Basic auth for distributer receivers #4384
Comments
|
Tempo distributors do not support basic auth. You are correct that a gateway in front like nginx is your best bet. |
|
Hi @joe-elliott, IMHO, it is much more convenient to add basic auth to distributer itself instead of relying on a third party software, Cheers |
|
I'm chatting internally, but I really don't think Tempo wants to get involved with various type of auth. There are so many options and they are likely done better by all of the various reverse proxies out there then implemented directly in Tempo. In our hosted traces offering we use a custom reverse proxy to do auth. It doesn't add much latency. The helm chart also includes an nginx reverse proxy. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Trying to remote write to another tempo cluster over internet, I could not find a way to enable basic auth (without any external component such as nginx). If my approach is wrong I would appreciate it if you could tell me about another solution for this.
Describe the solution you'd like
Having basic auth within the receivers of distributers.
Describe alternatives you've considered
I can use a web server (nginx) to enable basic auth or limit the endpoint with firewall
Also using mTLS would work as well but I do not want the overhead of the encryption, a simple basic auth would suffice.
The text was updated successfully, but these errors were encountered: