Versions Compared

Old Version 12

changes.mady.by.user Abhishek Chaturvedi (Unlicensed)

Saved on

compared with

New Version Current

changes.mady.by.user Swapnil Kulkarni

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
    prometheus.yml:
      remote_write:
      - url: https://<customer>.kloudfuse.io/ingester/write
        authorization:
          credentials: <AUTH_TOKEN>

If you’re using prometheus operator, please refer to the configuration below

Code Block
remoteWrite:
  - authorization:
      credentials:
        key: authToken
        name: kf-auth-ingest
    url: https://<customer>.kloudfuse.io/ingester/write

Fluent Bit

Update/Add the following Headers field with AUTH_TOKEN replaced with the one generated in step 1, in the HTTP plugin section of the fluent-bit configuration file as shown below:

Code Block
    [OUTPUT]
        Name http
        Match <match_pattern>
        Host <kfuse_ingress_ip>
        Port 443
        TLS on
        URI /ingester/v1/fluent_bit
        Headersheader Kf-Api-Key <AUTH_TOKEN>

Using Kubernetes Secret for setting the Kf-Api-Key

  1. Create a secret as following

Code Block
apiVersion: v1
kind: Secret
metadata:  
  name: <<secret-name>>
type: Opaque
data:
  AUTH_KEY_ENV: AUTH_TOKEN_ENCODED

  1. Update the fluent-bit helm custom-values.yaml as below

Code Block
env:
- name: AUTH_KEY_ENV
  valueFrom:
      secretKeyRef:
        name: <<secret-name>>
        key: AUTH_KEY_ENV


config:
  outputs: |
    [OUTPUT]
        Name http
        Header Kf-Api-Key ${AUTH_KEY_ENV}
        Match *
        Host swapnil-dev.kloudfuse.io
        Port 443
        TLS on
        URI /ingester/v1/fluent_bit
        Format {json|json_lines|json_stream|msgpack}

Fluentd

Update/Add the fluentd output http plugin configuration to add a “headers" field as described below using the Kf-Api-Key and AUTH_TOKEN:

...

Code Block
apiVersion: v1
kind: Secret
metadata:  
  name: kfuse-auth-ingest
type: Opaque
data:
  authToken: <AUTH_TOKEN_ENCODED>

...

Multiple Authorization Keys

Panel
panelIconIda63e4601-9a66-470d-901e-7e5d511e5403
panelIcon:new:
panelIconText:new:
bgColor#DEEBFF

New feature available in Release 2.7.2

You can configure multiple authorization tokens inside the secret. These tokens can contain any string value, and can be used as a human-readable identifier to reference the auth token.

Here, line 8 specifies the second key, authkey2.

Code Block
apiVersion: v1
kind: Secret
metadata:  
  name: kfuse-auth-ingest
type: Opaque
data:
  authkey1: <AUTH_TOKEN_ENCODED>
  authkey2: <AUTH_TOKEN_ENCODED2>

Remember to update the custom-values.yaml file to include following in the ingester config section:enable ingestion authentication:

Code Block
global:
  authConfig:
    enabled: true


Configuration of Additional Labels based on Auth Token

From Kloudfuse 2.7.2 onwards, additional labels can be configured to be attached to MELT data based on the auth token used by the incoming payload.

To configure these labels, add the following in the custom-values.yaml (replace accordingly). Take note that the same keys are used in the secret and the ingester config.

Code Block
ingester:
  config:
     authKeyAdditionalLabels:
        authkey1:
          - name: label1
            value: val1
          - name: label2
            value: val2
     authConfig:   authkey2:
         enabled - name: truelabel1
            authTokenvalue: kfuse-auth-ingestval3
          - name: label4
            value: val4

Restart the ingester post the auth-token changes

Code Block
kubectl -n kfuse rollout restart sts ingester