Skip to main content
Version: 13.x (Current)

Traefik Handbook

This Handbook helps you with some useful tips on how to configure Traefik in order to enable features on your Console projects.

note

You will find this Handbook useful only if your infrastructure includes Traefik as Ingress, that is for example the case of Console offered as PaaS.

Add Basic Authorization

caution

This feature must not be used in production environments.

The basic auth must be always replaced with safer authentication methods also in other environments.

To add basic authentication on some host there are few steps to follow:

Create the Middleware

First of all you need to create a new Middleware. This is a yaml configuration.

Based on the Console configuration there are two options where to put the new file:

  1. configuration/{{ENV}}/
  2. overlays/{{ENV}}/ in case of Kustomize Configuration

The file can be named as desired, in this example we will refer it as default.basicauth.yml

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: default-basicauth
labels:
app.kubernetes.io/instance: "ingress-controller"
spec:
basicAuth:
secret: authsecret

Create a new secret

Create a new secret with the basic auth credentials. The Traefik documentation suggest to use the htpasswd command to evaluate the secret.

Example with username and password:

echo $(htpasswd -nb username password)

The output of the above command is the value of the secret to create.

The secret needs to be created in the Environments Variable section. In this hands-on we will refer to the secret as BASIC_AUTH_USERS.

Generate the secret with mlp

We also need to edit the mlp configuration to interpolate the secret created in the previous section.

In the mlp.yml file add this configuration:

  - name: "authsecret"
when: "always"
data:
- key: "users"
value: "{{BASIC_AUTH_USERS}}"
from: literal

Add the Middleware to the Ingress

The last step is to introduce the Middleware in the IngressRoute configuration. The config can be found inside:

  • configuration/{{env}}/default.ingressroute.yml, or
  • overlays/{{ENV}}/default.ingressroute.yml

Add the middleware default-basicauth in the host where you want to setup the basic auth. Example:

routes:
- match: Host(`my-hostname.eu`)
middlewares:
...
- name: "default-basicauth"

With this step you finished the setup of the basic authorization.