I have an EKS cluster running with the Kubernetes Nginx Ingress Controller deployed. I would like to add an extra basic authentication layer on top of the Kubernetes API to restrict access and use custom error pages for users without a basic auth token, so no one can hit the API without passing basic auth first.
Currently, I’m using AWS SSO tokens for authentication to the API, along with IAM permissions. My question is: is there a way to send extra authentication headers with each kubectl request to handle the basic authentication?
I’ve checked for plugins that might help with this, but it appears the only solution is to run a simple proxy that adds the basic auth header for me. Is that the best approach, or are there other options available?
