Compare languages | The log-shipper module: FAQ

Как добавить авторизацию в ресурс ClusterLogDestination?

How to add authorization to the ClusterLogDestination resource?

Чтобы добавить параметры авторизации в ресурс ClusterLogDestination, необходимо:

  • изменить протокол подключения к Loki на HTTPS;
  • добавить секцию auth, в которой:
  • параметр strategy установить в Bearer;
  • в параметре token указать токен log-shipper-token из пространства имен d8-log-shipper.

To add authorization parameters to the ClusterLogDestination resource, you need to:

  • change the connection protocol to Loki to HTTPS
  • add the auth section, in which:
  • the strategy parameter should be set to Bearer;
  • the token parameter should contain the log-shipper-token token from the d8-log-shipper namespace.

Пример:

For example:

  • Ресурс ClusterLogDestination без авторизации:
  • ClusterLogDestination resource without authorization:

yaml apiVersion: deckhouse.io/v1alpha1 kind: ClusterLogDestination metadata: name: loki spec: type: Loki loki: endpoint: “http://loki.d8-monitoring:3100”

yaml apiVersion: deckhouse.io/v1alpha1 kind: ClusterLogDestination metadata: name: loki spec: type: Loki loki: endpoint: “http://loki.d8-monitoring:3100”

  • Получите токен log-shipper-token из пространства имен d8-log-shipper:
  • Get the log-shipper-token token from the d8-log-shipper namespace:

bash kubectl -n d8-log-shipper get secret log-shipper-token -o jsonpath=’{.data.token}’ | base64 -d

bash kubectl -n d8-log-shipper get secret log-shipper-token -o jsonpath=’{.data.token}’ | base64 -d

  • Ресурс ClusterLogDestination с авторизацией:
  • ClusterLogDestination resource with authorization:

yaml apiVersion: deckhouse.io/v1alpha1 kind: ClusterLogDestination metadata: name: loki spec: type: Loki loki: endpoint: “https://loki.d8-monitoring:3100” auth: strategy: “Bearer” token: tls: verifyHostname: false verifyCertificate: false

yaml apiVersion: deckhouse.io/v1alpha1 kind: ClusterLogDestination metadata: name: loki spec: type: Loki loki: endpoint: “https://loki.d8-monitoring:3100” auth: strategy: “Bearer” token: tls: verifyHostname: false verifyCertificate: false