[CI SKIP] Add basic-auth manifests for traefik v2

2025-04-28 03:10:32 +00:00 · 2023-04-10 17:09:23 +08:00 · 2023-04-10 17:09:23 +08:00 · ea49f9d3b4
commit ea49f9d3b4
parent b0b81ba87d
6 changed files with 74 additions and 0 deletions
--- a/deploy/kubectl/traefik-v1-auth/README.md
+++ b/deploy/kubectl/traefik-v1-auth/README.md
--- a/deploy/kubectl/traefik-v1-auth/ingress.yaml.tpl
+++ b/deploy/kubectl/traefik-v1-auth/ingress.yaml.tpl
--- a/deploy/kubectl/traefik-v1-auth/secret.yaml
+++ b/deploy/kubectl/traefik-v1-auth/secret.yaml
--- a/deploy/kubectl/traefik-v2-auth/README.md
+++ b/deploy/kubectl/traefik-v2-auth/README.md
@ -0,0 +1,21 @@
+## Traefik Auth
+
+This can be used in K3s, as K3s use traefik as the default ingress class.
+
+We use `basic-auth` to control the access of kube-explorer. The auth token is stored in the secret.
+
+The default user is `niusmallnan`, and password is `dagedddd`. You can replace to another value with `htpasswd` tool.
+
+```
+htpasswd -nb username password | base64
+```
+
+To install this mode, just run this script:
+
+```
+kubectl create -f ./middleware.yaml
+export MY_IP=$(curl -sL ipinfo.io/ip)
+envsubst < ./ingress.yaml.tpl | kubectl create -f -
+```
+
+For more infos: https://doc.traefik.io/traefik/middlewares/http/basicauth/
--- a/deploy/kubectl/traefik-v2-auth/ingress.yaml.tpl
+++ b/deploy/kubectl/traefik-v2-auth/ingress.yaml.tpl
@ -0,0 +1,25 @@
+# Note: please replace the host first
+# To use sslip.io.io: https://sslip.io.io/
+# To get your public IP: curl ipinfo.io/ip
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kube-explorer
+  namespace: kube-system
+  labels:
+    app: kube-explorer
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-kube-explorer@kubernetescrd
+spec:
+  rules:
+  - host: "${MY_IP}.sslip.io"
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: kube-explorer
+            port:
+              number: 8989
--- a/deploy/kubectl/traefik-v2-auth/middleware.yaml
+++ b/deploy/kubectl/traefik-v2-auth/middleware.yaml
@ -0,0 +1,28 @@
+# The definitions below require the definitions for the Middleware and IngressRoute kinds.
+# https://doc.traefik.io/traefik/reference/dynamic-configuration/kubernetes-crd/#definitions
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: kube-explorer
+  namespace: kube-system
+  labels:
+    app: kube-explorer
+spec:
+  basicAuth:
+    secret: kube-explorer
+    removeHeader: true
+
+---
+# To create an encoded user:password pair, the following command can be used:
+# htpasswd -nb user password | base64
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kube-explorer
+  namespace: kube-system
+  labels:
+    app: kube-explorer
+data:
+  auth: bml1c21hbGxuYW46JGFwcjEkbDdUZjJOdWskbmNXajYubHYvMGNkcXM0NFoyelVQLgoK
+type: Opaque