Secret for basic auth could not be found

Hi, I am trying to add basic auth to my ingress exposing my longhorn UI. All this runs on a k3s Cluster.

I Create the secret with the following yaml:

apiVersion: v1
kind: Secret
metadata:
  name: longhorn-auth
  namespace: longhorn-system
data:
  users: |2
    base64encodedsecrets

And these are my Middleware and ingress configuration:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: ingressauth
  namespace: longhorn-system
spec:
  basicAuth:
    secret: loghorn-auth
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.middlewares: longhorn-system-ingressauth@kubernetescrd
  name: longhorn-ingress
  namespace: longhorn-system
spec:
  rules:
  - host: longhorn.example.com
    http:
      paths:
      - backend:
          service:
            name: longhorn-frontend
            port:
              number: 80
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - longhorn.example.com
    secretName: longhorn-cert

Without the last annotation I can access the longhorn UI but it is unprotected. With this configuration I get an 404 Error with my browser and the log states the following:

time="2021-03-11T22:54:38Z" level=error msg="Error while reading basic auth middleware: failed to load auth credentials: secret 'longhorn-system/loghorn-auth' not found" middlewareName=longhorn-system-ingressauth providerName=kubernetescrd

Moving the secret to the same namespace as traefik also does not work. Can you guess why it can not find the secret.

Thanks
Clemens

hi @cbergmann

I think, here is a typo.

You defined the secret longhorn-auth and in the middleware, you refer to the not existing K8S secret, that's why Traefik throws the error message.

The annotations should look according to the following template:
<namespace>-<object>@<provider>
https://doc.traefik.io/traefik/providers/overview/#provider-namespace

Can you please confirm the solution? Thanks!

Hi @jakubhajek,

sorry. you are right. There was a missing 'n'. sorry for the noise.

1 Like