Nginx Ingress : Basic Auth

README.md

Basic Authentication with Nginx Ingress

This gist shows how to add authentication in a Ingress rule using a secret that contains a file generated with htpasswd. It's important the file generated is named auth (actually - that the secret has a key data.auth), otherwise the ingress-controller returns a 503.

Read more : https://kubernetes.github.io/ingress-nginx/examples/auth/basic

1. Create auth credentials

docker run --rm -ti your-org/htpasswd toto-user toto-password > auth

2. Create secret

kubectl create secret generic basic-auth --from-file=auth secret "basic-auth" created

3. Patch Ingress

annotations:
    # type of authentication
    nginx.ingress.kubernetes.io/auth-type: basic
    # name of the secret that contains the user/password definitions
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    # message to display with an appropriate context why the authentication is required
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'

Dockerfile

## Build this image to create htpasswd
##
## docker build -t your-org/htpasswd .

FROM alpine

RUN apk add --update apache2-utils \
    && rm -rf /var/cache/apk/*

ENTRYPOINT ["htpasswd", "-Bbn"]

sample-ingress.yaml

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress-with-auth
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
  rules:
  - host: foo.bar.com
    http:
      paths:
      - path: /
        backend:
          serviceName: http-svc
          servicePort: 80