Using Kubernetes ingress controller for authenticating applications
August 14, 2018 -
has redefined the routing in this era of containerization
and with all these freehand routing techniques the thought of “My router my rules” seems real.
We use nginx-ingress as a routing service for our applications.
There is a lot more than routing we can do with ingress.
One of the important features is setting up authentication using ingress for our application.
As all the traffic goes from ingress to our service,
it makes sense to setup authentication on ingress.
As mentioned in
there are different types of techniques available for authentication including:
Oauth external authentication
In this blog, we will set up authentication for the sample application
using basic ingress authentication technique.
First, let’s create ingress resources from upstream
example by running the following command.
Now that ingress controller resources are created we need a service to access the ingress.
Use following manifest to create service for ingress.
Now, get the ELB endpoint and bind it with some domain name.
Let’s create a deployment and service for our sample application kibana.
We need elasticsearch to run kibana.
Here is manifest for the sample application.
Create the sample application.
Now that we have created application and ingress resources,
it’s time to create an ingress and access the application.
Use the following manifest to create ingress.
Now that our application is up,
when we access the kibana dashboard using URL http://logstest.myapp-staging.com
We directly have access to our Kibana dashboard and anyone
with this URL can access logs as shown in the following image.
Now, let’s set up a basic authentication using htpasswd.
Follow below commands to generate the secret for credentials.
Let’s create an auth file with username and password.
Create k8s secret.
Verify the secret.
Use following annotations in our ingress manifest by updating the ingress manifest.