Add initial redis pass and http protected auth for longhorn

lucawen · Aug 15, 2022 · fd9780d · fd9780d
1 parent 2f3dd23
commit fd9780d
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/cluster/config/cluster-secrets.sops.yaml b/cluster/config/cluster-secrets.sops.yaml
@@ -7,6 +7,8 @@ metadata:
 stringData:
     SECRET_DOMAIN: ENC[AES256_GCM,data:W7s/c8XscVkYb/ym,iv:ugHHSwzRGtmtRgh3Ed5PzGaLcuVnN3dF2DU5BJlcabA=,tag:Mzph9zdeQVa8H0CNRWkmJA==,type:str]
     SECRET_CLOUDFLARE_EMAIL: ENC[AES256_GCM,data:xHbFBpsFiUQgxhrIspqZx9XnYdW3aA==,iv:cdLRv7Jj0PSirrotwGXTBl7S16PSoMhsjqm9C+xo1ak=,tag:gFQYW4beezePQidWa/ykYw==,type:str]
+    SECRET_REDIS_PASSWORD: ENC[AES256_GCM,data:WG8xnNSPRojUNI/vdezcXGY0oWlNXqET,iv:KFfkNswt3Rxbqe7zGhc2xxH1wC/n2NJcpThG89W5cJw=,tag:UME1yu9Iesf3oraYTc7/1Q==,type:str]
+    SECRET_HTPASSWD_NGINX_BASIC: ENC[AES256_GCM,data:rqj39cTlBvcppi2j6cRpBP7/KmDghVyfhT78lt2af4jHe1P4hgCBDcYo/J+CTwl3lVJLYG9vJFKR8lf3,iv:+AyJOeX0pWbj2c+aYLTw1ssowfiCAdQ+zhaUG0t6Fmo=,tag:mwwVLElH5vFnrxOIYvVc6g==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -22,8 +24,8 @@ sops:
             ZjJhQnVLcFlJMVpmaUpqVzNBUDBQKzAKuu+4umJkj+Qbq7b5YeYBjrNdtIgxXHal
             8MSgJky7iJ4XizZAazXP+sTpldEm+VDFRBthfhvprZmI8w5/fokr7g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-08-04T18:21:34Z"
-    mac: ENC[AES256_GCM,data:W5yfZGvgk5e1q/lhiMfR1af4/m+DK7GVIaguW0y8VlPhsGrhlm/jVvGmZROMprAsL80YhQ9KADr2XVEI2nToEDgkuHM4lPZG416GKHnFIjslmWoxeUoSNZNnGPs9I1rLn3N+4RUSpHHM/cFb5uXDe3ivueTQBbY0HHok3r14fcY=,iv:aFRhUhh89r3zz6v114mjs7JIFeJ0FBprgFDgs59oKJM=,tag:9K0kXRjGR+DQSg8stNNEBw==,type:str]
+    lastmodified: "2022-08-15T13:15:07Z"
+    mac: ENC[AES256_GCM,data:NS1ezVj2An7E/hctwwWmOdvr2HGquZSaadbNH0rR8HuStW5hxrxOD0dfV3lAdpkjN0cyBQQ/pCkrqfmA5rqbO4UEyL/z8BgVJSyw8+OeWYI6NPThTlbepsWnjF4ekNKgRuVx9Qbn8TNzAblSw/PNoUv7vEXtZAYqWzNu2sn7Wqc=,iv:k7IlvLGpIVXPFzk/lPJeCXKlRHFyc84fQsT11zh7az4=,tag:vGPI8Sn+bQMkQWyKovNvbQ==,type:str]
     pgp: []
     encrypted_regex: ^(data|stringData)$
     version: 3.7.3
diff --git a/cluster/core/longhorn-system/helm-release.yaml b/cluster/core/longhorn-system/helm-release.yaml
@@ -36,6 +36,9 @@ spec:
       tlsSecret: longhorn-tls
       ingressClassName: nginx
       annotations:
+        nginx.ingress.kubernetes.io/auth-type: basic
+        nginx.ingress.kubernetes.io/auth-secret: SECRET_HTPASSWD_NGINX_BASIC
+        nginx.ingress.kubernetes.io/auth-realm: "Enter your credentials"
         cert-manager.io/cluster-issuer: "letsencrypt-production"
         external-dns.alpha.kubernetes.io/target: "ipv4.${SECRET_DOMAIN}"
         external-dns/is-public: "true"