One of these applications is a simple Nginx web server. This server is used as part of a secure backend application, and the company would like it to be configured to use HTTP basic authentication.
This will require an htpasswd file as well as a custom Nginx config file. In order to deploy this Nginx server to the cluster with good configuration practices, you will need to load the custom Nginx configuration from a ConfigMap (this already exists) and use a Secret to store the htpasswd data.
Create a Pod with a container running the nginx:1.19.1 image. Supply a custom Nginx configuration using a ConfigMap, and populate an htpasswd file using a Secret.
Generate an htpasswd file:
htpasswd -c .htpasswd user
View the file’s contents:
cat .htpasswd
Create a Secret containing the htpasswd data:
kubectl create secret generic nginx-htpasswd --from-file .htpasswdDelete the .htpasswd file:
rm .htpasswd
Create the Nginx Pod
Create pod.yml:
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx:1.19.1
ports:
- containerPort: 80
volumeMounts:
- name: config-volume
mountPath: /etc/nginx
- name: htpasswd-volume
mountPath: /etc/nginx/conf
volumes:
- name: config-volume
configMap:
name: nginx-config
- name: htpasswd-volume
secret:
secretName: nginx-htpasswdView the existing ConfigMap:
kubectl get cm
we need to create the configMap for nginx-config:-
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
data:
nginx.conf: |
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
server {
listen 80;
listen [::]:80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
auth_basic "Secure Site";
auth_basic_user_file conf/.htpasswd;
}
}Get more info about nginx-config:
kubectl describe cm nginx-config
Apply the pod
kubectl apply -f pod.ymlWithin the existing busybox pod, without using credentials, verify everything is working:
kubectl exec busybox -- curl <NGINX_POD_IP>
We’ll see HTML for the 401 Authorization Required page — but this is a good thing, as it means our setup is working as expected.
curl: (6) Couldn't resolve host 'user'
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 179 100 179 0 0 62174 0 --:--:-- --:--:-- --:--:-- 89500
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.19.1</center>
</body>
</html>Run the same command again using credentials (including the password you created at the beginning of the lab) to verify everything is working:
kubectl exec busybox -- curl -u user:<PASSWORD> <NGINX_POD_IP>
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 612 100 612 0 0 48846 0 --:--:-- --:--:-- --:--:-- 51000
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>Cheers
Osama
Technology Geek 