Securing an ingress with basic auth

This article describes how to use basic auth to protect an ingress in Kuberentes. It it based on this page.

To protect an ingress using basic auth, a secret must be created. The data of this secret can be generated using htpasswd:

htpasswd -c auth myUsername

Where myUsername is to be replaced by whatever you want. This creates a filed called auth in the working directory

Kubectl provides a convenient command to automatically turn the content of the auth file into a secret:

kubectl create secret generic my-app-secret --from-file=auth

Then, the ingress can be adapted as so

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-app
  annotations:
    # type of authentication
    nginx.ingress.kubernetes.io/auth-type: basic
    # name of the secret that contains the user/password definitions
    nginx.ingress.kubernetes.io/auth-secret: my-app-secret 
    # message to display with an appropriate context why the authentication is required
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
spec:
  rules:
  - host: myapp.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: my-app
          servicePort: 80