Link Search Menu Expand Document

nginx-ingress Cheat Sheet

Auth Variants

For a list of OAuth proxies for use with k8s check out the kubernetes cheat sheet.

Basic Auth

Create an ingress annotation like this:

annotations: "nginx" basic auth "Login Required"

and provide an htpasswd secret like this in the ingress namespace

htpasswd -c ./auth <user name>
kubectl create secret generic auth  --from-file ./auth

Transparent OAuth2 Proxy

When using Bitly’s oauth2_proxy running as service “oauth2_proxy” you can create a transparent proxy like this

annotations: "nginx" "http://${OAUTH2_PROXY_SERVICE_HOST}:${OAUTH2_PROXY_SERVICE_PORT}/oauth2/start?rd=$request_uri" "http://${OAUTH2_PROXY_SERVICE_HOST}:${OAUTH2_PROXY_SERVICE_PORT}/oauth2/auth" "false" "false"       # <-- when your service speaks HTTP |
    auth_request /oauth2/auth;
    error_page 401 = /oauth2/start?rd=/;

Reverse Proxy

Reddit Reverse Proxy for Deployment