cortex-tenant
cortex-tenant copied to clipboard
blind-oracle
Basic Auth support
Hi, our central cortex/mimir cluster is basic-auth protected, could cortex-tenant be configured to read a k8s secret containing username/password ?
Topology would be like: (local (prometheus) -> (cortex-tenant)) -----> (remote (cortex basic-auth ingress))
another possible way is to have cortex-tenant in the remote cluster (with a basic-auth ingress) absorbing all traffic form all clusters, but then I'm afraid it will be a bottleneck
I would also like to have this feature to be able to deploy cortex-tenant on remote clusters having to communicate with basic auth protected ingress. @blind-oracle Can I suggest a PR for this ? If so, any contributing guidelines ?
@stevenbressey @fculpo I've pushed a new release with HTTP basic auth support in egress, please try if that suits you. I can add HTTP auth for ingress too a bit later.
@stevenbressey No problem, be advised though that I never tried if it works, but according to specification it should :)
I am wondering how everyone is managing authentication for tenants? Mimir/cortex only ships with basic pw auth, not configurable per tenant so one must spin up something like nginx themselves and manually configure, but then how would cortex-tenant auth to it (per tenant) if that were the case?
