Add basic authentification

2019-09-04 19:08:30 +02:00 · 2019-09-04 19:08:30 +02:00 · 212811e224
commit 212811e224
parent a0d4f0a26d
3 changed files with 21 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -4,5 +4,6 @@ ingress_domain: "local.dataminem.net"
 #  - 10.96.0.0/12
 #  - 10.244.0.0/16
 #  - 192.168.140.0/24
+basi_auth: false

 scope_version: 1.9.1
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -11,6 +11,22 @@
      api_version: v1
      kind: Namespace

+  - name: Create a Secret object for basic authentification
+    k8s:
+      state: present
+      context: "{{ my_context }}"
+      definition:
+        apiVersion: v1
+        kind: Secret
+        metadata:
+          name: basic-auth
+          namespace: weave
+        type: Opaque
+        data:
+          basic_auth: "{{ basic_auth_data | b64encode }}"
+    when:
+      - basic_auth == true
+    tags: weave

  - name: Weave Scope files
    k8s:
--- a/templates/weave_ingress.yaml.j2
+++ b/templates/weave_ingress.yaml.j2
@ -10,6 +10,10 @@ metadata:
    ingress.kubernetes.io/whitelist-source-range: "{% for acl_whitelist in ingress_whitelist %}{{ acl_whitelist }}{% if not loop.last %}, {% endif %}{% endfor %}"
 {% endif %}
    traefik.frontend.priority: "10"
+{% if basic_auth is defined %}
+    traefik.ingress.kubernetes.io/auth-type: basic
+    traefik.ingress.kubernetes.io/auth-secret: traefik-auth
+{% endif %}
 spec:
  rules:
  - host: weave.{{ ingress_domain }}