David Igou

David Igou


Blog Archive Contact Dale
  • Prometheus in Your Home
  • Simple Go Webhook Receiver
  • Kubernetes Local Storage
  • Secure Networking between local hosts and an AWS VPC
  • Nginx metrics via exporter sidecar
  • k3s tweaks
  • Securing a Kubernetes ingress with htpasswd
  • Running a static website on Kubernetes
  • Buildin this site again .. again
  • Openshift on AWS caveats
  • Prometheus
  • Building this site (again)
  • Kubernetes-2
  • Kubernetes
  • Plotting banned hosts
  • Fail2ban
  • Building this site [Legacy]
  • Securing a Kubernetes ingress with htpasswd

    Here’s a pretty easy example for adding basic password auth to a Kubernetes ingress

    $ htpasswd -nb david stinkysocks
    david:$apr1$dxwaFeYS$Tt3D4YsaFyja1W1zPPXUh0
    $ echo -n `david:$apr1$dxwaFeYS$Tt3D4YsaFyja1W1zPPXUh0` |base64
    ZGF2aWQ6JGFwcjEkZHh3ekZlFUMEzULTRAc2FGeGREATSWORDxelBQWFVoMA==
    

    Stick it in a secret

    apiVersion: v1
    kind: Secret
    type: Opaque
    metadata:
      name: ingress-auth
    data:
      auth: ZGF2aWQ6JGFwcjEkZHh3ekZlFUMEzULTRAc2FGeGREATSWORDxelBQWFVoMA==
    

    Add these annotations to your ingress:

    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
      annotations:
        ingress.kubernetes.io/redirect-entry-point: https
        ingress.kubernetes.io/auth-secret: ingress-auth
        ingress.kubernetes.io/auth-type: basic
      name: grafana-ingress
      namespace: monitoring
    spec:
      rules:
      - host: dashboard.myorg.com
        http:
          paths:
          - backend:
              serviceName: grafana
              servicePort: 3000
      tls:
      - secretName: grafana-acme-certificate