diff --git a/deploy/kubectl/traefik-auth/README.md b/deploy/kubectl/traefik-v1-auth/README.md
similarity index 100%
rename from deploy/kubectl/traefik-auth/README.md
rename to deploy/kubectl/traefik-v1-auth/README.md
diff --git a/deploy/kubectl/traefik-auth/ingress.yaml.tpl b/deploy/kubectl/traefik-v1-auth/ingress.yaml.tpl
similarity index 100%
rename from deploy/kubectl/traefik-auth/ingress.yaml.tpl
rename to deploy/kubectl/traefik-v1-auth/ingress.yaml.tpl
diff --git a/deploy/kubectl/traefik-auth/secret.yaml b/deploy/kubectl/traefik-v1-auth/secret.yaml
similarity index 100%
rename from deploy/kubectl/traefik-auth/secret.yaml
rename to deploy/kubectl/traefik-v1-auth/secret.yaml
diff --git a/deploy/kubectl/traefik-v2-auth/README.md b/deploy/kubectl/traefik-v2-auth/README.md
new file mode 100644
index 0000000..017446e
--- /dev/null
+++ b/deploy/kubectl/traefik-v2-auth/README.md
@@ -0,0 +1,21 @@
+## Traefik Auth
+
+This can be used in K3s, as K3s use traefik as the default ingress class.
+
+We use `basic-auth` to control the access of kube-explorer. The auth token is stored in the secret.
+
+The default user is `niusmallnan`, and password is `dagedddd`. You can replace to another value with `htpasswd` tool.
+
+```
+htpasswd -nb username password | base64
+```
+
+To install this mode, just run this script:
+
+```
+kubectl create -f ./middleware.yaml
+export MY_IP=$(curl -sL ipinfo.io/ip)
+envsubst < ./ingress.yaml.tpl | kubectl create -f -
+```
+
+For more infos: https://doc.traefik.io/traefik/middlewares/http/basicauth/
diff --git a/deploy/kubectl/traefik-v2-auth/ingress.yaml.tpl b/deploy/kubectl/traefik-v2-auth/ingress.yaml.tpl
new file mode 100644
index 0000000..107ea80
--- /dev/null
+++ b/deploy/kubectl/traefik-v2-auth/ingress.yaml.tpl
@@ -0,0 +1,25 @@
+# Note: please replace the host first
+# To use sslip.io.io: https://sslip.io.io/
+# To get your public IP: curl ipinfo.io/ip
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kube-explorer
+  namespace: kube-system
+  labels:
+    app: kube-explorer
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-kube-explorer@kubernetescrd
+spec:
+  rules:
+  - host: "${MY_IP}.sslip.io"
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: kube-explorer
+            port:
+              number: 8989
diff --git a/deploy/kubectl/traefik-v2-auth/middleware.yaml b/deploy/kubectl/traefik-v2-auth/middleware.yaml
new file mode 100644
index 0000000..bf647d3
--- /dev/null
+++ b/deploy/kubectl/traefik-v2-auth/middleware.yaml
@@ -0,0 +1,28 @@
+# The definitions below require the definitions for the Middleware and IngressRoute kinds.
+# https://doc.traefik.io/traefik/reference/dynamic-configuration/kubernetes-crd/#definitions
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: kube-explorer
+  namespace: kube-system
+  labels:
+    app: kube-explorer
+spec:
+  basicAuth:
+    secret: kube-explorer
+    removeHeader: true
+
+---
+# To create an encoded user:password pair, the following command can be used:
+# htpasswd -nb user password | base64
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kube-explorer
+  namespace: kube-system
+  labels:
+    app: kube-explorer
+data:
+  auth: bml1c21hbGxuYW46JGFwcjEkbDdUZjJOdWskbmNXajYubHYvMGNkcXM0NFoyelVQLgoK
+type: Opaque