Proposal: Enable auth by default for Swarm

[alexellis]

For Docker Swarm we should enable basic auth by default.

We don't want users deploying OpenFaaS with public IPs and having that open to the world.

Since we use a shell script to deploy I think we can automate this with bash.

First attempt #743

Feedback/suggestions/ideas welcome

Alex

[ivanayov]

What do you think about allowing the user to create own credentials by passing them as arguments to deploy_stack.sh (or some better approach for the same)?

[alexellis]

It is a valid suggestion, but I'd rather not complicate things at this stage. The secret can be updated easily with the docker secret command. Please see the suggestions on the PR and feel free to comment on those too.

[ericstoekl]

For Kubernetes, we could include the Caddy basic auth ingress object in the helm template. As described in @stefanprodan 's blog post: https://stefanprodan.com/2017/openfaas-kubernetes-ingress-ssl-gke/

[stefanprodan]

There is no more need for Caddy since the OpenFaaS Gateway implements basic auth. For Kubernetes I've added the basic auth option to the Helm chart https://github.com/openfaas/faas-netes/tree/master/chart/openfaas#secure-the-gateway-administrative-api-and-ui-with-basic-auth

[alexellis]

That's right - @ericstoekl the change made in the gateway implements basic authentication directly. See the PR #743 and try it out.

[alexellis]

Derek set milestone: 0.8.6

[alexellis]

Derek close: resolved