From d421a749e9459d7682b8c51eb9b0381b27abee1a Mon Sep 17 00:00:00 2001 From: Teck Meng Date: Sun, 18 Aug 2024 13:19:16 +0800 Subject: [PATCH] refactor: Update Traefik ingress routes file paths --- cluster/longhorn_ingress/auth | 1 + .../longhorn-ingress-route.yaml | 52 +++++++ .../longhorn_ingress/longhorn-ingress.yaml | 40 ++++++ cluster/longhorn_ingress/readme.md | 128 ++++++++++++++++++ 4 files changed, 221 insertions(+) create mode 100644 cluster/longhorn_ingress/auth create mode 100644 cluster/longhorn_ingress/longhorn-ingress-route.yaml create mode 100644 cluster/longhorn_ingress/longhorn-ingress.yaml create mode 100644 cluster/longhorn_ingress/readme.md diff --git a/cluster/longhorn_ingress/auth b/cluster/longhorn_ingress/auth new file mode 100644 index 0000000..540ab91 --- /dev/null +++ b/cluster/longhorn_ingress/auth @@ -0,0 +1 @@ +dXNlcjokYXByMSRSbHFwc290bSRYZm91cWREQi9KNDhTeU0ySm1uTFIvCgo= diff --git a/cluster/longhorn_ingress/longhorn-ingress-route.yaml b/cluster/longhorn_ingress/longhorn-ingress-route.yaml new file mode 100644 index 0000000..2c6bdf9 --- /dev/null +++ b/cluster/longhorn_ingress/longhorn-ingress-route.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Secret +metadata: + name: basic-auth-users-secret + namespace: longhorn-system +data: + users: dXNlcjokYXByMSREdjgvWEFWayR1RmhjMlNyalloMGJuR09IYmNrV2oxCgo= + +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: ingress-auth + namespace: longhorn-system +spec: + basicAuth: + secret: basic-auth-users-secret + +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: strip-longhorn + namespace: longhorn-system +spec: + stripPrefix: + prefixes: + - "/longhorn" + forceSlash: true + +--- +# Host(`test.traefik.local`) && PathPrefix(`/longhorn`) +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: longhorn-ingress + namespace: longhorn-system +spec: + entryPoints: + - web + routes: + - match: PathPrefix(`/longhorn`) + kind: Rule + middlewares: + - name: ingress-auth + namespace: longhorn-system + - name: strip-longhorn + namespace: longhorn-system + services: + - name: longhorn-frontend + port: 80 diff --git a/cluster/longhorn_ingress/longhorn-ingress.yaml b/cluster/longhorn_ingress/longhorn-ingress.yaml new file mode 100644 index 0000000..210282d --- /dev/null +++ b/cluster/longhorn_ingress/longhorn-ingress.yaml @@ -0,0 +1,40 @@ +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: basic-auth +spec: + basicAuth: + secret: basic-auth + +# --- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: longhorn-ingress + namespace: longhorn-system + annotations: + traefik.ingress.kubernetes.io/router.middlewares: longhorn-system-basic-auth@kubernetescrd + traefik.ingress.kubernetes.io/router.entrypoints: web + # type of authentication + nginx.ingress.kubernetes.io/auth-type: basic + # prevent the controller from redirecting (308) to HTTPS + nginx.ingress.kubernetes.io/ssl-redirect: 'false' + # name of the secret that contains the user/password definitions + nginx.ingress.kubernetes.io/auth-secret: basic-auth + # message to display with an appropriate context why the authentication is required + nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required ' + # custom max body size for file uploading like backing image uploading + nginx.ingress.kubernetes.io/proxy-body-size: 10000m +spec: + rules: + - http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: longhorn-frontend + port: + number: 80 + diff --git a/cluster/longhorn_ingress/readme.md b/cluster/longhorn_ingress/readme.md new file mode 100644 index 0000000..004195f --- /dev/null +++ b/cluster/longhorn_ingress/readme.md @@ -0,0 +1,128 @@ +# longhorn ingress + +## Description +```bash +# https://longhorn.io/docs/1.6.2/deploy/accessing-the-ui/longhorn-ingress/ +# $ USER=admin; PASSWORD=1234; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth +# $ cat auth +# admin:$apr1$FnyKCYKb$6IP2C45fZxMcoLwkOwf7k0 + +htpasswd -nb user password | openssl base64 > auth +# replace user and password with your own values in auth file to longhorn-ingress-route.yaml +# dXNlcjokYXByMSR3MXhUNUh2cCRuOVR2alNVT1ZFUGlQajllQmRXQUQvCgo= + +# kubectl -n longhorn-system create secret generic basic-auth-users-secret \ +# --from-file=users=auth -o yaml --dry-run=client | tee auth-secret.yaml + +# kubectl delete secret basic-auth-users-secret \ +# --ignore-not-found -n longhorn-system + +# kubectl apply -f auth-secret.yaml +# $ kubectl -n longhorn-system create secret generic basic-auth-users-secret --from-file=users=auth +# secret/basic-auth created +# $ kubectl -n longhorn-system get secret basic-auth-users-secret -o yaml +# apiVersion: v1 +# data: +# auth: Zm9vOiRhcHIxJEZueUtDWUtiJDZJUDJDNDVmWnhNY29Md2tPd2Y3azAK +# kind: Secret +# metadata: +# creationTimestamp: "2020-05-29T10:10:16Z" +# name: basic-auth +# namespace: longhorn-system +# resourceVersion: "2168509" +# selfLink: /api/v1/namespaces/longhorn-system/secrets/basic-auth +# uid: 9f66233f-b12f-4204-9c9d-5bcaca794bb7 +# type: Opaque + +# $ echo " +# apiVersion: networking.k8s.io/v1 +# kind: Ingress +# metadata: +# name: longhorn-ingress +# namespace: longhorn-system +# annotations: +# # type of authentication +# nginx.ingress.kubernetes.io/auth-type: basic +# # prevent the controller from redirecting (308) to HTTPS +# nginx.ingress.kubernetes.io/ssl-redirect: 'false' +# # name of the secret that contains the user/password definitions +# nginx.ingress.kubernetes.io/auth-secret: basic-auth +# # message to display with an appropriate context why the authentication is required +# nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required ' +# spec: +# rules: +# - http: +# paths: +# - pathType: Prefix +# path: "/" +# backend: +# service: +# name: longhorn-frontend +# port: +# number: 80 +# " | kubectl -n longhorn-system create -f - +# ingress.networking.k8s.io/longhorn-ingress created + +kubectl -n longhorn-system apply -f longhorn-ingress-route.yaml + +$ kubectl -n longhorn-system get ingressroutes +NAME HOSTS ADDRESS PORTS AGE +longhorn-ingress * 45.79.165.114,66.228.45.37,97.107.142.125 80 2m7s + +$ curl -v http://97.107.142.125/ +* Trying 97.107.142.125... +* TCP_NODELAY set +* Connected to 97.107.142.125 (97.107.142.125) port 80 (#0) +> GET / HTTP/1.1 +> Host: 97.107.142.125 +> User-Agent: curl/7.64.1 +> Accept: */* +> +< HTTP/1.1 401 Unauthorized +< Server: openresty/1.15.8.1 +< Date: Fri, 29 May 2020 11:47:33 GMT +< Content-Type: text/html +< Content-Length: 185 +< Connection: keep-alive +< WWW-Authenticate: Basic realm="Authentication Required" +< + +401 Authorization Required + +

401 Authorization Required

+
openresty/1.15.8.1
+ + +* Connection #0 to host 97.107.142.125 left intact +* Closing connection 0 + +$ curl -v http://97.107.142.125/ -u user:password +* Trying 97.107.142.125... +* TCP_NODELAY set +* Connected to 97.107.142.125 (97.107.142.125) port 80 (#0) +* Server auth using Basic with user 'foo' +> GET / HTTP/1.1 +> Host: 97.107.142.125 +> Authorization: Basic Zm9vOmJhcg== +> User-Agent: curl/7.64.1 +> Accept: */* +> +< HTTP/1.1 200 OK +< Date: Fri, 29 May 2020 11:51:27 GMT +< Content-Type: text/html +< Content-Length: 1118 +< Last-Modified: Thu, 28 May 2020 00:39:41 GMT +< ETag: "5ecf084d-3fd" +< Cache-Control: max-age=0 +< + + +...... +http://192.168.50.231/longhorn/ + +kubectl -n longhorn-system delete -f longhorn-ingress-route.yaml + +# Note: in a kubernetes secret the string (e.g. generated by htpasswd) must be base64-encoded first. +# To create an encoded user:password pair, the following command can be used: +# htpasswd -nb user password | openssl base64 +``` \ No newline at end of file