Hello, I was thrown in the world of Kubernetes, He...
# general
Hello, I was thrown in the world of Kubernetes, Helm, Google Cloud Engine, and Terraform/Pulumi and so on, so maybe I'm really in the wrong channel now to ask my question, please be nice. 🙂 We have a so called
which does basic authentication for one domain. Currently the basic authentication data is done manually via:
htpasswd -c auth <username> && kubectl create secret generic docs-basic-auth --from-file=auth
I want to automate this for the future. The helm chart looks like this:
Copy code
  domain: <domain>
  tlsSecretName: <name>-de-tls
    <http://nginx.ingress.kubernetes.io/auth-type|nginx.ingress.kubernetes.io/auth-type>: basic
    # # The name of the secret which contains the HTTP basic auth configuration
    # # See: <https://github.com/kubernetes/ingress-nginx/blob/6d2400ee0fcd29390db24091edef07ccee73c881/docs/examples/auth/basic/README.md>
    <http://nginx.ingress.kubernetes.io/auth-secret|nginx.ingress.kubernetes.io/auth-secret>: docs-basic-auth
    <http://nginx.ingress.kubernetes.io/auth-realm|nginx.ingress.kubernetes.io/auth-realm>: "Name"
    type: RollingUpdate
      maxSurge: 1
      maxUnavailable: 0
I have a file which contains this code where, at least I think, I need to start:
Copy code
import * as k8s from "@pulumi/kubernetes";
import * as affinities from "../../../affinities";

interface ICreateNginxIngressOpts {
  isPrivateNetworkIngress: boolean;
  tls: { defaultTlsSecretName: string };
  context: {
    provider: k8s.Provider;

const createNginxIngress = ({
  context: { provider }
}: ICreateNginxIngressOpts) => {
  let annotations: any = {};

  if (isPrivateNetworkIngress) {
    // Only allow traffic from the external subnet
    annotations["<http://cloud.google.com/load-balancer-type|cloud.google.com/load-balancer-type>"] = "Internal";

  return new k8s.helm.v2.Chart(
      repo: "stable",
      chart: "nginx-ingress",
      version: "1.6.0",
      values: {
        defaultBackend: {
          affinity: affinities.defaultPool
        controller: {
          extraArgs: {
            "default-ssl-certificate": tls.defaultTlsSecretName
          publishService: { enabled: true },
          affinity: affinities.defaultPool,
          service: {
    { dependsOn: [provider], providers: { k8s: provider } }

export { createNginxIngress };
Any hints where I have to look at? Basically: I want to automate this steps: https://github.com/kubernetes/ingress-nginx/blob/6d2400ee0fcd29390db24091edef07ccee73c881/docs/examples/auth/basic/README.md
regardless of the solution there is also a school of thought that Ingress should be as generic as possible and any app-specific configuration is anti-pattern
And where do I do the app-specific configuration then?
on app level. if app needs to authenticate incoming requests, it is it's responsibility to do that, maybe with the sidecar nginx, but still on the app pod
Sounds complicated, I'll have a look at this sidecar thingy