From 860fb1d80ea8445421069bef2ee609e00afe3b76 Mon Sep 17 00:00:00 2001
From: Taqi Tahmid <mdtaqitahmid@gmail.com>
Date: Sat, 22 Feb 2025 19:14:54 +0200
Subject: [PATCH] added information regarding basic authentication

added information regarding how to configure http basic
authentication using traefik ingress controller for services
that do not provide any authentication mechanism
---
 Kubernetes_deployments/README.md              | 30 +++++++++++++++++++
 .../traefik-middleware/auth.yaml              |  7 +++++
 .../traefik-middleware/auth_secret.yaml       |  7 +++++
 3 files changed, 44 insertions(+)
 create mode 100644 Kubernetes_deployments/traefik-middleware/auth.yaml
 create mode 100644 Kubernetes_deployments/traefik-middleware/auth_secret.yaml

diff --git a/Kubernetes_deployments/README.md b/Kubernetes_deployments/README.md
index 538a959..3787e5f 100644
--- a/Kubernetes_deployments/README.md
+++ b/Kubernetes_deployments/README.md
@@ -418,3 +418,33 @@ substituted from the .env file.
 source .env
 envsubst < postgres/pgadmin.yaml | kubectl apply -n postgres -f -
 ```
+
+## Authentication Middleware Configuration for Traefik Ingress Controller
+
+The Traefik Ingress Controller provides robust authentication capabilities
+through middleware implementation. This functionality enables HTTP Basic
+Authentication for services that do not include native user authentication
+mechanisms.
+
+To implement authentication, a Traefik middleware must be configured within
+the target namespace. The process requires creating a secret file containing
+authentication credentials (username and password). These credentials must
+be base64 encoded before being integrated into the secret manifest file.
+
+Execute the following commands to configure the authentication:
+
+```bash
+htpasswd -c traefik_auth username
+
+echo traefik_auth | base64
+
+source .env
+envsubst < traefik-middleware/auth_secret.yaml | kubectl apply -n my-portfolio -f -
+kubernetes apply -f traefik-middleware/auth.yaml -n my-portfolio
+```
+
+Following middleware deployment, the authentication must be enabled by adding the appropriate annotation to the service's Ingress object specification:
+
+```
+traefik.ingress.kubernetes.io/router.middlewares: my-portfolio-basic-auth@kubernetescrd
+```
diff --git a/Kubernetes_deployments/traefik-middleware/auth.yaml b/Kubernetes_deployments/traefik-middleware/auth.yaml
new file mode 100644
index 0000000..d86870f
--- /dev/null
+++ b/Kubernetes_deployments/traefik-middleware/auth.yaml
@@ -0,0 +1,7 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: basic-auth
+spec:
+  basicAuth:
+    secret: traefik-basic-auth
diff --git a/Kubernetes_deployments/traefik-middleware/auth_secret.yaml b/Kubernetes_deployments/traefik-middleware/auth_secret.yaml
new file mode 100644
index 0000000..a2b89e7
--- /dev/null
+++ b/Kubernetes_deployments/traefik-middleware/auth_secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: traefik-basic-auth
+type: Opaque
+data:
+  auth: "${TRAEFIK_SECRET}"