devtron.ai Open in urlscan Pro
20.219.176.151  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Main links
 * Blog Home
 * GitHub
 * Contact Us
 * Search

--------------------------------------------------------------------------------


 * Blog Home
 * GitHub
 * Contact Us
 * Search

Setup Basic Authentication using Nginx Ingress

Star
3.6K



SETUP BASIC AUTHENTICATION USING NGINX INGRESS

TL;DR: The blog provides a brief tutorial on how to set up Basic Auth using
Nginx Ingress which can be used for adding a layer of security in any dashboard
that doesn't have native authentication mechanisms

8 months ago   •   5 min read

By Rupin Solanki


INTRODUCTION

Applying authentication is one of the basic steps for securing the hosted
application. For example, Jaeger and Kibana dashboards don’t provide
authentication as the default configuration. So we can set up the basic
authentication for such applications with the help of Nginx Ingress.

Let’s start with setting up the basic application in Kubernetes. There can be
two ways to achieve this, either we use CLI or use Kubernetes Dashboard like
Devtron. Let’s try to implement it both ways, starting with CLI.


BASIC AUTH USING CLI


STEP-1: DEPLOY A KIBANA IMAGE IN KUBERNETES FOR THE KIBANA DASHBOARD

Here’s a sample manifest for deploying the Kibana image. Execute the following
command to create a Service and Deployment named kibana.

cat <<EOF| kubectl create -f -
apiVersion: v1
kind: Service
metadata:
  name: kibana
  labels:
    app: kibana
spec:
  ports:
  - port: 5601
    name: web
  selector:    
    app: kibana
---
apiVersion: apps/v1
kind: Deployment
metadata:  
  name: kibana
  labels:
    app: kibana
spec:
  replicas: 1
  selector:
    matchLabels:
      app: kibana
  template:
    metadata:
      labels:
        app: kibana
    spec:
      containers:
      - name: Kibana-container
        image: docker.elastic.co/kibana/kibana:latest
        ports:
        - containerPort: 5601

Once the application is created, we can verify the pod and service using the
following command -
kubectl get all
It will list down all the Kubernetes resources created.


STEP-2: CREATE CREDENTIALS FOR BASIC AUTHENTICATION

Create credentials with the help of htpasswd. You can use any other tool or
manually provide the username and password in a file which would be further used
for creating a generic secret for auth.
Execute the following command to create a file with credentials. Here’s the
syntax of the command - htpasswd -c <file-name> <username>

htpasswd -c auth admin

Step-3:  Now using the file created, we need to create a secret that would be
used for authentication. Execute the following command to create a secret.

kubectl  create secret generic basic-auth --from-file=auth



STEP-4: CREATE AN INGRESS AND ADD THE BASIC AUTHENTICATION ANNOTATIONS IN THE
INGRESS FILE.

[Note: An Ingress Controller must be deployed in the respective cluster before
creating an ingress. For more detailed information on deploying an ingress
controller and ingress, please look at this blog.]

Here's the sample ingress that we will create with the hostname
kibana.devtron.info. Execute the following command to create an ingress with
specified annotations.

cat <<EOF | kubectl create -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    # type of authentication
    nginx.ingress.kubernetes.io/auth-type: basic
    # name of the secret that contains the user/password definitions
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    # message to display with an appropriate context why the authentication is required
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
  name: kibana-ingress
spec:  
  ingressClassName: nginx
  rules:
  - host: kibana.devtron.info
    http:
      paths:
      - backend:
          service:
            name: kibana
            port:
              name: web
        path: /
        pathType: Prefix


Congratulations, we have successfully setup the basic auth for the Kibana
dashboard using, which can be accessed at kibana.devtron.info.


BASIC AUTH USING DEVTRON

In the previous method, we used CLI for all our operations and deployed a kibana
dashboard deployment. In this approach, we will use Devtron and perform all the
operations from the intuitive user interface provided by Devtron for all
Kubernetes operations.


STEP 1: DEPLOY KIBANA DASHBOARD USING HELM DASHBOARD

Deploy the same Kibana dashboard using the devtron helm dashboard. Navigate to
Chart-store, search for devtron-generic-helm, and click on configure & deploy
and provide the entire YAML as shown below in the image. To learn how to deploy
any helm chart using the helm dashboard, look at this blog.

After giving the manifest click on Deploy chart button at the bottom right and
 it will take you to App Details the tab where you can check out all the details
of the deployed chart, k8s workloads deployed along with it, services,
manifests, logs of pods, etc as you can see in the image below.


STEP 2: CREATE CREDENTIALS

Now we will create credentials for basic authentication with the help of
htpasswd and that too using the Devtron dashboard. Recently Devtron has launched
a feature called Cluster Terminal Access wherein you can access your k8s cluster
and fire all your kubectl commands from the dashboard itself.

For this, we have to install the htpasswd utility. Follow the below steps to
install the htpasswd or any other tool.

2.1: Update the package with - apt update

2.2: Install the utility with the command - apt install apache2-utils

Now, Execute the following command:
htpasswd -c auth admin


It's important the file generated is named auth (actually - that the secret has
key data.auth), otherwise the ingress-controller returns a 503.
Now let’s create a generic secret from the auth file that contains the
credentials.
kubectl  create secret generic basic-auth —from-file=auth



STEP-3: CREATE INGRESS WITH AUTHENTICATION

Create an ingress and add basic authentication annotations in ingress YAML.

We have already deployed the ingress controller with a class name nginx so let’s
provide these annotations and click on Deploy Chart. Here as well we are using
the same devtron-generic-helm chart for our custom ingress.yaml that we used in
the first approach.

nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'


Once you deploy the ingress object is healthy, we are ready to access the
dashboard and we are done with authentication.


STEP-4: MAP INGRESS HOST TO PUBLIC IP

Now we map the ingress host kibana.devtron.info with the public IP address of
the Nginx ingress controller in your DNS management. Now if you try to access
the host, it will ask for a username and password as you can see in the below
image

Congratulations! We are done with the basic auth setup for our Kibana dashboard.
Similarly, you can set up basic auth for almost any dashboard that doesn’t come
in with a default authentication mechanism.

If you liked the blog, feel free to share your views and do join the Devtron
discord community to get the latest updates on Devtron.

 * Tags:
 * kubernetes


SPREAD THE WORD

 * Share
 * Tweet
 * Share

public

Next article


KUBERNETES V1.27: HERE’S WHAT YOU SHOULD KNOW ABOUT!

public

Previous article


PANEL DISCUSSION - CI/CD OPS FOR MULTI-CLOUD LEVERAGING K8S


Community
 * Home
 * Blog Home
 * GitHub
 * Contact Us
 * Search

Social links
 * Linkedin
 * Facebook
 * Twitter

Terms Privacy
© 2022 Devtron Inc. All rights reserved