From 84f3e623b54f667bc9e5f7f844ffd88c545d69e1 Mon Sep 17 00:00:00 2001
From: Aaron Riedel <git@ar21.de>
Date: Fri, 21 Apr 2023 09:34:41 +0200
Subject: [PATCH] =?UTF-8?q?disable=20basicauth=20for=20acme=20challenges?=
 =?UTF-8?q?=20=F0=9F=8D=87?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ingress/values.yaml     | 3 ++-
 prometheus/ingress.yaml | 8 ++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/ingress/values.yaml b/ingress/values.yaml
index 1c06be3..5d1683d 100644
--- a/ingress/values.yaml
+++ b/ingress/values.yaml
@@ -1,6 +1,7 @@
 controller:
+  enableSnippets: true
   hostNetwork: true
-  setAsDefaultIngress: true 
+  setAsDefaultIngress: true
   service:
     create: false
   kind: daemonset
\ No newline at end of file
diff --git a/prometheus/ingress.yaml b/prometheus/ingress.yaml
index 54cf08b..6b1be50 100644
--- a/prometheus/ingress.yaml
+++ b/prometheus/ingress.yaml
@@ -9,6 +9,10 @@ metadata:
     cert-manager.io/cluster-issuer: letsencrypt-prod
     acme.cert-manager.io/http01-edit-in-place: "true"
     ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.org/server-snippets: |
+      location ^~ /.well-known/acme-challenge/ {
+          auth_basic off;
+      }
     nginx.org/basic-auth-secret: prometheus-basic-auth-secret
     #nginx.org/ssl-services: "prometheus-server"
 spec:
@@ -38,6 +42,10 @@ metadata:
     cert-manager.io/cluster-issuer: letsencrypt-prod
     acme.cert-manager.io/http01-edit-in-place: "true"
     ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.org/server-snippets: |
+      location ^~ /.well-known/acme-challenge/ {
+          auth_basic off;
+      }
     nginx.org/basic-auth-secret: prometheus-basic-auth-secret
     #nginx.org/ssl-services: "prometheus-server"
 spec: