We recommend starting out with Nginx-ingress controller. More information about Nginx configuration can be found here Ingress Options.
Enable basic auth to ingress¶
Create a password first (it is important the file generated is called auth)
htpasswd -c auth foo New password: <bar> New password: Re-type new password: Adding password for user foo
Create the secret in Kubernetes
kubectl create secret generic basic-auth --from-file=auth
Add the following annotation to your ingress map
nginx.ingress.kubernetes.io/auth-type: basic nginx.ingress.kubernetes.io/auth-secret: basic-auth nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
If you want to limit access to a service can it be done with the help of whitelisting
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nginx annotations: nginx.ingress.kubernetes.io/whitelist-source-range: <IP RANGES> spec: rules: - http: paths: - path: / backend: service: name: nginx port: number: 80
Running Nexus in Kubernetes with Whitelisting¶
Not all nodes can pull images from my Nexus¶
If you encounter issues with nodes that can not pull images, make sure all load-balancer node host IP addresses and
10.244.0.0 is allowed in the whitelist.
- When a connection is established between a host and one of its pods, the network stack does not use NAT. Instead, a direct link is created between the host IP and the pod IP.
10.244.0.0is used when node uses the Kubernetes network stack instead of direct connection.
These connections will not use the internet and always be local to the Kubernetes Stack and do not pose a security risk.