readme.md

Multiple hosts on a k8s ingress configration: Helm + Traefik + basic-auth + secret

1. htpasswd

htpasswd -nb username password

2. Copy it in basic-auth.secret.yaml at

3. Create a secret in your namespace

$ kubectl create -f basic-auth.secret.yaml

4. Add values from values.yaml to your values.yaml
5. ingress.yaml:13-16 is the condition needed to use the basic auth on staging only for Traefik
6. ingress.yaml:19-29 is the loop needed to parse hosts from values.yaml

basic-auth.secret.yaml

apiVersion: v1
data:
  auth: <SECRET>
kind: Secret
metadata:
  name: staging-basic-auth
type: Opaque

ingress.yaml

{{- if .Values.service.enabled -}}
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: {{ template "fullname" . }}
  labels:
    app: {{ template "appname" . }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version| replace "+" "_" }}"
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
  annotations:
    kubernetes.io/ingress.class: "traefik"
    {{- if  eq .Values.releaseOverride "staging" }}
    traefik.ingress.kubernetes.io/auth-type: basic
    traefik.ingress.kubernetes.io/auth-secret: staging-basic-auth
    {{- end }}
spec:
  rules:
  {{- with ( index .Values.hosts .Values.releaseOverride ) }}
    {{- range . }}
  - host: {{ template "hostname" .host }}
    http:
      paths:
      - path: /admin
        backend:
          serviceName: {{ template "fullname" $ }}
          servicePort: {{ $.Values.service.externalPort }}
    {{- end }}
  {{- end }}
{{- end -}}

values.yaml

hosts:
  staging:
      - host: app.staging.domain.tld
  production:
      - host: demo.domain.tld
      - host: team-a.domain.tld