Add basic auth to traefik debug endpoints

products/traefik/hello.tf

@@ -8,10 +8,11 @@ module "traefik_hello" {
   placement_constraints = var.placement_constraints
   networks              = [module.traefik_network, ]
   traefik = {
-    domain         = var.hello_service_domain
-    port           = 80
-    ssl            = var.enable_ssl
-    enable_non_ssl = var.enable_non_ssl
+    domain           = var.hello_service_domain
+    port             = 80
+    ssl              = var.enable_ssl
+    non-ssl          = var.enable_non_ssl
+    basic-auth-users = var.hello_service_enable_basic_auth ? ["hello"] : []
   }
   healthcheck_interval     = "5s"
   healthcheck_timeout      = "2s"

products/traefik/inputs.tf

@@ -42,7 +42,7 @@ variable "acme_email" {
   description = "The email address to use for the ACME certificate."
   type        = string
 }
-variable "traefik_service_domain" {
+variable "traefik_dashboard_service_domain" {
   type    = string
   default = null
 }
@@ -50,6 +50,16 @@ variable "hello_service_domain" {
   type    = string
   default = null
 }
+variable "traefik_dashboard_service_enable_basic_auth" {
+  type        = bool
+  default     = false
+  description = "Whether to enable basic auth for the traefik dashboard."
+}
+variable "hello_service_enable_basic_auth" {
+  type        = bool
+  default     = false
+  description = "Whether to enable basic auth for the hello service."
+}
 variable "log_level" {
   type        = string
   default     = "WARN"

products/traefik/outputs.tf

@@ -3,4 +3,7 @@ output "docker_service" {
 }
 output "docker_network" {
   value = module.traefik_network
+}
+output "endpoint" {
+  value = module.traefik.endpoint
 }

products/traefik/traefik.tf

@@ -98,11 +98,12 @@ module "traefik" {
   global                = true
   converge_enable       = false // @todo add healthcheck
   command               = local.command
-  traefik = var.traefik_service_domain != null ? {
-    domain  = var.traefik_service_domain
-    port    = var.dashboard_port
-    ssl     = var.enable_ssl
-    non-ssl = var.enable_non_ssl
+  traefik = var.traefik_dashboard_service_domain != null ? {
+    domain           = var.traefik_dashboard_service_domain
+    port             = var.dashboard_port
+    ssl              = var.enable_ssl
+    non-ssl          = var.enable_non_ssl
+    basic-auth-users = var.traefik_dashboard_service_enable_basic_auth ? ["traefik"] : []
   } : null
   ports = [
     {