doc: create ingress controller with basic auth

Signed-off-by: meldafrawi <mohamed.eldafrawi@rancher.com>
2020-02-27 02:10:16 +02:00 · 2020-02-27 02:10:16 +02:00 · ecccf2a14a
commit ecccf2a14a
parent b70d86b3ce
2 changed files with 45 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -113,18 +113,21 @@ longhorn-ui-f849dcd85-cgkgg                 1/1       Running   0          5d

 ### Accessing the UI

-You can run `kubectl -n longhorn-system get svc` to get the external service IP for UI:
+> For Longhorn v0.8.0+, UI service type has been changed from `LoadBalancer` to `ClusterIP`
+
+You can run `kubectl -n longhorn-system get svc` to get Longhorn UI service:

 ```
 NAME                TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)        AGE
 longhorn-backend    ClusterIP      10.20.248.250   <none>           9500/TCP       58m
-longhorn-frontend   LoadBalancer   10.20.245.110   100.200.200.123  80:30697/TCP   58m
+longhorn-frontend   ClusterIP      10.20.245.110   <none>           80/TCP         58m

 ```

-If the Kubernetes Cluster supports creating LoadBalancer, you can use `EXTERNAL-IP`(`100.200.200.123` in the case above) of `longhorn-frontend` to access the Longhorn UI. Otherwise you can use `<node_ip>:<port>` (port is `30697`in the case above) to access the UI.
+To access Longhorn UI when installed from YAML manifest, you need to create an ingress controller.
+
+See more about how to create an Nginx ingress controller with basic authentication [here](https://github.com/longhorn/longhorn/blob/master/docs/longhorn-ingress.md)

-Noted that the UI is unauthenticated when you installed Longhorn using YAML file.

 # Upgrade

--- a/docs/longhorn-ingress.md
+++ b/docs/longhorn-ingress.md
@ -0,0 +1,38 @@
+## Create Nginx Ingress Controller with basic authentication
+
+1. Create a basic auth file `auth`:
+> It's important the file generated is named auth (actually - that the secret has a key data.auth), otherwise the ingress-controller returns a 503
+
+`$ USER=<USERNAME_HERE>; PASSWORD=<PASSWORD_HERE>; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth`
+
+2. Create a secret
+
+`$ kubectl -n longhorn-system create secret generic basic-auth --from-file=auth`
+
+3. Create an Nginx ingress controller manifest `longhorn-ingress.yml` :
+
+```
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: longhorn-ingress
+  namespace: longhorn-system
+  annotations:
+    # type of authentication
+    nginx.ingress.kubernetes.io/auth-type: basic
+    # name of the secret that contains the user/password definitions
+    nginx.ingress.kubernetes.io/auth-secret: basic-auth
+    # message to display with an appropriate context why the authentication is required
+    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required '
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /
+        backend:
+          serviceName: longhorn-frontend
+          servicePort: 80
+```
+
+4. Create the ingress controller:
+`$ kubectl -n longhorn-system apply longhorn-ingress.yml`