Comments (6)
Thanks for explaining your usecase. Given that this gateway is fairly simple and only a few lines of code I'd recommend you to fork it for your own needs. As of now we don't want to add more features so that we can keep it as straight forward as possible.
Keep in mind that the Cortex team is also going to develop an official gateway maybe your usecase can be considered there?
from cortex-gateway.
Okay. I understand that. Thank you for taking the time to understand my use case.
About the cortex team working on official gateway. Is there a work in progress repo or a formal announce page where I can learn more ?
Appreciate all the help.
from cortex-gateway.
Hi,
I am struggling to understand the usecase for your request.
This gateway can be run in untrusted environments and therefore it is not supposed to accept other X-Scope-OrgID
headers.
from cortex-gateway.
@weeco Thank you for quick turnaround.
My use case is so, I am passing the orgId with a valid jwt token. I am assuming that the trust is established once the jwt is verified. After verification the orgId coming from upstream is okay to be allowed. Am I understanding this correctly?
from cortex-gateway.
Hi @weeco,
Please let me explain the complete scenario.
I have prometheus servers sending metrics to a back end cortex setup via cortex-gw. Since prometheus does not allow adding custom payload, I am creating a token for all my prometheus servers with a dummy tenantid:0
and expecting it reset it the receiver side. The private-key to this is not shared with any of the senders and only available to cortex-gw for decrypting the incoming bearer token.
Further, on the cortex-gw side, I have an ingress receiving the traffic and adding the right header like so
nginx.ingress.kubernetes.io/configuration-snippet: "proxy_set_header X-Scope-OrgID {{ .Values.tenant.id }};"
.
The data is then forwarded from ingress to cortex-gw.
Problem is, the cortex-gw replaces this X-Scope-OrgID
with the tenant id that I am sending encoded in the bearer token.
I understand that you have designed the cortex-gw to provide tenantid from the senders side. But I had to do this work around as the sender is prometheus which does not allow to add tenantid in the header. Also this design makes sure that the private key is not shared anywhere.
To summarize. -- prometheusServer(bearer token with dummy tenantid = 0) --> Ingress(adding the desired X-Scope-OrgID
) --> Cortex-gw(replacing the X-Scope-OrgID
with value 0
)
Is there anything we can do to address this use case ? Any help is appreciated.
Best
from cortex-gateway.
@gauscian I think there's no dedicated issues in the Cortex repo, just some note here and there (in their slack and in the grafana blog), see: https://grafana.com/blog/2020/01/21/the-future-of-cortex-into-the-next-decade/
If you can't find an issue for the gateway I think you can submit an issue for it in the Cortex repo or just ask in their slack for it. Closing this issue for now.
from cortex-gateway.
Related Issues (8)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cortex-gateway.