Hi there,
I´m trying to make some tests with nginx-ingress annotations. In my case I can´t get basic-auth to work.
Like described here https://github.com/rancher/ingress-nginx/blob/master/docs/user-guide/annotations.md#authentication I created a basic-auth secret with key named auth. Then I attached the annotations to to ingress but nothing changes. Does anybody already tried this with rancher >2.0.0?
regards, christian
After some investigation I found the solution. The documentation is misleading. You must not use double quotes to enclose the auth-realm
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: realm string
works fine.
I created a pull request to fix the documentation for this https://github.com/kubernetes/ingress-nginx/pull/2770 .
Investigation was
kubectl logs nginx-ingress-controller-abdf2 -n ingress-nginx
and showed something like
Error: exit status 1
2018/07/11 07:51:42 [emerg] 4610#4610: unexpected "A" in /tmp/nginx-cfg788972583:307
nginx: [emerg] unexpected "r" in /tmp/nginx-cfg788972583:307
nginx: configuration file /tmp/nginx-cfg788972583 test failed
The error is caused by the following nginx config line.
auth_basic ""realm string"";
The docs are a yaml file, so the example is fine there, and quoting would be required in some cases, e.g. if there was a colon in the realm.
In the Rancher UI they’re a key-value map so if you put in a quote it goes into the literal value, which then produces an invalid config.
Ok. Thx for the details. Indeed it not really wrong in doc but misleading because I stumpled over this over and over again.
Hi
I made the whole process of adding basic auth via the graphic interface of the rancher, I created the password file and then added the annotations, following the indications of this post, and even then use of the password does not work, when I remove annotations password, the url works well, with password it return error 502/503
I used
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: realm string
Rancher ngress needs any label or more confs?
Hi,
hm… that should work. Actually it´s strange that you get a 502/503 and not a 401 or something else. And no, rancher doesn´t need more annotations. It´s fully nginx-ingress-controllers responsibilty.
- Does the Ingress work without the auth-annotations?
- Can you please check the logs of your ingress-controller container? This logs are usually very verbose.
- Can you check, that your secret with name “basic-auth” exists? And does this secret has a key “auth” with your base64 encoded password?
regards, Christian