NGINX ingress controller on GKE with basic auth and permanent redirect

[Matthew Cooper]

Hi all,

I'm diving head first into Kubernetes. I'm currently working on a custom Helm chart for the Gitlab Omnibus application and am running into the following troubles with my NGINX Ingress Controller:

*Note: I am blind, so my apologies for the lack of code highlighting, etc. :)

- I am trying to add basic authentciation to one particular subdomain. I've created a special Ingress resource and added the following annotations to an otherwise working Ingress.:

    nginx.ingress.kubernetes.io/auth-type: basic

    nginx.ingress.kubernetes.io/auth-secret: <namespace>/<secret>

    nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"

NGINX doesn't seem to acknowledge this. I haven't found exactly when this feature was added, but I'm thinking it may have been in a quite recent release based on the nginx.ingress annotation prefix. (I understand this arrived in 0.9.0-beta18.) I'm running 0.9.0-beta11 which appears to be the latest on gcr.io/google_containers right now.

- Also trying to perform a simple 301 redirect of one base domain to another. I see that:

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: test

  annotations:

    nginx.ingress.kubernetes.io/permanent-redirect: newdomain.com

spec:

  rules:

  - host: olddomain.com

should do this. Same issue perhaps with the older beta release. Does the host rule need service backend information if a redirect is all that I'm aiming for?

Anyway, if I need a newer version, can anyone explain how to create a GKE compatible NGINX ingress controller image? If I'm doing something else wrong, all advice appreciated!

Blessings,

Matt

[Alejandro de Brito Fontes]

Please check https://github.com/kubernetes/ingress-nginx/releases to get information about the release.

If you update to 0.17.1 this will work without issues

[Matthew Cooper]

Thank you. Just finally came across that. So many examples showed the gcr.io images specifially, so I wasn't sure about using these.

Basic auth is now working, but I do have a couple follow-up questions regarding my permanent redirect.

As I said originally, I am installing Gitlab Omnibus via a custom Helm chart. One component of this application is Gitlab Pages. This serves static websites for Gitlab projects/groups/etc. My installation has an Ingress for *.build2c.io directing traffic to the Gitlab Pages service. By default, no content exists, so the service simply reports 404 for all subdomains. This raises a couple issues:

- cert-manager seems to fail creating my wildcard Let's Encrypt certificate

- As gitlab.io does, I want my root build2c.io and www.build2c.io URLs to redirect to our main website at build2c.org. I have gotten http://build2c.io to redirect. Is it possible to redirect https://build2c.io without it needing its own certificates? It seems that cert-manager fails to create a specific TLS secret for https://build2c.io since the insecure http URL redirects away from build2c.io.

Hopefully this situation is fairly clear. Any thoughts appreciated.

--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.