Hi everyone, I'm using the newly announced k8s he...
# prefect-community
Hi everyone, I'm using the newly announced k8s helm chart, which is awesome by the way! I'm trying to add basic authentication to the apollo server to protect it through an nginx controller on kubernetes. But now the "server cannot be reached". Could anyone please kindly offer up any insight on this? Would be most appreciated! The other alternative I could look into is making the apollo server an internal load balancer which I'll try next.
How did you add the basic authentication? One possible thing you could possible run in to, is that by protecting your app, kubernetes readyness/liveness probe fails (they also get the same 403). Thus, kubernetes won’t serve the app. Giving you a “500 ish server cannot be reached.” If you run into this, unprotect the route for kubernetes health chekks. If not, I wouldn’t know, but it might help if you share your modifications.
Hi @Joël Luijmes, Thanks for your response. I can try this. I'm using an nginx-controller and ingress separate from the helm config. Ex.
Copy code
apiVersion: extensions/v1beta1
kind: Ingress
  name: prefect-gke-ingress
    <http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
    <http://nginx.ingress.kubernetes.io/auth-type|nginx.ingress.kubernetes.io/auth-type>: basic
    <http://nginx.ingress.kubernetes.io/auth-secret|nginx.ingress.kubernetes.io/auth-secret>: basic-auth
    <http://nginx.ingress.kubernetes.io/auth-realm|nginx.ingress.kubernetes.io/auth-realm>: 'Authentication Required - admin'
    - http:
         - path: /
             serviceName: prefect-gke-ui
             servicePort: 80
         - path: /graphql
             serviceName: prefect-gke-apollo
             servicePort: 4200
Ah okay, wasn’t aware about the kubernetes ingress with nginx. Then you probably wouldn’t run into that issue. To troubleshoot for me it usually helps to describe the different resources, it still could be that your app is not healthy for some other reason?
I can confirm that the application is healthy. I'm not a security engineer so this is all quite frustrating to me. I don't think nginx-ingress is the right approach. Investigating alternatives