Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use mTLS client cert auth for promtail->loki communication #1809

Open
arturrez opened this issue Apr 27, 2024 · 0 comments
Open

Use mTLS client cert auth for promtail->loki communication #1809

arturrez opened this issue Apr 27, 2024 · 0 comments
Assignees
@arturrez

Comments

@arturrez
Copy link
Collaborator

currently loki is exposed to 0.0.0.0 via HTTP
we should move it to HTTPs
we should use TLS client cert similar to https://community.grafana.com/t/client-certificate-authentication-between-promtail-and-loki/78431 to protect LOKI endoint from public access.
Grafana should be configured to continue using http port with no auth as traffic there is local
@arturrez arturrez self-assigned this Apr 27, 2024
@arturrez arturrez changed the title Use TLS client cert auth for promtail->loki communication Use mTLS client cert auth for promtail->loki communication Apr 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arturrez arturrez

Labels
None yet
Projects
Platform Engineering Group
Status: Backlog 🗄️
Milestone
No milestone
Development

No branches or pull requests
1 participant
@arturrez