# longhorn ingress ## Description ```bash # https://longhorn.io/docs/1.6.2/deploy/accessing-the-ui/longhorn-ingress/ # USER=admin; PASSWORD=1234; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth # cat auth # admin:$apr1$9ucb20/W$4PupY6OD8EsPbxUSGLFdG. htpasswd -nb user password | openssl base64 > auth # replace user and password with your own values in auth file to longhorn-ingress-route.yaml # dXNlcjokYXByMSR3MXhUNUh2cCRuOVR2alNVT1ZFUGlQajllQmRXQUQvCgo= # kubectl -n longhorn-system create secret generic basic-auth-users-secret \ # --from-file=users=auth -o yaml --dry-run=client | tee auth-secret.yaml # kubectl delete secret basic-auth-users-secret \ # --ignore-not-found -n longhorn-system # kubectl apply -f auth-secret.yaml # $ kubectl -n longhorn-system create secret generic basic-auth-users-secret --from-file=users=auth # secret/basic-auth created # $ kubectl -n longhorn-system get secret basic-auth-users-secret -o yaml # apiVersion: v1 # data: # auth: Zm9vOiRhcHIxJEZueUtDWUtiJDZJUDJDNDVmWnhNY29Md2tPd2Y3azAK # kind: Secret # metadata: # creationTimestamp: "2020-05-29T10:10:16Z" # name: basic-auth # namespace: longhorn-system # resourceVersion: "2168509" # selfLink: /api/v1/namespaces/longhorn-system/secrets/basic-auth # uid: 9f66233f-b12f-4204-9c9d-5bcaca794bb7 # type: Opaque # $ echo " # apiVersion: networking.k8s.io/v1 # kind: Ingress # metadata: # name: longhorn-ingress # namespace: longhorn-system # annotations: # # type of authentication # nginx.ingress.kubernetes.io/auth-type: basic # # prevent the controller from redirecting (308) to HTTPS # nginx.ingress.kubernetes.io/ssl-redirect: 'false' # # name of the secret that contains the user/password definitions # nginx.ingress.kubernetes.io/auth-secret: basic-auth # # message to display with an appropriate context why the authentication is required # nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required ' # spec: # rules: # - http: # paths: # - pathType: Prefix # path: "/" # backend: # service: # name: longhorn-frontend # port: # number: 80 # " | kubectl -n longhorn-system create -f - # ingress.networking.k8s.io/longhorn-ingress created kubectl -n longhorn-system apply -f longhorn-ingress-route.yaml kubectl -n longhorn-system get ingressroutes # NAME HOSTS ADDRESS PORTS AGE # longhorn-ingress * 45.79.165.114,66.228.45.37,97.107.142.125 80 2m7s $ curl -v http://97.107.142.125/ * Trying 97.107.142.125... * TCP_NODELAY set * Connected to 97.107.142.125 (97.107.142.125) port 80 (#0) > GET / HTTP/1.1 > Host: 97.107.142.125 > User-Agent: curl/7.64.1 > Accept: */* > < HTTP/1.1 401 Unauthorized < Server: openresty/1.15.8.1 < Date: Fri, 29 May 2020 11:47:33 GMT < Content-Type: text/html < Content-Length: 185 < Connection: keep-alive < WWW-Authenticate: Basic realm="Authentication Required" < 401 Authorization Required

401 Authorization Required

openresty/1.15.8.1 * Connection #0 to host 97.107.142.125 left intact * Closing connection 0 $ curl -v http://97.107.142.125/ -u user:password * Trying 97.107.142.125... * TCP_NODELAY set * Connected to 97.107.142.125 (97.107.142.125) port 80 (#0) * Server auth using Basic with user 'foo' > GET / HTTP/1.1 > Host: 97.107.142.125 > Authorization: Basic Zm9vOmJhcg== > User-Agent: curl/7.64.1 > Accept: */* > < HTTP/1.1 200 OK < Date: Fri, 29 May 2020 11:51:27 GMT < Content-Type: text/html < Content-Length: 1118 < Last-Modified: Thu, 28 May 2020 00:39:41 GMT < ETag: "5ecf084d-3fd" < Cache-Control: max-age=0 < ...... http://192.168.50.231/longhorn/ kubectl -n longhorn-system delete -f longhorn-ingress-route.yaml # Note: in a kubernetes secret the string (e.g. generated by htpasswd) must be base64-encoded first. # To create an encoded user:password pair, the following command can be used: # htpasswd -nb user password | openssl base64 ```