Create Nginx Ingress Controller with basic authentication

  1. Create a basic auth file auth:

It’s important the file generated is named auth (actually - that the secret has a key data.auth), otherwise the ingress-controller returns a 503

$ USER=<USERNAME_HERE>; PASSWORD=<PASSWORD_HERE>; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth

  1. Create a secret

$ kubectl -n longhorn-system create secret generic basic-auth --from-file=auth

  1. Create an Nginx ingress controller manifest longhorn-ingress.yml :
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: longhorn-ingress
  namespace: longhorn-system
  annotations:
    # type of authentication
    nginx.ingress.kubernetes.io/auth-type: basic
    # name of the secret that contains the user/password definitions
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    # message to display with an appropriate context why the authentication is required
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required '
spec:
  rules:
  - http:
      paths:
      - path: /
        backend:
          serviceName: longhorn-frontend
          servicePort: 80
  1. Create the ingress controller: $ kubectl -n longhorn-system apply longhorn-ingress.yml

For AWS EKS clusters:

User need to create an ELB to expose nginx ingress controller to the internet. (additional cost may apply)

  1. Create pre-requisite resources: https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md#prerequisite-generic-deployment-command

  2. Create ELB: https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md#aws