Helm: Multi-tenant support is broken due to changes in Gateway configuration

[benoitm76]

Describe the bug

I have discovered that the commit with hash d687138 broke the configuration allowing the definition of the HTTP header X-Scope-OrgID. Specifically, another header was defined using the proxy_set_header directive within a sub location block. According to the Nginx documentation:

These directives are inherited from the previous configuration level if and only if there are no proxy_set_header directives defined on the current level.

As a result, the proxy_set_header directive defined in the httpSnippet of the Helm chart is being ignored. Consequently, it is no longer possible to correctly operate the tool in multi-tenant mode. In its current state, it is necessary to rewrite the entire Gateway configuration to properly set the header.

For reference, the line of code causing the issue can be found here.

To Reproduce

Deploy chart using version 6.29.0 or upper. Enable multi tenants, and try to push or retrieve logs to Loki using basic authentication. Loki return an error indicated missing org id (header X-Scope-OrgID missing).

Expected behavior

Logs are pushed in the correct tenant according to basic auth user (Gateway correctly set X-Scope-OrgID).

Environment:

• Infrastructure: Kubernetes 1.30
• Deployment tool: Helm

[bmouquetrss]

Same problem for live trail https://github.com/grafana/loki/blob/main/production/helm/loki/templates/_helpers.tpl#L991

[tongpu]

This change is currently breaking multi-tenant setups using Loki OSS, but I suppose it might have been implemented with Loki Enterprise in mind. As a user of Loki OSS I would be happy if this change could be rolled back and implemented in another way.

[jkroepke]

Fixed in https://github.com/grafana/loki/pull/18414