前提：
已部署ingress-nginx,并且设置为default-ingress-class
或者在yaml中将ingress-class设置为nginx

创建一个Auth File：

USER=<USERNAME_HERE>; PASSWORD=<PASSWORD_HERE>; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth

创建一个Secret：

kubectl -n demo create secret generic basic-auth --from-file=auth

创建一个Ingress：

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: auth-ingress
  namespace: demo
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/ssl-redirect: 'false'
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required '
    nginx.ingress.kubernetes.io/proxy-body-size: 10000m
spec:
  rules:
  - http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: your_service
            port:
              number: 80

效果：
用户的请求必须先经过ingress的验证才能到达你指定的Service中，他可以做到与Service完全独立地去添加一层验证。