To configure cortex-tenant, refer to configuration. When proxying the timeseries to Grafana Mimir, you can configure cortex-tenant to use specified labels as the X-Scope-OrgID header. Note: cortex-tenant is a third-party community project that is not maintained by Grafana Labs. In trusted environments where you want to split series on Prometheus labels, you can run cortex-tenant between a Prometheus server and Grafana Mimir. To configure the X-Scope-OrgID header directly, the remote write configuration block includes the following parameters: headers:Įxtracting tenant ID from Prometheus labels To use basic authentication with a username and password stored in a file, the remote write configuration block includes the following parameters: basic_auth: ![]() To use bearer authentication with a token stored in a file, the remote write configuration block includes the following parameters: authorization: Configuring Prometheus remote writeįor more information about Prometheus remote write configuration, refer to remote write. To protect Grafana Mimir from accidental or malicious calls, you must add a layer of protection such as a reverse proxy that authenticates requests and injects the appropriate tenant ID into the X-Scope-OrgID header. When you specify tenant IDs, separate them with a pipe ( |) character in the X-Scope-OrgID header, as in the example X-Scope-OrgID: tenant-1|tenant-2|tenant-3. You can federate queries across multiple tenants by using true in -tenant-federation.enabled=true. The query takes the tenant ID from the X-Scope-OrgID parameter that exists in the HTTP header of each request, for example X-Scope-OrgID. ![]() Grafana Mimir is a multi-tenant system where tenants can query metrics and alerts that include their tenant ID. Open source Grafana Mimir authentication and authorization
0 Comments
Leave a Reply. |