kube-rbac-proxy icon indicating copy to clipboard operation
kube-rbac-proxy copied to clipboard

Published 20 hours ago verified publisher icon brancz

Accept Multi Values in One Header When Using byHttpHeader

Open Kirchen99 opened this issue 2 years ago • 3 comments

Description

This PR extends the feature in https://github.com/brancz/kube-rbac-proxy/pull/104. With a "separator" in the config the header value can be split.

e.g.

"authorization":
  "resourceAttributes":
    "apiVersion": "metrics.k8s.io/v1beta1"
    "namespace": "{{ .Value }}"
    "resource": "pods"
  "rewrites":
    "byHttpHeader":
      "name": "X-Scope-OrgID"
      "separator": "|"

Motivation

We also put kube-rbac-proxy in front of Loki (https://grafana.com/docs/loki/latest/). And Loki 2.6 enabled multi-tenant queries: https://grafana.com/blog/2022/07/27/grafana-loki-2.6-release/

The required format from loki is like this:

curl -H 'X-Scope-OrgID:Tenant1|Tenant2|Tenant3' \
  -G -s "http://localhost:3100/loki/api/v1/query" \
  --data-urlencode \
  'query=sum(rate({job="varlogs"}[10m])) by (level)' | jq

Kirchen99 avatar Dec 23 '22 11:12 Kirchen99

Hi,

this commit that is merged into kube-rbac-proxy enables to specify the same header several times and all of them should be taken into consideration:

https://github.com/brancz/kube-rbac-proxy/pull/171/commits/9fd649a785d49c2dba34a920e857c11a7a95ce99

Is this enough to satisfy your needs?

ibihim avatar Apr 05 '23 13:04 ibihim

Hi,

this commit that is merged into kube-rbac-proxy enables to specify the same header several times and all of them should be taken into consideration:

9fd649a

Is this enough to satisfy your needs?

Not really. We use kube-rbac-proxy for Grafana Loki. Grafana Loki accepts only one header value and separating their names by the | character.

Maybe I should have a look at Grafana Loki, if it is possible to make a PR to let it accept same header several times.

Here is the document from Grafana Loki:

Here is a standard LogQL query to Tenant1:

curl -H 'X-Scope-OrgID:Tenant1 -G -s  "http://localhost:3100/loki/api/v1/query" \
  --data-urlencode \
  'query=sum(rate({job="varlogs"}[10m])) by (level)' | jq

Getting to a multi-tenant query is simple! Just make a small change to the X-Scope-OrgID header, which identifies the tenants you want to query. Specify as many tenants as you need, separating their names by the | character.

In this example, this cross-tenant query is written to target Tenant1, Tenant2, and Tenant3 for the requested data:

curl -H 'X-Scope-OrgID:Tenant1|Tenant2|Tenant3' \
  -G -s "http://localhost:3100/loki/api/v1/query" \
  --data-urlencode \
  'query=sum(rate({job="varlogs"}[10m])) by (level)' | jq

Kirchen99 avatar Apr 05 '23 15:04 Kirchen99

Hi @ibihim, we would also find this feature super helpful, could you maybe look at this PR again?

dbluxo avatar Jul 05 '23 06:07 dbluxo