Skip to content

Securing an Ingress

This page demonstrates how to deploy a example application on Kubernetes and use Access Control Policies (ACP) to secure it with HTTP authentication.

Before you begin

Before getting started, make sure you have the following:

Publishing an Example Application

In this example, you will be using a demo application called whoami, a web server answering with host-related information.

In the following diagram, you can see the architecture you are going to create.

The whoami application exposes the port 80, and you will create an Ingress to forward incoming traffic to it using the Traefik Proxy Ingress controller.


Overview diagram

The first step is to have an application running. This application is excellent for testing networking and routing.

To install whoami on your cluster, use the following command:

kubectl create deployment whoami --image=traefik/whoami

Create a service to reach the whoami deployment pods:

kubectl create service clusterip whoami --tcp=80:80

Traefik Proxy and Ingress

The Access Control Policies make use of the Ingress controller features to work.

For this tutorial, you are using Traefik Proxy. You can install it with the following command:

helm install traefik traefik/traefik \
  --set ingressClass.enabled=true \
  --set ingressClass.isDefaultClass=true

Traefik Proxy service

Helm automatically creates a service LoadBalancer exposing port 80 and 443.

Create an Ingress to configure Traefik Proxy to expose the whoami service on

kubectl create ingress whoami \

At this point, the application is reachable. Try accessing in your web browser or with curl.

Access Control Policy

The next step is to protect the application using the Traefik Hub Access Control features.

Open the Traefik Hub UI and find the whoami service on the service listing page.

services page

The Traefik Hub Agent detects the Ingress and displays the information configured on the Ingress (for example host and path).

Choose the Edit button next to the whoami Ingress and select Create new ACP.

whoami service with Ingress

whoami Ingress edition

Enter a name, select the basic authentication method and enter user credentials.

Save the Access Control Policy by selecting Save.

create basic auth ACP

Select Save and Publish to save and publish Ingress.

save whoami Ingress with basic auth ACP

As last step select Publish the service to publish your application.

whoami Ingress with basic auth ACP

After a few seconds, the Access Control Policy is applied and the application is protected.

To verify this, go to in your browser.

If the browser asks for credentials, the Access Control Policy has been successfully implemented.

What's next