Ingress-nginx: Basic authentication not working

Created on 8 Jan 2018 · 7Comments · Source: kubernetes/ingress-nginx

Hi,
I cannot seem to get basic auth working. Requests just go through with a 200.
Ingress controller:

Ingress:

❯ k get ingress -o yaml
apiVersion: v1
items:
- apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    annotations:
      ingress.kubernetes.io/auth-realm: Authentication Required - foo
      ingress.kubernetes.io/auth-secret: basic-auth
      ingress.kubernetes.io/auth-type: basic
      ingress.kubernetes.io/ssl-passthrough: "false"
      kubernetes.io/ingress.class: nginx
....

Secrets:

❯ k get secrets
NAME                                     TYPE                                  DATA      AGE
basic-auth                               Opaque                                1         11m

Services:

❯ k get services -n ingress-nginx
NAME                   TYPE           CLUSTER-IP     EXTERNAL-IP      PORT(S)                      AGE
default-http-backend   ClusterIP      10.168.4.174   <none>           80/TCP                       34m
ingress-nginx          LoadBalancer   10.168.6.173   35.197.239.248   80:31812/TCP,443:30461/TCP   34m

Source

Stono

Most helpful comment

I ran into the same problem of auth configuration not being applied to /etc/nginx/nginx.conf
I was following the latest documentation, but the annotations were not being applied.

Turns out, for me

    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - foo"

(the new documentation) doesn't work, but without the nginx does work

    ingress.kubernetes.io/auth-type: basic
    ingress.kubernetes.io/auth-secret: basic-auth
    ingress.kubernetes.io/auth-realm: "Authentication Required - foo"

(this was in Google Kubernetes Engine v1.8.6)

jeff-knurek on 17 Jan 2018

👍16 ❤6

All 7 comments

My own fault, wrong annotations (followed old docs): https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/auth

Follow these! https://github.com/kubernetes/ingress-nginx/tree/27c863085e2503e5f3249b596f24529fc2488baa/docs/examples/auth/basic

Stono on 8 Jan 2018

👍6

I ran into the same problem of auth configuration not being applied to /etc/nginx/nginx.conf
I was following the latest documentation, but the annotations were not being applied.

Turns out, for me

    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - foo"

(the new documentation) doesn't work, but without the nginx does work

    ingress.kubernetes.io/auth-type: basic
    ingress.kubernetes.io/auth-secret: basic-auth
    ingress.kubernetes.io/auth-realm: "Authentication Required - foo"

(this was in Google Kubernetes Engine v1.8.6)

jeff-knurek on 17 Jan 2018

👍16 ❤6

Yes, nginx.* namespace can not handle by GKE..

muratsplat on 11 May 2018

for people who still doubt, if you use a non- Goole Kubernetes Cluster, you shoud use:

    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - foo"

including the "nginx." part to make it work!

scher200 on 22 May 2018

👍1

Also, do not forget to have your "basic-auth" named secret published in the same namespace as your ingress.

scher200 on 23 May 2018

👍2

I'm confused where this "doesn't work on GKE thing comes from"....
I use GKE (1.9.7) and my annotations all look like nginx.ingress.kubernetes.io/service-upstream: "true

Disclaimer: I have the default glbc disabled

Stono on 23 May 2018

Can you have the authentication only on one host if your ingres has multiple hosts url's?