Basic AuthenticationFilter examples

Author: tataruty

.gitleaksignore

@@ -4,3 +4,5 @@
 890fddb787ff3560b9b743647a36b649d498ae51:internal/state/graph/secret_test.go:private-key:35
 890fddb787ff3560b9b743647a36b649d498ae51:internal/state/change_processor_test.go:private-key:211
 internal/controller/state/graph/config_maps_test.go:private-key:35
+examples/basic-authentication/basic-auth.yaml:generic-api-key:8
+examples/basic-authentication/basic-auth.yaml:generic-api-key:31

examples/basic-authentication/README.md

@@ -0,0 +1,3 @@
+# Basic Authentication
+
+This directory contains the YAML files used in the [Basic Authentication](https://docs.nginx.com/nginx-gateway-fabric/traffic-management/basic-authentication/) guide.

examples/basic-authentication/basic-auth.yaml

@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: basic-auth1
+type: Opaque
+data:
+  # Base64 of "htpasswd -bn user1 password1"
+  auth: dXNlcjE6JGFwcjEkWEFKeU5yekgkY0Rjdy9YMVBCZTFmTjltQVBweXpxMA==
+---
+apiVersion: gateway.nginx.org/v1alpha1
+kind: AuthenticationFilter
+metadata:
+  name: basic-auth1
+spec:
+  type: Basic
+  basic:
+    secretRef:
+      name: basic-auth1
+    realm: "Restricted basic-auth1"
+    onFailure:
+      statusCode: 401
+      scheme: Basic
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: basic-auth2
+type: Opaque
+data:
+  # Base64 of "htpasswd -bn user2 password2"
+  auth: dXNlcjI6JGFwcjEkd0lKUUpjZEUkSXUuYjVhMlBGODdtQi5zT0x4aUg5MQ==
+---
+apiVersion: gateway.nginx.org/v1alpha1
+kind: AuthenticationFilter
+metadata:
+  name: basic-auth2
+spec:
+  type: Basic
+  basic:
+    secretRef:
+      name: basic-auth2
+    realm: "Restricted basic-auth2"
+    onFailure:
+      statusCode: 401
+      scheme: Basic

examples/basic-authentication/cafe-routes.yaml

@@ -0,0 +1,48 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: cafe-routes
+spec:
+  parentRefs:
+    - name: cafe-gateway
+  rules:
+    - matches:
+        # Coffee with Basic Auth via basic-auth1
+        - path:
+            type: PathPrefix
+            value: /coffee1
+        # Additional coffee path with same auth
+        - path:
+            type: PathPrefix
+            value: /coffee2
+      backendRefs:
+        - name: coffee
+          port: 80
+      filters:
+        - type: ExtensionRef
+          extensionRef:
+            group: gateway.nginx.org
+            kind: AuthenticationFilter
+            name: basic-auth1
+    # Tea with Basic Auth via basic-auth2
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /tea
+      backendRefs:
+        - name: tea
+          port: 80
+      filters:
+        - type: ExtensionRef
+          extensionRef:
+            group: gateway.nginx.org
+            kind: AuthenticationFilter
+            name: basic-auth2
+    # Latte without authentication
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /latte
+      backendRefs:
+        - name: latte
+          port: 80

examples/basic-authentication/cafe.yaml

@@ -0,0 +1,98 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: coffee
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: coffee
+  template:
+    metadata:
+      labels:
+        app: coffee
+    spec:
+      containers:
+      - name: coffee
+        image: nginxdemos/nginx-hello:plain-text
+        ports:
+        - containerPort: 8080
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: coffee
+spec:
+  ports:
+  - port: 80
+    targetPort: 8080
+    protocol: TCP
+    name: http
+  selector:
+    app: coffee
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tea
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: tea
+  template:
+    metadata:
+      labels:
+        app: tea
+    spec:
+      containers:
+      - name: tea
+        image: nginxdemos/nginx-hello:plain-text
+        ports:
+        - containerPort: 8080
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: tea
+spec:
+  ports:
+  - port: 80
+    targetPort: 8080
+    protocol: TCP
+    name: http
+  selector:
+    app: tea
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: latte
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: latte
+  template:
+    metadata:
+      labels:
+        app: latte
+    spec:
+      containers:
+      - name: latte
+        image: nginxdemos/nginx-hello:plain-text
+        ports:
+        - containerPort: 8080
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: latte
+spec:
+  ports:
+  - port: 80
+    targetPort: 8080
+    protocol: TCP
+    name: http
+  selector:
+    app: latte

examples/basic-authentication/gateway.yaml

@@ -0,0 +1,13 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: cafe-gateway
+spec:
+  gatewayClassName: nginx
+  listeners:
+    - name: http
+      port: 80
+      protocol: HTTP
+      allowedRoutes:
+        namespaces:
+          from: Same