-
|
I want to host multi-juicer on a public domain, but I want to prevent team signups/accessing the balancer from the general public. I want to be able to provide my participants a password or basic auth to let them access the balancer & platform. I feel like I should be able to get https://kubernetes.github.io/ingress-nginx/examples/auth/basic/ working with the helm chart, but it doesn't seem to be working. I'm not prompted for auth. Here is my config: ingress:
enabled: true
ingressClassName: nginx
annotations:
# kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - ask for help in #<slack>'
hosts:
- host: mydomain.com
paths:
- "/"
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.localI am running this on DigitalOcean and have the following kind: Service
apiVersion: v1
metadata:
name: multi-juicer-loadbalancer
annotations:
# availible annotations to configure do loadbalancer: https://github.com/digitalocean/digitalocean-cloud-controller-manager/blob/master/docs/controllers/services/annotations.md
service.beta.kubernetes.io/do-loadbalancer-protocol: 'http2'
service.beta.kubernetes.io/do-loadbalancer-certificate-id: 'my-certificate-id'
service.beta.kubernetes.io/do-loadbalancer-hostname: 'mydomain.com'
service.beta.kubernetes.io/do-loadbalancer-redirect-http-to-https: 'true'
service.beta.kubernetes.io/do-loadbalancer-algorithm: 'round_robin'
service.beta.kubernetes.io/do-loadbalancer-healthcheck-protocol: 'http'
service.beta.kubernetes.io/do-loadbalancer-healthcheck-path: '/balancer/'
spec:
type: LoadBalancer
selector:
app.kubernetes.io/instance: juice-balancer-multi-juicer
app.kubernetes.io/name: juice-balancer
ports:
- name: http
protocol: TCP
port: 80
targetPort: 3000
- name: https
protocol: TCP
port: 443
targetPort: 3000🤔 What am I doing wrong? Or is this not currently possible with the helm chart, and I should file a ticket request? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
Hi @artis3n From a first glance the annotations on the ingress look correct. But... You should only be exposing MJ either via a loadbalancer or ingress not both things at the same time. If you are using a loadbalancer the ingress settings will have no effect. For ingress to work you'll also need to have a ingress controller installed. (See ingress begins installation docs) The ingress controller will use a load balancer of its own and will then direct the traffic to the correct service in the cluster. https://kubernetes.io/docs/concepts/services-networking/ingress/ Hope that helps 🙌 |
Beta Was this translation helpful? Give feedback.
-
|
Thanks, that's likely my issue! I'm benefiting from node autoscaling on the DO load balancer but I think I'll need to rip it out to add this auth component. Thanks for the quick reply! |
Beta Was this translation helpful? Give feedback.
-
|
When you deploy the ingress-nginx chart it will still create a DO loadbalancer for you, so auto-scaling is still possible 😊 |
Beta Was this translation helpful? Give feedback.
-
|
🤔 I should probably have known that 😄 thanks! |
Beta Was this translation helpful? Give feedback.
Hi @artis3n
From a first glance the annotations on the ingress look correct.
But...
You should only be exposing MJ either via a loadbalancer or ingress not both things at the same time.
If you are using a loadbalancer the ingress settings will have no effect. For ingress to work you'll also need to have a ingress controller installed. (See ingress begins installation docs) The ingress controller will use a load balancer of its own and will then direct the traffic to the correct service in the cluster.
https://kubernetes.io/docs/concepts/services-networking/ingress/
Hope that helps 🙌