feat(helm): add basic auth support via Traefik middleware
- Add basicAuth.enabled and basicAuth.htpasswd values
- Create middleware.yaml template for Secret and Traefik Middleware
- Update ingress to include middleware annotation when enabled
Usage:
helm upgrade taskplaner ./helm/taskplaner \
--set basicAuth.enabled=true \
--set basicAuth.htpasswd='admin:$apr1$...'
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Thomas Richter
@@ -5,10 +5,13 @@ metadata:
|
|||||||
name: {{ include "taskplaner.fullname" . }}
|
name: {{ include "taskplaner.fullname" . }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "taskplaner.labels" . | nindent 4 }}
|
{{- include "taskplaner.labels" . | nindent 4 }}
|
||||||
{{- with .Values.ingress.annotations }}
|
|
||||||
annotations:
|
annotations:
|
||||||
|
{{- with .Values.ingress.annotations }}
|
||||||
{{- toYaml . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.basicAuth.enabled }}
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: {{ .Release.Namespace }}-{{ include "taskplaner.fullname" . }}-basic-auth@kubernetescrd
|
||||||
|
{{- end }}
|
||||||
spec:
|
spec:
|
||||||
{{- if .Values.ingress.className }}
|
{{- if .Values.ingress.className }}
|
||||||
ingressClassName: {{ .Values.ingress.className }}
|
ingressClassName: {{ .Values.ingress.className }}
|
||||||
|
|||||||
22
helm/taskplaner/templates/middleware.yaml
Normal file
22
helm/taskplaner/templates/middleware.yaml
Normal file
@@ -0,0 +1,22 @@
|
|||||||
|
{{- if .Values.basicAuth.enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ include "taskplaner.fullname" . }}-basic-auth
|
||||||
|
labels:
|
||||||
|
{{- include "taskplaner.labels" . | nindent 4 }}
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
users: {{ .Values.basicAuth.htpasswd | quote }}
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ include "taskplaner.fullname" . }}-basic-auth
|
||||||
|
labels:
|
||||||
|
{{- include "taskplaner.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
basicAuth:
|
||||||
|
secret: {{ include "taskplaner.fullname" . }}-basic-auth
|
||||||
|
{{- end }}
|
||||||
@@ -102,6 +102,13 @@ tolerations: []
|
|||||||
|
|
||||||
affinity: {}
|
affinity: {}
|
||||||
|
|
||||||
|
# Basic authentication (Traefik middleware)
|
||||||
|
basicAuth:
|
||||||
|
enabled: false
|
||||||
|
# htpasswd encoded credentials (generate with: htpasswd -nb user password)
|
||||||
|
# Example: "admin:$apr1$xyz..."
|
||||||
|
htpasswd: ""
|
||||||
|
|
||||||
# Application-specific configuration
|
# Application-specific configuration
|
||||||
config:
|
config:
|
||||||
# The external URL where the app is accessible (required for CSRF protection)
|
# The external URL where the app is accessible (required for CSRF protection)
|
||||||
|
|||||||
Reference in New Issue
Block a user