refractor: coder
This commit is contained in:
@@ -1,52 +1,31 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: basic-auth-users-secret
|
||||
namespace: longhorn-system
|
||||
data:
|
||||
users: dXNlcjokYXByMSREdjgvWEFWayR1RmhjMlNyalloMGJuR09IYmNrV2oxCgo=
|
||||
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: ingress-auth
|
||||
namespace: longhorn-system
|
||||
spec:
|
||||
basicAuth:
|
||||
secret: basic-auth-users-secret
|
||||
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: strip-longhorn
|
||||
namespace: longhorn-system
|
||||
name: strip-coder
|
||||
namespace: default
|
||||
spec:
|
||||
stripPrefix:
|
||||
prefixes:
|
||||
- "/longhorn"
|
||||
- "/coder"
|
||||
forceSlash: true
|
||||
|
||||
---
|
||||
# Host(`test.traefik.local`) && PathPrefix(`/longhorn`)
|
||||
# Host(`test.traefik.local`) && PathPrefix(`/coder`)
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: longhorn-ingress
|
||||
namespace: longhorn-system
|
||||
name: coder-ingress
|
||||
namespace: default
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
routes:
|
||||
- match: PathPrefix(`/longhorn`)
|
||||
- match: PathPrefix(`/coder`)
|
||||
kind: Rule
|
||||
middlewares:
|
||||
- name: ingress-auth
|
||||
namespace: longhorn-system
|
||||
- name: strip-longhorn
|
||||
namespace: longhorn-system
|
||||
- name: strip-coder
|
||||
namespace: default
|
||||
services:
|
||||
- name: longhorn-frontend
|
||||
- name: code-server
|
||||
port: 80
|
||||
|
||||
@@ -1,40 +0,0 @@
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: basic-auth
|
||||
spec:
|
||||
basicAuth:
|
||||
secret: basic-auth
|
||||
|
||||
# ---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: longhorn-ingress
|
||||
namespace: longhorn-system
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.middlewares: longhorn-system-basic-auth@kubernetescrd
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web
|
||||
# type of authentication
|
||||
nginx.ingress.kubernetes.io/auth-type: basic
|
||||
# prevent the controller from redirecting (308) to HTTPS
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: 'false'
|
||||
# name of the secret that contains the user/password definitions
|
||||
nginx.ingress.kubernetes.io/auth-secret: basic-auth
|
||||
# message to display with an appropriate context why the authentication is required
|
||||
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required '
|
||||
# custom max body size for file uploading like backing image uploading
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: 10000m
|
||||
spec:
|
||||
rules:
|
||||
- http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: longhorn-frontend
|
||||
port:
|
||||
number: 80
|
||||
|
||||
@@ -0,0 +1,128 @@
|
||||
# longhorn ingress
|
||||
|
||||
## Description
|
||||
```bash
|
||||
# https://longhorn.io/docs/1.6.2/deploy/accessing-the-ui/longhorn-ingress/
|
||||
# USER=admin; PASSWORD=1234; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth
|
||||
# cat auth
|
||||
# admin:$apr1$9ucb20/W$4PupY6OD8EsPbxUSGLFdG.
|
||||
|
||||
htpasswd -nb user password | openssl base64 > auth
|
||||
# replace user and password with your own values in auth file to longhorn-ingress-route.yaml
|
||||
# dXNlcjokYXByMSR3MXhUNUh2cCRuOVR2alNVT1ZFUGlQajllQmRXQUQvCgo=
|
||||
|
||||
# kubectl -n longhorn-system create secret generic basic-auth-users-secret \
|
||||
# --from-file=users=auth -o yaml --dry-run=client | tee auth-secret.yaml
|
||||
|
||||
# kubectl delete secret basic-auth-users-secret \
|
||||
# --ignore-not-found -n longhorn-system
|
||||
|
||||
# kubectl apply -f auth-secret.yaml
|
||||
# $ kubectl -n longhorn-system create secret generic basic-auth-users-secret --from-file=users=auth
|
||||
# secret/basic-auth created
|
||||
# $ kubectl -n longhorn-system get secret basic-auth-users-secret -o yaml
|
||||
# apiVersion: v1
|
||||
# data:
|
||||
# auth: Zm9vOiRhcHIxJEZueUtDWUtiJDZJUDJDNDVmWnhNY29Md2tPd2Y3azAK
|
||||
# kind: Secret
|
||||
# metadata:
|
||||
# creationTimestamp: "2020-05-29T10:10:16Z"
|
||||
# name: basic-auth
|
||||
# namespace: longhorn-system
|
||||
# resourceVersion: "2168509"
|
||||
# selfLink: /api/v1/namespaces/longhorn-system/secrets/basic-auth
|
||||
# uid: 9f66233f-b12f-4204-9c9d-5bcaca794bb7
|
||||
# type: Opaque
|
||||
|
||||
# $ echo "
|
||||
# apiVersion: networking.k8s.io/v1
|
||||
# kind: Ingress
|
||||
# metadata:
|
||||
# name: longhorn-ingress
|
||||
# namespace: longhorn-system
|
||||
# annotations:
|
||||
# # type of authentication
|
||||
# nginx.ingress.kubernetes.io/auth-type: basic
|
||||
# # prevent the controller from redirecting (308) to HTTPS
|
||||
# nginx.ingress.kubernetes.io/ssl-redirect: 'false'
|
||||
# # name of the secret that contains the user/password definitions
|
||||
# nginx.ingress.kubernetes.io/auth-secret: basic-auth
|
||||
# # message to display with an appropriate context why the authentication is required
|
||||
# nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required '
|
||||
# spec:
|
||||
# rules:
|
||||
# - http:
|
||||
# paths:
|
||||
# - pathType: Prefix
|
||||
# path: "/"
|
||||
# backend:
|
||||
# service:
|
||||
# name: longhorn-frontend
|
||||
# port:
|
||||
# number: 80
|
||||
# " | kubectl -n longhorn-system create -f -
|
||||
# ingress.networking.k8s.io/longhorn-ingress created
|
||||
|
||||
kubectl -n longhorn-system apply -f longhorn-ingress-route.yaml
|
||||
|
||||
kubectl -n longhorn-system get ingressroutes
|
||||
# NAME HOSTS ADDRESS PORTS AGE
|
||||
# longhorn-ingress * 45.79.165.114,66.228.45.37,97.107.142.125 80 2m7s
|
||||
|
||||
$ curl -v http://97.107.142.125/
|
||||
* Trying 97.107.142.125...
|
||||
* TCP_NODELAY set
|
||||
* Connected to 97.107.142.125 (97.107.142.125) port 80 (#0)
|
||||
> GET / HTTP/1.1
|
||||
> Host: 97.107.142.125
|
||||
> User-Agent: curl/7.64.1
|
||||
> Accept: */*
|
||||
>
|
||||
< HTTP/1.1 401 Unauthorized
|
||||
< Server: openresty/1.15.8.1
|
||||
< Date: Fri, 29 May 2020 11:47:33 GMT
|
||||
< Content-Type: text/html
|
||||
< Content-Length: 185
|
||||
< Connection: keep-alive
|
||||
< WWW-Authenticate: Basic realm="Authentication Required"
|
||||
<
|
||||
<html>
|
||||
<head><title>401 Authorization Required</title></head>
|
||||
<body>
|
||||
<center><h1>401 Authorization Required</h1></center>
|
||||
<hr><center>openresty/1.15.8.1</center>
|
||||
</body>
|
||||
</html>
|
||||
* Connection #0 to host 97.107.142.125 left intact
|
||||
* Closing connection 0
|
||||
|
||||
$ curl -v http://97.107.142.125/ -u user:password
|
||||
* Trying 97.107.142.125...
|
||||
* TCP_NODELAY set
|
||||
* Connected to 97.107.142.125 (97.107.142.125) port 80 (#0)
|
||||
* Server auth using Basic with user 'foo'
|
||||
> GET / HTTP/1.1
|
||||
> Host: 97.107.142.125
|
||||
> Authorization: Basic Zm9vOmJhcg==
|
||||
> User-Agent: curl/7.64.1
|
||||
> Accept: */*
|
||||
>
|
||||
< HTTP/1.1 200 OK
|
||||
< Date: Fri, 29 May 2020 11:51:27 GMT
|
||||
< Content-Type: text/html
|
||||
< Content-Length: 1118
|
||||
< Last-Modified: Thu, 28 May 2020 00:39:41 GMT
|
||||
< ETag: "5ecf084d-3fd"
|
||||
< Cache-Control: max-age=0
|
||||
<
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
......
|
||||
http://192.168.50.231/longhorn/
|
||||
|
||||
kubectl -n longhorn-system delete -f longhorn-ingress-route.yaml
|
||||
|
||||
# Note: in a kubernetes secret the string (e.g. generated by htpasswd) must be base64-encoded first.
|
||||
# To create an encoded user:password pair, the following command can be used:
|
||||
# htpasswd -nb user password | openssl base64
|
||||
```
|
||||
Reference in New Issue
Block a user