OH3 behind a traefik ingress in k3s (kubernetes) with basic auth

Tags: #<Tag:0x00007fc8f7f00100> #<Tag:0x00007fc8f7f00010> #<Tag:0x00007fc8f7e8fb08>

Hi!

I already found this thread:

and this:

and saw the documentation about oh3 installation here:

But I was still not successful to get it up and running in an k3s environment (traefik 1.7 and kubernetes).

Has someone here managed to get the new oh3 authentication up and running behind a basic auth secured traefik reverse proxy? Can someone point me to the necessary yaml-Configs?

Looks like I’m the first with such a setup. I solved it by defining the ingress like that:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: openhab3
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/auth-type: basic
    traefik.ingress.kubernetes.io/auth-secret: authsecret
    ingress.kubernetes.io/custom-request-headers: "cookie: X-OPENHAB-AUTH-HEADER=true"
    ingress.kubernetes.io/custom-response-headers: "cookie: X-OPENHAB-AUTH-HEADER=true"
    ingress.kubernetes.io/auth-remove-header: "true"
spec:
  rules:
  - host: myremoteoh.domain.de
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: openhab3
            port:
              number: 8080

The “authsecret” is the name of the kubernetes secret that keeps the password for the basic auth protection.

Would be great to have this for traefik in the openhab3 documentation, too.