...
| Code Block |
|---|
[OUTPUT]
Name http
Match <match_pattern>
Host <kfuse_ingress_ip>
Port 443
TLS on
URI /ingester/v1/fluent_bit
header Kf-Api-Key <AUTH_TOKEN> |
Using Kubernetes Secret for setting the Kf-Api-Key
Create a secret as following
| Code Block |
|---|
apiVersion: v1
kind: Secret
metadata:
name: <<secret-name>>
type: Opaque
data:
AUTH_KEY_ENV: AUTH_TOKEN_ENCODED |
Update the fluent-bit helm custom-values.yaml as below
| Code Block |
|---|
env:
- name: AUTH_KEY_ENV
valueFrom:
secretKeyRef:
name: <<secret-name>>
key: AUTH_KEY_ENV
config:
outputs: |
[OUTPUT]
Name http
Header Kf-Api-Key ${AUTH_KEY_ENV}
Match *
Host swapnil-dev.kloudfuse.io
Port 443
TLS on
URI /ingester/v1/fluent_bit
Format {json|json_lines|json_stream|msgpack} |
Fluentd
Update/Add the fluentd output http plugin configuration to add a “headers" field as described below using the Kf-Api-Key and AUTH_TOKEN:
...
| Code Block |
|---|
apiVersion: v1 kind: Secret metadata: name: kfuse-auth-ingest type: Opaque data: authToken: <AUTH_TOKEN_ENCODED> |
...
Multiple Authorization Keys
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
New feature available in Release 2.7.2 |
...
You can configure multiple authorization tokens inside the secret. These tokens can contain any string value, and can be used as a human-readable identifier to reference the auth token.
Here, line 8 specifies the second key, authkey2.
| Code Block |
|---|
apiVersion: v1 kind: Secret metadata: name: kfuse-auth-ingest type: Opaque data: authkey1: <AUTH_TOKEN_ENCODED> authkey2: <AUTH_TOKEN_ENCODED2> |
Update Remember to update the custom-values.yaml file to enable ingestion authentication:
...