Hello!
I have Alloy installed in a kubernetes cluster via Helm Chart.
If I want to expose Alloy UI through a public domain, would there be a way to authenticate to get into the UI?
I didn’t find anything related on the docs or on the Helm Chart values.
Thanks!
maybe prop it behind a proxy server that requires auth like ngnix?
I was wondering about having already implemented this feature in Alloy itself, but thanks for the answer @yosiasz! Maybe i will explore that option.
so you have resolved it? please share your solution if so
Yes, it’s resolved now. I followed these instructions to enable the nginx auth: Basic Authentication - Ingress-Nginx Controller
I created a secret called alloy-ingress-auth
with the htpasswd
credentials on the auth
secret key.
And the ingress manifest:
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: alloy
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/ttl: "1m"
# For basic auth
nginx.ingress.kubernetes.io/auth-realm: Authentication Required - admin
nginx.ingress.kubernetes.io/auth-secret: alloy-ingress-auth
nginx.ingress.kubernetes.io/auth-type: basic
spec:
ingressClassName: nginx
rules:
- host: {{ $alloy_domain }}
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: alloy
port:
number: 12345
tls:
- hosts:
- {{ $alloy_domain }}
secretName: grafana-alloy-tls
1 Like