add public ingress, use HTTP basic auth

Signed-off-by: Xe Iaso <me@xeiaso.net>

2 files changed, 40 insertions, 0 deletions

diff --git a/cmd/mi/.gitignore b/cmd/mi/.gitignore
new file mode 100644
index 0000000..9ec0d09
--- /dev/null
+++ b/cmd/mi/.gitignore
@@ -0,0 +1 @@
+auth
\ No newline at end of file
diff --git a/cmd/mi/manifest.yaml b/cmd/mi/manifest.yaml
index 8b010ca..f1dec5e 100644
--- a/cmd/mi/manifest.yaml
+++ b/cmd/mi/manifest.yaml
@@ -106,6 +106,45 @@ spec:
       name: metrics
   type: ClusterIP
 ---
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: public-http-auth
+  namespace: mi
+spec:
+  itemPath: "vaults/lc5zo4zjz3if3mkeuhufjmgmui/items/4ytaobocixjfaoje7rhrtidg4m"
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: mi-public
+  namespace: mi
+  labels:
+    app.kubernetes.io/name: mi
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/auth-secret: public-http-auth
+    nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+      - mi.cetacean.club
+      secretName: mi-public-tls
+  rules:
+  - host: mi.cetacean.club
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: mi
+            port: 
+              name: http
+---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata: