GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → k8spin → loki-multi-tenant-proxy

k8spin / loki-multi-tenant-proxy

Licence: GPL-3.0 license
Grafana Loki multi-tenant Proxy. Needed to deploy Grafana Loki in a multi-tenant way

Programming Languages

go
31211 projects - #10 most used programming language
Dockerfile
14818 projects

Labels

kubernetesmulti-tenantproxygrafanalokigrafana-lokipromtail

Projects that are alternatives of or similar to loki-multi-tenant-proxy

gimlet-stack
Bootstrap curated Kubernetes stacks. Logging, metrics, ingress and more - delivered with gitops.
Stars: ✭ 12 (-75%)
Mutual labels:  grafana, loki
dashflare
🕵🏼‍♀️ Open Source and privacy-focused analytics solution. 📊 Advanced monitoring for your website behind Cloudflare
Stars: ✭ 78 (+62.5%)
Mutual labels:  grafana, grafana-loki
winston-loki
Grafana Loki transport for the nodejs logging library Winston.
Stars: ✭ 55 (+14.58%)
Mutual labels:  loki, grafana-loki
loki exporter
Prometheus exporter to collect metrics and run queries against the Grafana Loki API.
Stars: ✭ 28 (-41.67%)
Mutual labels:  grafana, loki
VictoriaLogs
Loki On VictoriaMetrics
Stars: ✭ 58 (+20.83%)
Mutual labels:  grafana, loki
Loki
Like Prometheus, but for logs.
Stars: ✭ 14,483 (+30072.92%)
Mutual labels:  grafana, loki
serilog-sinks-grafana-loki
A Serilog sink sending log events to Grafana Loki
Stars: ✭ 55 (+14.58%)
Mutual labels:  grafana, loki
dns-collector
Aggregator, analyzer, transporter and logging for your DNS logs
Stars: ✭ 58 (+20.83%)
Mutual labels:  grafana, loki
paStash
pastaʃ'ʃ = Spaghetti I/O Event Data Processing, Interpolation, Correlation and beyond 🍝
Stars: ✭ 89 (+85.42%)
Mutual labels:  loki, grafana-loki
monitoring-rancher
🤠How to Set up Rancher Server Monitoring with TIG Stack?
Stars: ✭ 22 (-54.17%)
Mutual labels:  grafana
fronius-to-influx
Collect Fronius inverter data and save in Influxdb for Grafana
Stars: ✭ 31 (-35.42%)
Mutual labels:  grafana
grafonnet-playground
Playground for grafanna with jsonnet
Stars: ✭ 25 (-47.92%)
Mutual labels:  grafana
grafana-dashboards
List of Grafana Dashboards 📺
Stars: ✭ 120 (+150%)
Mutual labels:  grafana
qa-automation-base
There are basic projects for automation frameworks based on Kotlin/Java and TypeScript for the backend, frontend, and mobile.
Stars: ✭ 45 (-6.25%)
Mutual labels:  grafana
Loki.Rat
Loki.Rat is a fork of the Ares RAT, it integrates new modules, like recording , lockscreen , and locate options. Loki.Rat is a Python Remote Access Tool.
Stars: ✭ 63 (+31.25%)
Mutual labels:  loki
django-template
The ultimate Django template: production ready Django 3.2 with Docker, HTTPS and CI/CD using Github actions ‎️‍🔥
Stars: ✭ 20 (-58.33%)
Mutual labels:  grafana
docker-telegraf-influxdb-grafana
Docker Image with Telegraf, InfluxDB and Grafana
Stars: ✭ 17 (-64.58%)
Mutual labels:  grafana
envsensor-observer-py
Python Bluetooth low energy observer example for OMRON Environment Sensor (2JCIE-BL01)
Stars: ✭ 31 (-35.42%)
Mutual labels:  grafana
Book k8sInfra
< 컨테이너 인프라 환경 구축을 위한 쿠버네티스/도커 >
Stars: ✭ 176 (+266.67%)
Mutual labels:  grafana
docker-monitoring-windows
Monitor your Docker containers using prometheus, cAdvisor , node-exported and grafana on Windows
Stars: ✭ 49 (+2.08%)
Mutual labels:  grafana
View All Similar Projects ➔

Grafana Loki - Multi tenant proxy

This project has been developed to make easy to deploy a Grafana Loki Server in a multi-tenant way.

There is a lot of understanding about how it works.

This works is almost based on this issue comment.

What is it?

It is a basic golang proxy. It does basic auth, logs the requests and serves as a loki reverse proxy. I think this is the very core functionallity needed to manage a multi-tenant service.

Actually, Grafana loki does not check the auth of any request. The multi-tenant mechanism is based in a request header: X-Scope-OrgID. So, if you have untrusted tenants, you have to ensure a tenant uses it's own tenant-id/org-id and does not use any id of other tenants.

Requirements

To use this proxy, you have to configure your Grafana Loki server with auth_enabled: true as described in the offical docs.

Then put the proxy in front of your Grafana Loki server instance, configure the auth proxy configuration, and run it.

Run it

$ loki-multi-tenant-proxy run --loki-server http://localhost:3500 --port 3501 --auth-config ./my-auth-config.yaml

Where:

  • --port: Port used to expose this proxy.
  • --loki-server: URL of your grafana loki instance.
  • --auth-config: Authentication configuration file path.

Configure the proxy

The auth configuration is very simple. Just create a yaml file my-auth-config.yaml with the following structure:

// Authn Contains a list of users
type Authn struct {
	Users []User `yaml:"users"`
}

// User Identifies a user including the tenant
type User struct {
	Username string `yaml:"username"`
	Password string `yaml:"password"`
	OrgID    string `yaml:"orgid"`
}

An example is available at configs/multiple.user.yaml file:

users:
  - username: User-a
    password: pass-a
    orgid: tenant-a
  - username: User-b
    password: pass-b
    orgid: tenant-b

A tenant can contains multiple users. But a user is tied to a simple tenant.

Configure the Grafana Loki clients, promtail

The default promtail configuration does not have any auth definition, so, after deploy this proxy you have to configure the promtail client configuration to point to this reverse proxy instead of pointing to the original grafana loki server.

Then, dont forget to setup your credential configuration. A simple multi-tenant promtail configuration should looks like:

server:
  http_listen_port: 9080
  grpc_listen_port: 0
client:
  url: http://loki-multi-tenant-proxy:3501/api/prom/push
  basic_auth:
    username: User-a
    password: pass-a
scrape_configs:
  - job_name: logs
    static_configs:
      - targets:
          - localhost
        labels:
          job: logs
          __path__: /var/logs/*

Note the client configuration. The original (single tenant) configuration was something similar to:

client:
  url: http://loki-server:3500/api/prom/push

Build it

If you want to build it from this repository, follow the instructions bellow:

$ docker run -it --entrypoint /bin/bash --rm golang:latest
root@6985c5523ed0:/go# git clone https://github.com/k8spin/loki-multi-tenant-proxy.git
Cloning into 'loki-multi-tenant-proxy'...
remote: Enumerating objects: 88, done.
remote: Counting objects: 100% (88/88), done.
remote: Compressing objects: 100% (64/64), done.
remote: Total 88 (delta 26), reused 78 (delta 20), pack-reused 0
Unpacking objects: 100% (88/88), done
root@6985c5523ed0:/go# cd loki-multi-tenant-proxy/cmd/loki-multi-tenant-proxy/
root@6985c5523ed0:/go# go build
go: finding github.com/urfave/cli v1.21.0
go: finding gopkg.in/yaml.v2 v2.2.2
go: finding github.com/BurntSushi/toml v0.3.1
go: finding gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405
go: downloading github.com/urfave/cli v1.21.0
go: downloading gopkg.in/yaml.v2 v2.2.2
go: extracting github.com/urfave/cli v1.21.0
go: extracting gopkg.in/yaml.v2 v2.2.2
root@6985c5523ed0:/go# ./loki-multi-tenant-proxy
NAME:
   Loki Multitenant Proxy - Makes your Loki server multi tenant

USAGE:
   loki-multi-tenant-proxy [global options] command [command options] [arguments...]

VERSION:
   dev

AUTHOR:
   Ángel Barrera - @angelbarrera92

COMMANDS:
   run      Runs the Loki multi tenant proxy
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --help, -h     show help
   --version, -v  print the version

Build the container image

If you want to build a container image with this proxy, simply run:

$ docker build -t loki-multi-tenant-proxy:local -f build/package/Dockerfile .

After built, just run it:

$ docker run --rm loki-multi-tenant-proxy:local
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].