Basic Auth keeps popping up with grafana and prometheus

Traefik Traefik v2 (latest)
,
1

Hi,

I'm trying to IngressRoute Grafana, but the basic auth always keeps popping up (if I just proxy grafana, it just uses its own basic-auth, without problems, and prometheus doesn't asks for auth if proxied)

Here's my middlewares and ingressRoutes.

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: monitoring-grafana-basic-auth
  namespace: monitoring
spec:
  basicAuth:
    secret: monitoring-grafana-basic-auth
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: monitoring-grafana-https-redirect
  namespace: monitoring
spec:
  redirectScheme:
    scheme: https
    permanent: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: monitoring-grafana-security
  namespace: monitoring
spec:
  headers:
    frameDeny: true
    sslRedirect: true
    browserXssFilter: true
    contentTypeNosniff: true
    stsIncludeSubdomains: true
    stsPreload: true
    stsSeconds: 31536000
---
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
  name: monitoring-grafana-transport
  namespace: monitoring
spec:
  serverName: grafana
  insecureSkipVerify: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
  name: monitoring-grafana-tlsoptions
  namespace: monitoring
spec:
  minVersion: VersionTLS12
  cipherSuites:
    - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
    - TLS_AES_256_GCM_SHA384
    - TLS_AES_128_GCM_SHA256
    - TLS_CHACHA20_POLY1305_SHA256
    - TLS_FALLBACK_SCSV
  curvePreferences:
    - CurveP521
    - CurveP384
  sniStrict: false
---
apiVersion: v1
kind: Secret
metadata:
  name: monitoring-grafana-basic-auth
  namespace: monitoring
data:
  users: |
    YWRtaW46JGFwcjEkSVBqUU96bmYkWkhDSWp2UmdTNFd4bXBUZnVVakhMMQoK
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: monitoring-grafana-websecure
  namespace: monitoring
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: Host(`grafana.urbaman.it`)
      services:
      - name: kube-prometheus-stack-grafana
        port: 80
        serversTransport: monitoring-grafana-transport
      middlewares:
        - name: monitoring-grafana-basic-auth
        - name: monitoring-grafana-security
  tls:
    secretName: grafana-urbaman
    options:
      name: monitoring-grafana-tlsoptions
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: monitoring-grafana-web
  namespace: monitoring
spec:
  entryPoints:
    - web
  routes:
    - kind: Rule
      match: Host(`grafana.urbaman.it`)
      services:
      - name: kube-prometheus-stack-grafana
        port: 80
      middlewares:
        - name: monitoring-grafana-https-redirect
2

Ok,

Found it out that the match: Host(grafana.urbaman.it) was messing up with the match: Host(traefik.urbaman.it) || PathPrefix(/dashboard) || PathPrefix(/api) from the traefik dashboard ingressroute. When I set the latter to match: Host(traefik.urbaman.it) it all began to work.

Thank you.

3

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.