longhorn ingress
Description
# https://longhorn.io/docs/1.6.2/deploy/accessing-the-ui/longhorn-ingress/
# USER=admin; PASSWORD=1234; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth
# cat auth
# admin:$apr1$9ucb20/W$4PupY6OD8EsPbxUSGLFdG.
htpasswd -nb user password | openssl base64 > auth
# replace user and password with your own values in auth file to longhorn-ingress-route.yaml
# dXNlcjokYXByMSR3MXhUNUh2cCRuOVR2alNVT1ZFUGlQajllQmRXQUQvCgo=
# kubectl -n longhorn-system create secret generic basic-auth-users-secret \
# --from-file=users=auth -o yaml --dry-run=client | tee auth-secret.yaml
# kubectl delete secret basic-auth-users-secret \
# --ignore-not-found -n longhorn-system
# kubectl apply -f auth-secret.yaml
# $ kubectl -n longhorn-system create secret generic basic-auth-users-secret --from-file=users=auth
# secret/basic-auth created
# $ kubectl -n longhorn-system get secret basic-auth-users-secret -o yaml
# apiVersion: v1
# data:
# auth: Zm9vOiRhcHIxJEZueUtDWUtiJDZJUDJDNDVmWnhNY29Md2tPd2Y3azAK
# kind: Secret
# metadata:
# creationTimestamp: "2020-05-29T10:10:16Z"
# name: basic-auth
# namespace: longhorn-system
# resourceVersion: "2168509"
# selfLink: /api/v1/namespaces/longhorn-system/secrets/basic-auth
# uid: 9f66233f-b12f-4204-9c9d-5bcaca794bb7
# type: Opaque
# $ echo "
# apiVersion: networking.k8s.io/v1
# kind: Ingress
# metadata:
# name: longhorn-ingress
# namespace: longhorn-system
# annotations:
# # type of authentication
# nginx.ingress.kubernetes.io/auth-type: basic
# # prevent the controller from redirecting (308) to HTTPS
# nginx.ingress.kubernetes.io/ssl-redirect: 'false'
# # name of the secret that contains the user/password definitions
# nginx.ingress.kubernetes.io/auth-secret: basic-auth
# # message to display with an appropriate context why the authentication is required
# nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required '
# spec:
# rules:
# - http:
# paths:
# - pathType: Prefix
# path: "/"
# backend:
# service:
# name: longhorn-frontend
# port:
# number: 80
# " | kubectl -n longhorn-system create -f -
# ingress.networking.k8s.io/longhorn-ingress created
kubectl apply -f coder-ingress-route.yaml
kubectl get ingressroutes
# NAME HOSTS ADDRESS PORTS AGE
# longhorn-ingress * 45.79.165.114,66.228.45.37,97.107.142.125 80 2m7s
$ curl -v http://97.107.142.125/
* Trying 97.107.142.125...
* TCP_NODELAY set
* Connected to 97.107.142.125 (97.107.142.125) port 80 (#0)
> GET / HTTP/1.1
> Host: 97.107.142.125
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Server: openresty/1.15.8.1
< Date: Fri, 29 May 2020 11:47:33 GMT
< Content-Type: text/html
< Content-Length: 185
< Connection: keep-alive
< WWW-Authenticate: Basic realm="Authentication Required"
<
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>openresty/1.15.8.1</center>
</body>
</html>
* Connection #0 to host 97.107.142.125 left intact
* Closing connection 0
$ curl -v http://97.107.142.125/ -u user:password
* Trying 97.107.142.125...
* TCP_NODELAY set
* Connected to 97.107.142.125 (97.107.142.125) port 80 (#0)
* Server auth using Basic with user 'foo'
> GET / HTTP/1.1
> Host: 97.107.142.125
> Authorization: Basic Zm9vOmJhcg==
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Fri, 29 May 2020 11:51:27 GMT
< Content-Type: text/html
< Content-Length: 1118
< Last-Modified: Thu, 28 May 2020 00:39:41 GMT
< ETag: "5ecf084d-3fd"
< Cache-Control: max-age=0
<
<!DOCTYPE html>
<html lang="en">
......
http://192.168.50.231/longhorn/
kubectl -n longhorn-system delete -f longhorn-ingress-route.yaml
# Note: in a kubernetes secret the string (e.g. generated by htpasswd) must be base64-encoded first.
# To create an encoded user:password pair, the following command can be used:
# htpasswd -nb user password | openssl base64