...
Code Block |
---|
prometheus.yml: remote_write: - url: https://<customer>.kloudfuse.io/ingester/write authorization: credentials: <AUTH_TOKEN> |
If you’re using prometheus operator, please refer to the configuration below
Code Block |
---|
remoteWrite:
- authorization:
credentials:
key: authToken
name: kf-auth-ingest
url: https://<customer>.kloudfuse.io/ingester/write
|
Fluent Bit
Update/Add the following Headers
field with AUTH_TOKEN
replaced with the one generated in step 1, in the HTTP
plugin section of the fluent-bit configuration file as shown below:
Code Block |
---|
[OUTPUT] Name http Match <match_pattern> Host <kfuse_ingress_ip> Port 443 TLS on URI /ingester/v1/fluent_bit Headersheader Kf-Api-Key <AUTH_TOKEN> |
Fluentd
...
Code Block |
---|
apiVersion: v1 kind: Secret metadata: name: kfuse-auth-ingest type: Opaque data: authToken: <AUTH_TOKEN_ENCODED> |
...
Multiple Authorization Keys
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
New feature available in Release 2.7.2 |
You can configure multiple authorization tokens inside the secret. These tokens can contain any string value, and can be used as a human-readable identifier to reference the auth token.
Here, line 8 specifies the second key, authkey2
.
Code Block |
---|
apiVersion: v1
kind: Secret
metadata:
name: kfuse-auth-ingest
type: Opaque
data:
authkey1: <AUTH_TOKEN_ENCODED>
authkey2: <AUTH_TOKEN_ENCODED2> |
Remember to update the custom-values.yaml
file to include following in the ingester config section:
...
to enable ingestion authentication:
Code Block |
---|
global:
authConfig:
enabled: true |
Configuration of Additional Labels based on Auth Token
From Kloudfuse 2.7.2 onwards, additional labels can be configured to be attached to MELT data based on the auth token used by the incoming payload.
To configure these labels, add the following in the custom-values.yaml (replace accordingly). Take note that the same keys are used in the secret and the ingester config.
Code Block |
---|
ingester: config: authKeyAdditionalLabels: authkey1: - name: label1 value: val1 - name: label2 value: val2 authkey2: - name: label1 value: val3 - name: label4 enabled: truevalue: val4 |
Restart the ingester post the auth-token changes
Code Block |
---|
kubectl -n kfuse rollout restart sts ingester |