Skip to content

Secure an Ingress

An Access Control Policy is created in your cluster but it does not directly secure any of the ingresses. To apply an Access Control Policy and secure your service, please follow the steps in this document.

Ingresses are only available in Kubernetes.

Traefik Hub uses the ingress controller features to set access control on top of your ingresses. For now, the Traefik Hub Agent supports the following:

Ingress Controller Version
Traefik Proxy > v2.7
Nginx Community > v1

Requirements

Before going further, please make sure have the following:

  • An account registered on the Traefik Hub platform
  • A cluster running with Kubernetes
  • The Traefik Hub Agent installed and running
  • An ingress exposing a service on your cluster
  • A configured Access Control Policy in Traefik Hub

Web Interface

On the page of the service that was exposed by the ingress, you can find the service details. Find the Edit button next to the ingress section and, in the form, select the Access Control Policy.

Apply the changes by saving the form. Applying the update can take a few moments.

Custom Resource Definition

To secure an ingress from the resource, edit the Ingress resource and add the following annotation to the metadata:

metadata:
  annotations:
    hub.traefik.io/access-control-policy: <..acp-name..>

Apply the changes and wait a few seconds before accessing the service through the ingress.