Uploaded image for project: 'Network Observability'
  1. Network Observability
  2. NETOBSERV-489

Use console-plugin authorize API

    • NetObserv - Sprint 223, NetObserv - Sprint 224, NetObserv - Sprint 225

      The console dynamic plugin API provide an authorize feature to get a bearer token from a user:
      https://github.com/openshift/enhancements/blob/master/enhancements/console/dynamic-plugins.md

      We can use this token to authenticate the user to loki instead of relying on a static token.

       

      After discussion in the pull request, the task will introduce a small breaking change in the flowcollector CRD.
      The bool loki.SendAuthToken will become an enum called AuthToken:

      • DISABLED is equivalent to when SendAuthToken was set to false
      • HOST is equivalent to when SenDAuthToken was set to true
      • FORWARD is the new mode forwarding the user auth token

       

      Instead of granting the console-plugin service account access to loki, now you need to grant each user access to loki.

      The loki service account does not need access anymore to loki. Note that the kubeadmin user already has access to it.

        1. clusterRoleBinding-FORWARD.yaml
          0.5 kB
          Mehul Modi
        2. clusterRoleBinding-HOST.yaml
          0.6 kB
          Mehul Modi

            ocazade@redhat.com Olivier Cazade
            ocazade@redhat.com Olivier Cazade
            Amogh Rameshappa Devapura Amogh Rameshappa Devapura
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: