Kubernetes basic authentication with Traefik
It is popular to use basic authentication. In reference to Kubernetes documentation, you should be able to protect access to Traefik using the following steps :
- Create authentication file using
htpasswd
tool. You'll be asked for a password for the user:
htpasswd -c ./auth
- Now use
kubectl
to create a secret in the monitoring namespace using the file created byhtpasswd
.
kubectl create secret generic mysecret --from-file auth --namespace=monitoring
- Enable basic authentication by attaching annotations to Ingress object:
ingress.kubernetes.io/auth-type: "basic"
ingress.kubernetes.io/auth-secret: "mysecret"
So, full example config of basic authentication can looks like:
apiVersion: extensions/v1beta1kind: Ingressmetadata: name: prometheus-dashboard namespace: monitoring annotations: kubernetes.io/ingress.class: traefik ingress.kubernetes.io/auth-type: "basic" ingress.kubernetes.io/auth-secret: "mysecret"spec: rules: - host: dashboard.prometheus.example.com http: paths: - backend: serviceName: prometheus servicePort: 9090
- You can apply the example as following:
kubectl create -f prometheus-ingress.yaml -n monitoring
This should work without any issues.