How Do I Add Basic Authentication to Services With Traefik Middleware?
Introduction
This guide provides a step-by-step approach to adding basic authentication to your services using Traefik Middleware within a Kubernetes environment. Traefik is a well-regarded reverse proxy and load balancer that simplifies the deployment of microservices. By configuring Traefik Middleware, you can enforce basic authentication, thereby securing access to your services.
Key Points:
- Define a Traefik IngressRoute for routing traffic.
- Create a Traefik Middleware resource to handle basic authentication.
- Secure services using the created Middleware.
Step-by-Step Process
Define the Namespace
- Create a Kubernetes namespace to organize your resources.
Create Traefik Middleware for Basic Authentication
- Define a Traefik Middleware resource specifying basic authentication credentials.
Deploy a Sample Service
- Deploy a sample application that you want to protect using basic authentication.
Define a Service for the Deployment
- Create a Kubernetes Service to expose your deployed application.
Configure an IngressRoute
- Define an IngressRoute that uses the previously created Middleware to enforce basic authentication.
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
// Define the namespace
const namespace = new k8s.core.v1.Namespace("auth-example", {
metadata: { name: "auth-example" }
});
// Define the Traefik Middleware for basic authentication
const authMiddleware = new k8s.apiextensions.CustomResource("authMiddleware", {
apiVersion: "traefik.containo.us/v1alpha1",
kind: "Middleware",
metadata: {
name: "auth-middleware",
namespace: namespace.metadata.name,
},
spec: {
basicAuth: {
users: [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" // Example user:password
],
},
},
});
// Define a sample service to protect
const appLabels = { app: "my-app" };
const deployment = new k8s.apps.v1.Deployment("my-app-deployment", {
metadata: { namespace: namespace.metadata.name },
spec: {
selector: { matchLabels: appLabels },
replicas: 1,
template: {
metadata: { labels: appLabels },
spec: {
containers: [{
name: "my-app",
image: "nginx",
ports: [{ containerPort: 80 }],
}],
},
},
},
});
// Define a Service for the deployment
const service = new k8s.core.v1.Service("my-app-service", {
metadata: { namespace: namespace.metadata.name },
spec: {
selector: appLabels,
ports: [{ port: 80, targetPort: 80 }],
},
});
// Define an IngressRoute to use the Middleware
const ingressRoute = new k8s.apiextensions.CustomResource("ingressRoute", {
apiVersion: "traefik.containo.us/v1alpha1",
kind: "IngressRoute",
metadata: {
name: "my-app-ingressroute",
namespace: namespace.metadata.name,
},
spec: {
entryPoints: ["web"],
routes: [{
match: "Host(`my-app.example.com`)",
kind: "Rule",
services: [{
name: service.metadata.name,
port: 80,
}],
middlewares: [{
name: authMiddleware.metadata.name,
namespace: namespace.metadata.name,
}],
}],
},
});
Summary
In this guide, we successfully configured basic authentication for a service in a Kubernetes environment using Traefik Middleware. We created a Kubernetes namespace and deployed a sample application. We then defined a Middleware resource for handling basic authentication and applied it to an IngressRoute. This configuration ensures that all requests to the service require authentication, thereby enhancing the security of your application.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.