36 other auth solutions for dashboards #42
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Hasan Eroglu <[email protected]>
Signed-off-by: Hasan Eroglu <[email protected]>
Signed-off-by: Hasan Eroglu <[email protected]>
Signed-off-by: Hasan Eroglu <[email protected]>
egekorkan
reviewed
Sep 19, 2024
docker-compose-infra.yml
Outdated
| @@ -37,6 +35,24 @@ services: | |||
| reservations: | |||
| cpus: '0.05' | |||
| memory: 50M | |||
| test-things-auth: | |||
| image: thomseddon/traefik-forward-auth:2-arm64 | |||
There was a problem hiding this comment.
Will need to check if we can use the arm image
There was a problem hiding this comment.
This repo for forward auth is not very well managed, even though this says arm64 all the images in Docker Hub are amd64. I can rename this.
Signed-off-by: Hasan Eroglu <[email protected]>
|
In today's meeting, the idea was to use the github teams after asking Eclipse. This can be easily added during deployment via role attribute field |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #36.
Here, I added a forward auth mechanism. Therefore traefik forwards requests for prometheus, cadvisor and traefik to GitHub authentication. We need to set an environment variable (WHITELISTED_EMAILS) to whitelist emails. Also, we need to create a GitHub OAuth application and use its configuration to successfully log in.
Grafana and Portainer use their own authentication mechanisms and we need to configure them using their UIs. For Grafana, it is possible to give permissions depending on the user's GitHub data. A simple role attribute path would be
[email==<USER_EMAIL>] && 'Admin' || 'Viewer'to give specific USER_EMAIL admin permissions and all other viewer permissions. Check Grafana documentation for more details. Furthermore, it is possible to create teams and limit access to dashboards to certain teams and users.