In this article we will explain how to use Traefik middlewares and routers to manage authentication to many applications on Kubernetes.
Basic Authentication
Basic auth is a good way to restrict access to users you choose.
To manage Basic Authentication with Traefik, we will use the BasicAuth Middleware.
First, you need to define a secret with the Basic Authentication users at the format name:hashed-password with password hashed using MD5, SHA1, or BCrypt.
You can hash passwords using the following command: 'htpasswd -nb user password'.
apiVersion: v1
kind: Secret
metadata:
name: basic-auth-users-secret
stringData:
users: |>
user1:$apr1$rKM7TQZQ$FUFmIklAwWBy80pHFcZlM0
user2:$apr1$elAEjLXh$l5NtPMsZ5YmZhjKPJ5u4r/
and the middleware instance:
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-basic-auth
spec:
basicAuth:
secret: basic-auth-users-secret
You can now use the middleware in Traefik routers:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: test-basic-auth
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`test-basic-auth.lenra.io`)
middlewares:
- name: test-basic-auth
services:
- kind: Service
name: my-service
port: 8080
Stay tuned, we will see soon how to set up the forward authentication middleware !
Top comments (0)