Basic Auth configuration based on Traefik
This article was last updated on: July 24, 2024 am
preface
Traefikis a modern HTTP reverse proxy and load balancer that makes it easy to deploy microservices.
Traefik can be integrated with multiple existing infrastructure components (Docker, Swarm pattern, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS…). Integrate and configure yourself automatically and dynamically.
Series:
Today we are using Traefik on K8S to detail how to implement authentication capabilities with BasicAuth MiddleWare
The reason for using Basic Auth is simple, for example, we want to put an unauthenticated page on the public network, but for security reasons, we want only users with accounts and passwords to access it. For example, if you release the Prometheus UI/AlertManager UI to the public network, you can add Basic Auth.
Create BasicAuth MiddleWare
Create a YAML file: (As mentioned in the note, the users base64 string can be generated directly via htpasswd)
1 |
|
📝Notes:
Note: In Kubernetes secrets, strings (e.g. generated by htpasswd) must first be base64 encoded.
To create an encoded user:password pair, you can use the following command:
htpasswd -nb user password | openssl base64
1 |
|
Create an IngressRoute based on BasicAuth MiddleWare
As shown below, in middlewares
Quoted in basic-auth
:
1 |
|
verify
After visiting the corresponding page, a login dialog box will pop up, as follows:
Enter the account password correctly to access 🎉🎉🎉
📚️ Reference documentation
EOF