Controller supports Basic Authentication - so we have a solution*.

*Note: there are a multitude of security issues with Basic Authentication outside the scope of this blog post to cover but easily found with Google, use Basic Auth with care, over TLS, and for the appropriate situations.

How do we do it?

The solution is simple, we just have to create two ingress defs for the same host but one with our basic auth annotations and the other without it.

kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  namespace: example 
  name: blog 
spec:
  rules:
    - host: blog.example.app  
      http:  
        paths: 
          - backend:  
              serviceName: blog
              servicePort: 80  
            path: /
  tls:
    - hosts:  
      - blog.example.app   
      secretName: blog-ingress-tls
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  namespace: example  
  name: blog-admin  
  annotations:    
    nginx.ingress.kubernetes.io/auth-type: basic 
    nginx.ingress.kubernetes.io/auth-secret: blog-admin-creds     
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required' 
spec:
  rules:
    - host: blog.example.app        
       http:
          paths:
           - backend:
                serviceName: blog
                servicePort: 80
              path: /admin
  tls:
    - hosts:
       - blog.example.app
      secretName: blog-ingress-tls

If you're unfamiliar with NGINX Ingress Basic Auth at all, see the documentation here

Afterthoughts

I really need to improve the markdown based editor for this blog.