How to add authorization to the ClusterLogDestination resource?

To add authorization parameters to the ClusterLogDestination resource, you need to:

  • change the connection protocol to Loki to HTTPS
  • add the auth section, in which:
    • the strategy parameter should be set to Bearer;
    • the token parameter should contain the log-shipper-token token from the d8-log-shipper namespace.

For example:

  • ClusterLogDestination resource without authorization:

    apiVersion: deckhouse.io/v1alpha1
    kind: ClusterLogDestination
    metadata:
      name: loki
    spec:
      type: Loki
      loki:
        endpoint: "http://loki.d8-monitoring:3100"
    
  • Get the log-shipper-token token from the d8-log-shipper namespace:

    kubectl -n d8-log-shipper get secret log-shipper-token -o jsonpath='{.data.token}' | base64 -d
    
  • ClusterLogDestination resource with authorization:

    apiVersion: deckhouse.io/v1alpha1
    kind: ClusterLogDestination
    metadata:
      name: loki
    spec:
      type: Loki
      loki:
        endpoint: "https://loki.d8-monitoring:3100"
        auth:
          strategy: "Bearer"
          token: <log-shipper-token>
        tls:
          verifyHostname: false
          verifyCertificate: false