Traefik middleware - Basic authentication

In this article we will explain how to use Traefik middlewares and routers to manage authentication to many applications on Kubernetes.

• Traefik authentication middleware

  • Basic Authentication
  • Deploy the authentication middleware
  • Go further

Basic Authentication

Basic auth is a good way to restrict access to users you choose.

To manage Basic Authentication with Traefik, we will use the BasicAuth Middleware.

First, you need to define a secret with the Basic Authentication users at the format name:hashed-password with password hashed using MD5, SHA1, or BCrypt.

You can hash passwords using the following command: 'htpasswd -nb user password'.

apiVersion: v1
kind: Secret
metadata:
  name: basic-auth-users-secret
stringData:
  users: |>
    user1:$apr1$rKM7TQZQ$FUFmIklAwWBy80pHFcZlM0
    user2:$apr1$elAEjLXh$l5NtPMsZ5YmZhjKPJ5u4r/

and the middleware instance:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: test-basic-auth
spec:
  basicAuth:
    secret: basic-auth-users-secret

You can now use the middleware in Traefik routers:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: test-basic-auth
spec:
  entryPoints:
    - web
  routes:
    - kind: Rule
      match: Host(`test-basic-auth.lenra.io`)
      middlewares:
        - name: test-basic-auth
      services:
        - kind: Service
          name: my-service
          port: 8080

Stay tuned, we will see soon how to set up the forward authentication middleware !