From e1b76727966a1f9df0f6b58583b4e31f4e173dc6 Mon Sep 17 00:00:00 2001
From: niusmallnan <niusmallnan@gmail.com>
Date: Wed, 14 Apr 2021 20:30:05 +0800
Subject: [PATCH] Add basic-auth wati in ingress-nginx class

---
 deploy/kubectl/nginx-auth/.kepp            |  0
 deploy/kubectl/nginx-auth/README.md        | 21 ++++++++++++++++++
 deploy/kubectl/nginx-auth/ingress.yaml.tpl | 25 ++++++++++++++++++++++
 deploy/kubectl/nginx-auth/secret.yaml      | 13 +++++++++++
 4 files changed, 59 insertions(+)
 delete mode 100644 deploy/kubectl/nginx-auth/.kepp
 create mode 100644 deploy/kubectl/nginx-auth/README.md
 create mode 100644 deploy/kubectl/nginx-auth/ingress.yaml.tpl
 create mode 100644 deploy/kubectl/nginx-auth/secret.yaml

diff --git a/deploy/kubectl/nginx-auth/.kepp b/deploy/kubectl/nginx-auth/.kepp
deleted file mode 100644
index e69de29..0000000
diff --git a/deploy/kubectl/nginx-auth/README.md b/deploy/kubectl/nginx-auth/README.md
new file mode 100644
index 0000000..ba6856a
--- /dev/null
+++ b/deploy/kubectl/nginx-auth/README.md
@@ -0,0 +1,21 @@
+## Traefik Auth
+
+This can be used in the cluster which uses the nginx-ingress.
+
+We use `basic-auth` to control the access of kube-explorer. The auth token is stored in the secret.
+
+The default user is `niusmallnan`, and password is `dagedddd`. You can replace to another value with `htpasswd` tool.
+
+```
+htpasswd -nb username password | base64
+```
+
+To install this mode, just run this script:
+
+```
+kubectl apply -f ./secret.yaml
+export MY_XIP_IO=$(curl -sL ipinfo.io/ip)
+envsubst < ./ingress.yaml.tpl | kubectl apply -f -
+```
+
+For more infos: https://kubernetes.github.io/ingress-nginx/examples/auth/basic/
diff --git a/deploy/kubectl/nginx-auth/ingress.yaml.tpl b/deploy/kubectl/nginx-auth/ingress.yaml.tpl
new file mode 100644
index 0000000..dad178b
--- /dev/null
+++ b/deploy/kubectl/nginx-auth/ingress.yaml.tpl
@@ -0,0 +1,25 @@
+# Note: please replace the host first
+# To use xip.io: http://xip.io/
+# To get your public IP: curl ipinfo.io/ip
+
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: kube-explorer
+  namespace: kube-system
+  labels:
+    app: kube-explorer
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/auth-secret: kube-explorer
+    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - kube-explorer'
+spec:
+  rules:
+  - host: "${MY_XIP_IO}.xip.io"
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: kube-explorer
+          servicePort: 8989
diff --git a/deploy/kubectl/nginx-auth/secret.yaml b/deploy/kubectl/nginx-auth/secret.yaml
new file mode 100644
index 0000000..88577d8
--- /dev/null
+++ b/deploy/kubectl/nginx-auth/secret.yaml
@@ -0,0 +1,13 @@
+# To create an encoded user:password pair, the following command can be used:
+# htpasswd -nb user password | base64
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kube-explorer
+  namespace: kube-system
+  labels:
+    app: kube-explorer
+data:
+  auth: bml1c21hbGxuYW46JGFwcjEkbDdUZjJOdWskbmNXajYubHYvMGNkcXM0NFoyelVQLgoK
+type: Opaque