Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

At Kloudfuse, you can secure your ingestion paths by adding authentication. Follow these steps to configure it:

Configuration required on Okta and deployment side:

  1. Configure Okta - https://oauth2-proxy.github.io/oauth2-proxy/7.3.x/configuration/oauth_provider/#okta Configure Okta by following the instructions on the provided link from steps 1 to 3.

Note: Under “General”, also set the “Allowed grant types” to Client Credentials.

Note the the Client ID, Client Secret, Audience, and Issuer URI while setting up Okta.

  1. Configure your deployment custom-values.yaml file

kfuse-auth:
  ingestOauthEnabled: true
  oauth2-proxy:
    extraArgs:
      extraJwtIssuers: "Issuer URI=Audience"

Replace Issuer URI and Audience with the actual values obtained from your Okta configuration. The format should follow this structure, for example:

extraJwtIssuers: "https://{okta-domain}.okta.com/oauth2/default=api://your-audience-id""

Configuration required on the otel collector side in the values.yaml file

Follow the steps below to configure the OpenTelemetry Collector to send data securely using OAuth2 authentication. Update the values.yaml file with the appropriate configuration as described.

  1. Configure Exporters - Add the following under the opentelemetry-collector.config.exporters section. This defines the endpoints where the OpenTelemetry Collector sends metrics and traces.

opentelemetry-collector:
  config:
    exporters:
      otlphttp/{deployment-namespace}:
        metrics_endpoint: https://<your-metrics-endpoint>/ingester/otlp/metrics
        traces_endpoint: https://<your-traces-endpoint>/ingester/otlp/traces
        auth: 
          authenticator: oauth2client
  • Replace <your-metrics-endpoint> and <your-traces-endpoint> with the actual URLs of kloudfuse.

  1. Add Required Extensions - Include the oauth2client under the service.extensions section.

service:
  extensions:
  - oauth2client
  1. Configure Extensions - Set up the detailed configurations for the extensions. Add the following under the extensions section:

extensions:
  oauth2client:
    client_id: xxxxx
    client_secret: xxxxx
    token_url: https://{okta-url}.okta.com/oauth2/default/v1/token
    endpoint_params:
      response_type: code
      prompt: none
      access_type: offline
      grant_type: client_credentials
    scopes: ["api.metrics"]
  • Replace <your-client-id> and <your-client-secret> obtained from the previous step.

  • Update <your-okta-url> with your Okta domain or OAuth2 provider.

  1. Setup Pipelines - Specify how metrics, traces, and logs are processed and exported. Add the following under the opentelemetry-collector.config.service.pipelines section:

opentelemetry-collector:
  config:
    service:
      pipelines:
        metrics:
          exporters:
          - otlphttp/{deployment-namespace}
        traces:
          exporters:
          - otlphttp/{deployment-namespace}
  • No labels