Ingress Mapping¶
We recommend starting out with Nginx-ingress controller. More information about Nginx configuration can be found here Ingress Options.
Enable basic auth to ingress¶
Create a password first (it is important the file generated is called auth)
htpasswd -c auth foo
New password: <bar>
New password:
Re-type new password:
Adding password for user foo
Create the secret in Kubernetes
kubectl create secret generic basic-auth --from-file=auth
Add the following annotation to your ingress map
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
Whitelisting¶
If you want to limit access to a service can it be done with the help of whitelisting
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: <IP RANGES>
spec:
rules:
- http:
paths:
- path: /
backend:
service:
name: nginx
port:
number: 80
Running Nexus in Kubernetes with Whitelisting¶
Not all nodes can pull images from my Nexus¶
If you encounter issues with nodes that can not pull images, make sure all load-balancer node host IP addresses and 10.244.0.0 is allowed in the whitelist.
- When a connection is established between a host and one of its pods, the network stack does not use NAT. Instead, a direct link is created between the host IP and the pod IP.
10.244.0.0is used when node uses the Kubernetes network stack instead of direct connection.
These connections will not use the internet and always be local to the Kubernetes Stack and do not pose a security risk.