How do I add BasicAuth to services via Traefik middleware?
In this guide, we will demonstrate how to secure services using Traefik middleware with BasicAuth in Pulumi. Traefik is a popular reverse proxy and load balancer that makes deploying microservices easy. BasicAuth is a simple authentication mechanism that requires a username and password to access services.
We will create a Kubernetes deployment for Traefik, configure a middleware for BasicAuth, and apply it to a service.
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
// Create a Kubernetes namespace
const namespace = new k8s.core.v1.Namespace("traefik-namespace", {
metadata: { name: "traefik" },
});
// Deploy Traefik
const traefikDeployment = new k8s.apps.v1.Deployment("traefik-deployment", {
metadata: {
namespace: namespace.metadata.name,
name: "traefik",
},
spec: {
replicas: 1,
selector: { matchLabels: { app: "traefik" } },
template: {
metadata: { labels: { app: "traefik" } },
spec: {
containers: [{
name: "traefik",
image: "traefik:v2.4",
ports: [
{ name: "http", containerPort: 80 },
{ name: "admin", containerPort: 8080 },
],
args: [
"--api.insecure=true",
"--providers.kubernetescrd",
"--entrypoints.web.address=:80",
"--entrypoints.websecure.address=:443",
],
}],
},
},
},
});
// Create a Traefik service
const traefikService = new k8s.core.v1.Service("traefik-service", {
metadata: {
namespace: namespace.metadata.name,
name: "traefik",
},
spec: {
selector: { app: "traefik" },
ports: [
{ name: "http", port: 80, targetPort: "http" },
{ name: "admin", port: 8080, targetPort: "admin" },
],
type: "LoadBalancer",
},
});
// Create a middleware for BasicAuth
const basicAuthMiddleware = new k8s.apiextensions.CustomResource("basicauth-middleware", {
apiVersion: "traefik.containo.us/v1alpha1",
kind: "Middleware",
metadata: {
namespace: namespace.metadata.name,
name: "basicauth",
},
spec: {
basicAuth: {
users: [
"user:$(htpasswd -nb user password | base64)"
],
},
},
});
// Create a sample service to protect with BasicAuth
const appLabels = { app: "myapp" };
const deployment = new k8s.apps.v1.Deployment("myapp-deployment", {
metadata: { namespace: namespace.metadata.name },
spec: {
replicas: 1,
selector: { matchLabels: appLabels },
template: {
metadata: { labels: appLabels },
spec: {
containers: [{
name: "myapp",
image: "nginx",
ports: [{ containerPort: 80 }],
}],
},
},
},
});
const service = new k8s.core.v1.Service("myapp-service", {
metadata: { namespace: namespace.metadata.name },
spec: {
selector: appLabels,
ports: [{ port: 80 }],
},
});
// Create an IngressRoute to use the middleware
const ingressRoute = new k8s.apiextensions.CustomResource("myapp-ingressroute", {
apiVersion: "traefik.containo.us/v1alpha1",
kind: "IngressRoute",
metadata: {
namespace: namespace.metadata.name,
name: "myapp-ingressroute",
},
spec: {
entryPoints: ["web"],
routes: [{
match: "Host(`myapp.local`)",
kind: "Rule",
services: [{ name: service.metadata.name, port: 80 }],
middlewares: [{ name: basicAuthMiddleware.metadata.name }],
}],
},
});
Key Points:
- We created a Kubernetes namespace for Traefik.
- Deployed Traefik as a Kubernetes deployment and exposed it via a service.
- Configured a Traefik middleware for BasicAuth.
- Created a sample application and protected it using the BasicAuth middleware.
- Configured an IngressRoute to apply the middleware to the sample application service.
Summary:
In this guide, we demonstrated how to secure services using Traefik middleware with BasicAuth in Pulumi. We deployed Traefik, configured a BasicAuth middleware, and applied it to a sample service using an IngressRoute. This setup ensures that the service is protected and requires authentication for access.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.