111 lines
No EOL
32 KiB
HTML
111 lines
No EOL
32 KiB
HTML
<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><link href=https://kubernetes.github.io/ingress-nginx/examples/auth/basic/ rel=canonical><link href=../../affinity/cookie/ rel=prev><link href=../client-certs/ rel=next><link rel=icon href=../../../assets/images/favicon.png><meta name=generator content="mkdocs-1.5.3, mkdocs-material-9.4.5"><title>Basic Authentication - Ingress-Nginx Controller</title><link rel=stylesheet href=../../../assets/stylesheets/main.6a10b989.min.css><link rel=stylesheet href=../../../assets/stylesheets/palette.356b1318.min.css><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback"><style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style><link rel=stylesheet href=../../../extra.css><script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script></head> <body dir=ltr data-md-color-scheme=default data-md-color-primary=teal data-md-color-accent=green> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#basic-authentication class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <header class="md-header md-header--shadow md-header--lifted" data-md-component=header> <nav class="md-header__inner md-grid" aria-label=Header> <a href=../../.. title="Ingress-Nginx Controller" class="md-header__button md-logo" aria-label="Ingress-Nginx Controller" data-md-component=logo> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg> </a> <label class="md-header__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg> </label> <div class=md-header__title data-md-component=header-title> <div class=md-header__ellipsis> <div class=md-header__topic> <span class=md-ellipsis> Ingress-Nginx Controller </span> </div> <div class=md-header__topic data-md-component=header-topic> <span class=md-ellipsis> Basic Authentication </span> </div> </div> </div> <label class="md-header__button md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg> </label> <div class=md-search data-md-component=search role=dialog> <label class=md-search__overlay for=__search></label> <div class=md-search__inner role=search> <form class=md-search__form name=search> <input type=text class=md-search__input name=query aria-label=Search placeholder=Search autocapitalize=off autocorrect=off autocomplete=off spellcheck=false data-md-component=search-query required> <label class="md-search__icon md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg> </label> <nav class=md-search__options aria-label=Search> <button type=reset class="md-search__icon md-icon" title=Clear aria-label=Clear tabindex=-1> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg> </button> </nav> </form> <div class=md-search__output> <div class=md-search__scrollwrap data-md-scrollfix> <div class=md-search-result data-md-component=search-result> <div class=md-search-result__meta> Initializing search </div> <ol class=md-search-result__list role=presentation></ol> </div> </div> </div> </div> </div> <div class=md-header__source> <a href=https://github.com/kubernetes/ingress-nginx title="Go to repository" class=md-source data-md-component=source> <div class="md-source__icon md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 448 512"><!-- Font Awesome Free 6.4.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg> </div> <div class=md-source__repository> kubernetes/ingress-nginx </div> </a> </div> </nav> <nav class=md-tabs aria-label=Tabs data-md-component=tabs> <div class=md-grid> <ul class=md-tabs__list> <li class=md-tabs__item> <a href=../../.. class=md-tabs__link> Welcome </a> </li> <li class=md-tabs__item> <a href=../../../deploy/ class=md-tabs__link> Deployment </a> </li> <li class=md-tabs__item> <a href=../../../user-guide/nginx-configuration/ class=md-tabs__link> User Guide </a> </li> <li class="md-tabs__item md-tabs__item--active"> <a href=../../ class=md-tabs__link> Examples </a> </li> <li class=md-tabs__item> <a href=../../../developer-guide/getting-started/ class=md-tabs__link> Developer Guide </a> </li> <li class=md-tabs__item> <a href=../../../faq/ class=md-tabs__link> FAQ </a> </li> </ul> </div> </nav> </header> <div class=md-container data-md-component=container> <main class=md-main data-md-component=main> <div class="md-main__inner md-grid"> <div class="md-sidebar md-sidebar--primary" data-md-component=sidebar data-md-type=navigation> <div class=md-sidebar__scrollwrap> <div class=md-sidebar__inner> <nav class="md-nav md-nav--primary md-nav--lifted" aria-label=Navigation data-md-level=0> <label class=md-nav__title for=__drawer> <a href=../../.. title="Ingress-Nginx Controller" class="md-nav__button md-logo" aria-label="Ingress-Nginx Controller" data-md-component=logo> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg> </a> Ingress-Nginx Controller </label> <div class=md-nav__source> <a href=https://github.com/kubernetes/ingress-nginx title="Go to repository" class=md-source data-md-component=source> <div class="md-source__icon md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 448 512"><!-- Font Awesome Free 6.4.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg> </div> <div class=md-source__repository> kubernetes/ingress-nginx </div> </a> </div> <ul class=md-nav__list data-md-scrollfix> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_1> <label class=md-nav__link for=__nav_1 id=__nav_1_label tabindex> <span class=md-ellipsis> Welcome </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_1_label aria-expanded=false> <label class=md-nav__title for=__nav_1> <span class="md-nav__icon md-icon"></span> Welcome </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../.. class=md-nav__link> <span class=md-ellipsis> Welcome </span> </a> </li> <li class=md-nav__item> <a href=../../../how-it-works/ class=md-nav__link> <span class=md-ellipsis> How it works </span> </a> </li> <li class=md-nav__item> <a href=../../../troubleshooting/ class=md-nav__link> <span class=md-ellipsis> Troubleshooting </span> </a> </li> <li class=md-nav__item> <a href=../../../kubectl-plugin/ class=md-nav__link> <span class=md-ellipsis> kubectl plugin </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_2> <label class=md-nav__link for=__nav_2 id=__nav_2_label tabindex> <span class=md-ellipsis> Deployment </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_2_label aria-expanded=false> <label class=md-nav__title for=__nav_2> <span class="md-nav__icon md-icon"></span> Deployment </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../../deploy/ class=md-nav__link> <span class=md-ellipsis> Installation Guide </span> </a> </li> <li class=md-nav__item> <a href=../../../deploy/baremetal/ class=md-nav__link> <span class=md-ellipsis> Bare-metal considerations </span> </a> </li> <li class=md-nav__item> <a href=../../../deploy/rbac/ class=md-nav__link> <span class=md-ellipsis> Role Based Access Control (RBAC) </span> </a> </li> <li class=md-nav__item> <a href=../../../deploy/upgrade/ class=md-nav__link> <span class=md-ellipsis> Upgrade </span> </a> </li> <li class=md-nav__item> <a href=../../../deploy/hardening-guide/ class=md-nav__link> <span class=md-ellipsis> Hardening guide </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_3> <label class=md-nav__link for=__nav_3 id=__nav_3_label tabindex> <span class=md-ellipsis> User Guide </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_3_label aria-expanded=false> <label class=md-nav__title for=__nav_3> <span class="md-nav__icon md-icon"></span> User Guide </label> <ul class=md-nav__list data-md-scrollfix> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_3_1> <label class=md-nav__link for=__nav_3_1 id=__nav_3_1_label tabindex> <span class=md-ellipsis> NGINX Configuration </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_3_1_label aria-expanded=false> <label class=md-nav__title for=__nav_3_1> <span class="md-nav__icon md-icon"></span> NGINX Configuration </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../../user-guide/nginx-configuration/ class=md-nav__link> <span class=md-ellipsis> Introduction </span> </a> </li> <li class=md-nav__item> <a href=../../../user-guide/basic-usage/ class=md-nav__link> <span class=md-ellipsis> Basic usage </span> </a> </li> <li class=md-nav__item> <a href=../../../user-guide/nginx-configuration/annotations/ class=md-nav__link> <span class=md-ellipsis> Annotations </span> </a> </li> <li class=md-nav__item> <a href=../../../user-guide/nginx-configuration/annotations-risk/ class=md-nav__link> <span class=md-ellipsis> Annotations Risks </span> </a> </li> <li class=md-nav__item> <a href=../../../user-guide/nginx-configuration/configmap/ class=md-nav__link> <span class=md-ellipsis> ConfigMap </span> </a> </li> <li class=md-nav__item> <a href=../../../user-guide/nginx-configuration/custom-template/ class=md-nav__link> <span class=md-ellipsis> Custom NGINX template </span> </a> </li> <li class=md-nav__item> <a href=../../../user-guide/nginx-configuration/log-format/ class=md-nav__link> <span class=md-ellipsis> Log format </span> </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../../../user-guide/cli-arguments/ class=md-nav__link> <span class=md-ellipsis> Command line arguments </span> </a> </li> <li class=md-nav__item> <a href=../../../user-guide/custom-errors/ class=md-nav__link> <span class=md-ellipsis> Custom errors </span> </a> </li> <li class=md-nav__item> <a href=../../../user-guide/default-backend/ class=md-nav__link> <span class=md-ellipsis> Default backend </span> </a> </li> <li class=md-nav__item> <a href=../../../user-guide/exposing-tcp-udp-services/ class=md-nav__link> <span class=md-ellipsis> Exposing TCP and UDP services </span> </a> </li> <li class=md-nav__item> <a href=../../../user-guide/fcgi-services/ class=md-nav__link> <span class=md-ellipsis> Exposing FCGI services </span> </a> </li> <li class=md-nav__item> <a href=../../../user-guide/ingress-path-matching/ class=md-nav__link> <span class=md-ellipsis> Regular expressions in paths </span> </a> </li> <li class=md-nav__item> <a href=../../../user-guide/external-articles/ class=md-nav__link> <span class=md-ellipsis> External Articles </span> </a> </li> <li class=md-nav__item> <a href=../../../user-guide/miscellaneous/ class=md-nav__link> <span class=md-ellipsis> Miscellaneous </span> </a> </li> <li class=md-nav__item> <a href=../../../user-guide/monitoring/ class=md-nav__link> <span class=md-ellipsis> Prometheus and Grafana installation </span> </a> </li> <li class=md-nav__item> <a href=../../../user-guide/multiple-ingress/ class=md-nav__link> <span class=md-ellipsis> Multiple Ingress controllers </span> </a> </li> <li class=md-nav__item> <a href=../../../user-guide/tls/ class=md-nav__link> <span class=md-ellipsis> TLS/HTTPS </span> </a> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_3_13> <label class=md-nav__link for=__nav_3_13 id=__nav_3_13_label tabindex> <span class=md-ellipsis> Third party addons </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_3_13_label aria-expanded=false> <label class=md-nav__title for=__nav_3_13> <span class="md-nav__icon md-icon"></span> Third party addons </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../../user-guide/third-party-addons/modsecurity/ class=md-nav__link> <span class=md-ellipsis> ModSecurity Web Application Firewall </span> </a> </li> <li class=md-nav__item> <a href=../../../user-guide/third-party-addons/opentelemetry/ class=md-nav__link> <span class=md-ellipsis> OpenTelemetry </span> </a> </li> </ul> </nav> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4 checked> <label class=md-nav__link for=__nav_4 id=__nav_4_label tabindex> <span class=md-ellipsis> Examples </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_4_label aria-expanded=true> <label class=md-nav__title for=__nav_4> <span class="md-nav__icon md-icon"></span> Examples </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../ class=md-nav__link> <span class=md-ellipsis> Introduction </span> </a> </li> <li class=md-nav__item> <a href=../../PREREQUISITES/ class=md-nav__link> <span class=md-ellipsis> Prerequisites </span> </a> </li> <li class=md-nav__item> <a href=../../affinity/cookie/ class=md-nav__link> <span class=md-ellipsis> Sticky Sessions </span> </a> </li> <li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_4 checked> <label class=md-nav__link for=__nav_4_4 id=__nav_4_4_label tabindex> <span class=md-ellipsis> Auth </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_4_label aria-expanded=true> <label class=md-nav__title for=__nav_4_4> <span class="md-nav__icon md-icon"></span> Auth </label> <ul class=md-nav__list data-md-scrollfix> <li class="md-nav__item md-nav__item--active"> <input class="md-nav__toggle md-toggle" type=checkbox id=__toc> <label class="md-nav__link md-nav__link--active" for=__toc> <span class=md-ellipsis> Basic Authentication </span> <span class="md-nav__icon md-icon"></span> </label> <a href=./ class="md-nav__link md-nav__link--active"> <span class=md-ellipsis> Basic Authentication </span> </a> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class=md-nav__title for=__toc> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class=md-nav__list data-md-component=toc data-md-scrollfix> <li class=md-nav__item> <a href=#create-htpasswd-file class=md-nav__link> Create htpasswd file </a> </li> <li class=md-nav__item> <a href=#convert-htpasswd-into-a-secret class=md-nav__link> Convert htpasswd into a secret </a> </li> <li class=md-nav__item> <a href=#examine-secret class=md-nav__link> Examine secret </a> </li> <li class=md-nav__item> <a href=#using-kubectl-create-an-ingress-tied-to-the-basic-auth-secret class=md-nav__link> Using kubectl, create an ingress tied to the basic-auth secret </a> </li> <li class=md-nav__item> <a href=#use-curl-to-confirm-authorization-is-required-by-the-ingress class=md-nav__link> Use curl to confirm authorization is required by the ingress </a> </li> <li class=md-nav__item> <a href=#use-curl-with-the-correct-credentials-to-connect-to-the-ingress class=md-nav__link> Use curl with the correct credentials to connect to the ingress </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../client-certs/ class=md-nav__link> <span class=md-ellipsis> Client Certificate Authentication </span> </a> </li> <li class=md-nav__item> <a href=../external-auth/ class=md-nav__link> <span class=md-ellipsis> External Basic Authentication </span> </a> </li> <li class=md-nav__item> <a href=../oauth-external-auth/ class=md-nav__link> <span class=md-ellipsis> External OAUTH Authentication </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_5> <label class=md-nav__link for=__nav_4_5 id=__nav_4_5_label tabindex> <span class=md-ellipsis> Customization </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_5_label aria-expanded=false> <label class=md-nav__title for=__nav_4_5> <span class="md-nav__icon md-icon"></span> Customization </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../customization/configuration-snippets/ class=md-nav__link> <span class=md-ellipsis> Configuration Snippets </span> </a> </li> <li class=md-nav__item> <a href=../../customization/custom-configuration/ class=md-nav__link> <span class=md-ellipsis> Custom Configuration </span> </a> </li> <li class=md-nav__item> <a href=../../customization/custom-errors/ class=md-nav__link> <span class=md-ellipsis> Custom Errors </span> </a> </li> <li class=md-nav__item> <a href=../../customization/custom-headers/ class=md-nav__link> <span class=md-ellipsis> Custom Headers </span> </a> </li> <li class=md-nav__item> <a href=../../customization/external-auth-headers/ class=md-nav__link> <span class=md-ellipsis> External authentication </span> </a> </li> <li class=md-nav__item> <a href=../../customization/ssl-dh-param/ class=md-nav__link> <span class=md-ellipsis> Custom DH parameters for perfect forward secrecy </span> </a> </li> <li class=md-nav__item> <a href=../../customization/sysctl/ class=md-nav__link> <span class=md-ellipsis> Sysctl tuning </span> </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../../docker-registry/ class=md-nav__link> <span class=md-ellipsis> Docker registry </span> </a> </li> <li class=md-nav__item> <a href=../../grpc/ class=md-nav__link> <span class=md-ellipsis> gRPC </span> </a> </li> <li class=md-nav__item> <a href=../../multi-tls/ class=md-nav__link> <span class=md-ellipsis> Multi TLS certificate termination </span> </a> </li> <li class=md-nav__item> <a href=../../rewrite/ class=md-nav__link> <span class=md-ellipsis> Rewrite </span> </a> </li> <li class=md-nav__item> <a href=../../static-ip/ class=md-nav__link> <span class=md-ellipsis> Static IPs </span> </a> </li> <li class=md-nav__item> <a href=../../tls-termination/ class=md-nav__link> <span class=md-ellipsis> TLS termination </span> </a> </li> <li class=md-nav__item> <a href=../../openpolicyagent/ class=md-nav__link> <span class=md-ellipsis> Open Policy Agent rules </span> </a> </li> <li class=md-nav__item> <a href=../../canary/ class=md-nav__link> <span class=md-ellipsis> Canary Deployments </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_5> <label class=md-nav__link for=__nav_5 id=__nav_5_label tabindex> <span class=md-ellipsis> Developer Guide </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_5_label aria-expanded=false> <label class=md-nav__title for=__nav_5> <span class="md-nav__icon md-icon"></span> Developer Guide </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../../developer-guide/getting-started/ class=md-nav__link> <span class=md-ellipsis> Getting Started </span> </a> </li> <li class=md-nav__item> <a href=../../../developer-guide/code-overview/ class=md-nav__link> <span class=md-ellipsis> Code Overview </span> </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../../../faq/ class=md-nav__link> <span class=md-ellipsis> FAQ </span> </a> </li> </ul> </nav> </div> </div> </div> <div class="md-sidebar md-sidebar--secondary" data-md-component=sidebar data-md-type=toc> <div class=md-sidebar__scrollwrap> <div class=md-sidebar__inner> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class=md-nav__title for=__toc> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class=md-nav__list data-md-component=toc data-md-scrollfix> <li class=md-nav__item> <a href=#create-htpasswd-file class=md-nav__link> Create htpasswd file </a> </li> <li class=md-nav__item> <a href=#convert-htpasswd-into-a-secret class=md-nav__link> Convert htpasswd into a secret </a> </li> <li class=md-nav__item> <a href=#examine-secret class=md-nav__link> Examine secret </a> </li> <li class=md-nav__item> <a href=#using-kubectl-create-an-ingress-tied-to-the-basic-auth-secret class=md-nav__link> Using kubectl, create an ingress tied to the basic-auth secret </a> </li> <li class=md-nav__item> <a href=#use-curl-to-confirm-authorization-is-required-by-the-ingress class=md-nav__link> Use curl to confirm authorization is required by the ingress </a> </li> <li class=md-nav__item> <a href=#use-curl-with-the-correct-credentials-to-connect-to-the-ingress class=md-nav__link> Use curl with the correct credentials to connect to the ingress </a> </li> </ul> </nav> </div> </div> </div> <div class=md-content data-md-component=content> <article class="md-content__inner md-typeset"> <h1 id=basic-authentication>Basic Authentication<a class=headerlink href=#basic-authentication title="Permanent link"> ¶</a></h1> <p>This example shows how to add authentication in a Ingress rule using a secret that contains a file generated with <code>htpasswd</code>. It's important the file generated is named <code>auth</code> (actually - that the secret has a key <code>data.auth</code>), otherwise the ingress-controller returns a 503.</p> <h2 id=create-htpasswd-file>Create htpasswd file<a class=headerlink href=#create-htpasswd-file title="Permanent link"> ¶</a></h2> <div class=highlight><pre><span></span><code><span class=gp>$ </span>htpasswd<span class=w> </span>-c<span class=w> </span>auth<span class=w> </span>foo
|
|
<span class=go>New password: <bar></span>
|
|
<span class=go>New password:</span>
|
|
<span class=go>Re-type new password:</span>
|
|
<span class=go>Adding password for user foo</span>
|
|
</code></pre></div> <h2 id=convert-htpasswd-into-a-secret>Convert htpasswd into a secret<a class=headerlink href=#convert-htpasswd-into-a-secret title="Permanent link"> ¶</a></h2> <div class=highlight><pre><span></span><code><span class=gp>$ </span>kubectl<span class=w> </span>create<span class=w> </span>secret<span class=w> </span>generic<span class=w> </span>basic-auth<span class=w> </span>--from-file<span class=o>=</span>auth
|
|
<span class=go>secret "basic-auth" created</span>
|
|
</code></pre></div> <h2 id=examine-secret>Examine secret<a class=headerlink href=#examine-secret title="Permanent link"> ¶</a></h2> <div class=highlight><pre><span></span><code><span class=gp>$ </span>kubectl<span class=w> </span>get<span class=w> </span>secret<span class=w> </span>basic-auth<span class=w> </span>-o<span class=w> </span>yaml
|
|
<span class=go>apiVersion: v1</span>
|
|
<span class=go>data:</span>
|
|
<span class=go> auth: Zm9vOiRhcHIxJE9GRzNYeWJwJGNrTDBGSERBa29YWUlsSDkuY3lzVDAK</span>
|
|
<span class=go>kind: Secret</span>
|
|
<span class=go>metadata:</span>
|
|
<span class=go> name: basic-auth</span>
|
|
<span class=go> namespace: default</span>
|
|
<span class=go>type: Opaque</span>
|
|
</code></pre></div> <h2 id=using-kubectl-create-an-ingress-tied-to-the-basic-auth-secret>Using kubectl, create an ingress tied to the basic-auth secret<a class=headerlink href=#using-kubectl-create-an-ingress-tied-to-the-basic-auth-secret title="Permanent link"> ¶</a></h2> <div class=highlight><pre><span></span><code><span class=gp>$ </span><span class=nb>echo</span><span class=w> </span><span class=s2>"</span>
|
|
<span class=go>apiVersion: networking.k8s.io/v1</span>
|
|
<span class=go>kind: Ingress</span>
|
|
<span class=go>metadata:</span>
|
|
<span class=go> name: ingress-with-auth</span>
|
|
<span class=go> annotations:</span>
|
|
<span class=gp> # </span><span class=nb>type</span><span class=w> </span>of<span class=w> </span>authentication
|
|
<span class=go> nginx.ingress.kubernetes.io/auth-type: basic</span>
|
|
<span class=gp> # </span>name<span class=w> </span>of<span class=w> </span>the<span class=w> </span>secret<span class=w> </span>that<span class=w> </span>contains<span class=w> </span>the<span class=w> </span>user/password<span class=w> </span>definitions
|
|
<span class=go> nginx.ingress.kubernetes.io/auth-secret: basic-auth</span>
|
|
<span class=gp> # </span>message<span class=w> </span>to<span class=w> </span>display<span class=w> </span>with<span class=w> </span>an<span class=w> </span>appropriate<span class=w> </span>context<span class=w> </span>why<span class=w> </span>the<span class=w> </span>authentication<span class=w> </span>is<span class=w> </span>required
|
|
<span class=go> nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'</span>
|
|
<span class=go>spec:</span>
|
|
<span class=go> ingressClassName: nginx</span>
|
|
<span class=go> rules:</span>
|
|
<span class=go> - host: foo.bar.com</span>
|
|
<span class=go> http:</span>
|
|
<span class=go> paths:</span>
|
|
<span class=go> - path: /</span>
|
|
<span class=go> pathType: Prefix</span>
|
|
<span class=go> backend:</span>
|
|
<span class=go> service: </span>
|
|
<span class=go> name: http-svc</span>
|
|
<span class=go> port: </span>
|
|
<span class=go> number: 80</span>
|
|
<span class=go>" | kubectl create -f -</span>
|
|
</code></pre></div> <h2 id=use-curl-to-confirm-authorization-is-required-by-the-ingress>Use curl to confirm authorization is required by the ingress<a class=headerlink href=#use-curl-to-confirm-authorization-is-required-by-the-ingress title="Permanent link"> ¶</a></h2> <div class=highlight><pre><span></span><code>$ curl -v http://10.2.29.4/ -H 'Host: foo.bar.com'
|
|
* Trying 10.2.29.4...
|
|
* Connected to 10.2.29.4 (10.2.29.4) port 80 (#0)
|
|
> GET / HTTP/1.1
|
|
> Host: foo.bar.com
|
|
> User-Agent: curl/7.43.0
|
|
> Accept: */*
|
|
>
|
|
< HTTP/1.1 401 Unauthorized
|
|
< Server: nginx/1.10.0
|
|
< Date: Wed, 11 May 2016 05:27:23 GMT
|
|
< Content-Type: text/html
|
|
< Content-Length: 195
|
|
< Connection: keep-alive
|
|
< WWW-Authenticate: Basic realm="Authentication Required - foo"
|
|
<
|
|
<html>
|
|
<head><title>401 Authorization Required</title></head>
|
|
<body bgcolor="white">
|
|
<center><h1>401 Authorization Required</h1></center>
|
|
<hr><center>nginx/1.10.0</center>
|
|
</body>
|
|
</html>
|
|
* Connection #0 to host 10.2.29.4 left intact
|
|
</code></pre></div> <h2 id=use-curl-with-the-correct-credentials-to-connect-to-the-ingress>Use curl with the correct credentials to connect to the ingress<a class=headerlink href=#use-curl-with-the-correct-credentials-to-connect-to-the-ingress title="Permanent link"> ¶</a></h2> <div class=highlight><pre><span></span><code>$ curl -v http://10.2.29.4/ -H 'Host: foo.bar.com' -u 'foo:bar'
|
|
* Trying 10.2.29.4...
|
|
* Connected to 10.2.29.4 (10.2.29.4) port 80 (#0)
|
|
* Server auth using Basic with user 'foo'
|
|
> GET / HTTP/1.1
|
|
> Host: foo.bar.com
|
|
> Authorization: Basic Zm9vOmJhcg==
|
|
> User-Agent: curl/7.43.0
|
|
> Accept: */*
|
|
>
|
|
< HTTP/1.1 200 OK
|
|
< Server: nginx/1.10.0
|
|
< Date: Wed, 11 May 2016 06:05:26 GMT
|
|
< Content-Type: text/plain
|
|
< Transfer-Encoding: chunked
|
|
< Connection: keep-alive
|
|
< Vary: Accept-Encoding
|
|
<
|
|
CLIENT VALUES:
|
|
client_address=10.2.29.4
|
|
command=GET
|
|
real path=/
|
|
query=nil
|
|
request_version=1.1
|
|
request_uri=http://foo.bar.com:8080/
|
|
|
|
SERVER VALUES:
|
|
server_version=nginx: 1.9.11 - lua: 10001
|
|
|
|
HEADERS RECEIVED:
|
|
accept=*/*
|
|
connection=close
|
|
host=foo.bar.com
|
|
user-agent=curl/7.43.0
|
|
x-request-id=e426c7829ef9f3b18d40730857c3eddb
|
|
x-forwarded-for=10.2.29.1
|
|
x-forwarded-host=foo.bar.com
|
|
x-forwarded-port=80
|
|
x-forwarded-proto=http
|
|
x-real-ip=10.2.29.1
|
|
x-scheme=http
|
|
BODY:
|
|
* Connection #0 to host 10.2.29.4 left intact
|
|
-no body in request-
|
|
</code></pre></div> </article> </div> </div> </main> <footer class=md-footer> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a> </div> </div> </div> </footer> </div> <div class=md-dialog data-md-component=dialog> <div class="md-dialog__inner md-typeset"></div> </div> <script id=__config type=application/json>{"base": "../../..", "features": ["navigation.tabs", "navigation.tabs.sticky", "navigation.instant", "navigation.sections"], "search": "../../../assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script> <script src=../../../assets/javascripts/bundle.aecac24b.min.js></script> </body> </html> |