Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
    prometheus.yml:
      remote_write:
      - url: https://<customer>.kloudfuse.io/ingester/write
        authorization:
          credentials: <AUTH_TOKEN>

If you’re using prometheus operator, please refer to the configuration below

Code Block
remoteWrite:
  - authorization:
      credentials:
        key: authToken
        name: kf-auth-ingest
    url: https://<customer>.kloudfuse.io/ingester/write

Fluent Bit

Update/Add the following Headers field with AUTH_TOKEN replaced with the one generated in step 1, in the HTTP plugin section of the fluent-bit configuration file as shown below:

Code Block
    [OUTPUT]
        Name http
        Match <match_pattern>
        Host <kfuse_ingress_ip>
        Port 443
        TLS on
        URI /ingester/v1/fluent_bit
        Headersheader Kf-Api-Key <AUTH_TOKEN>

Fluentd

...

Code Block
apiVersion: v1
kind: Secret
metadata:  
  name: kfuse-auth-ingest
type: Opaque
data:
  authToken: <AUTH_TOKEN_ENCODED>

...

Multiple Authorization Keys

Panel
panelIconIda63e4601-9a66-470d-901e-7e5d511e5403
panelIcon:new:
panelIconText:new:
bgColor#DEEBFF

New feature available in Release 2.7.2

You can configure multiple authorization tokens inside the secret. These tokens can contain any string value, and can be used as a human-readable identifier to reference the auth token.

Here, line 8 specifies the second key, authkey2.

Code Block
apiVersion: v1
kind: Secret
metadata:  
  name: kfuse-auth-ingest
type: Opaque
data:
  authkey1: <AUTH_TOKEN_ENCODED>
  authkey2: <AUTH_TOKEN_ENCODED2>

Remember to update the custom-values.yaml file to include following in the ingester config section:

...

to enable ingestion authentication:

Code Block
global:
  authConfig:
    enabled: true


Configuration of Additional Labels based on Auth Token

From Kloudfuse 2.7.2 onwards, additional labels can be configured to be attached to MELT data based on the auth token used by the incoming payload.

To configure these labels, add the following in the custom-values.yaml (replace accordingly). Take note that the same keys are used in the secret and the ingester config.

Code Block
ingester:
  config:
     authKeyAdditionalLabels:
        authkey1:
          - name: label1
            value: val1
          - name: label2
            value: val2
        authkey2:
          - name: label1
            value: val3
          - name: label4
            enabled: truevalue: val4 

Restart the ingester post the auth-token changes

Code Block
kubectl -n kfuse rollout restart sts ingester