Skip to content

Authentication Examples

Secure your Jaeger deployment with authentication and authorization.

Basic Authentication

Simple username/password authentication.

basic-auth-values.yaml
# Default values for jaeger.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
jaeger:
  storage:
    type: cassandra

cassandraSchemaJob:
  host: cassandra.cassandra.svc
  keyspace: jaeger
  password: admin
  username: admin
  datacenter: dc1

  # This parameter responsible for with either with SimpleStrategy (without replication)
  # or with NetworkReplicationStrategy (with replication):
  # * prod - will use NetworkReplicationStrategy
  # * test - will use SimpleStrategy
  mode: prod

collector:
  install: true

query:
  install: true

proxy:
  install: true

  # Enable basic auth type
  type: basic
  basic:
    users:
    # Contains string with "<username>:<password>" encoded in base64
    # Some values can be specified during deploy, for example:
    # - YWRtaW46YWRtaW4=    # admin:admin
    # - dGVzdDp0ZXN0        # test:test
    - YWRtaW46YWRtaW4=
  resources:
    limits:
      cpu: 100m
      memory: 200Mi
    requests:
      cpu: 50m
      memory: 100Mi

Key parameters: - proxy.type: basic - Enables basic authentication - proxy.basic.users - base64 encoded credentials - Proxy acts as authentication gateway

Creating credentials: 

# Encode username:password
echo -n "admin:admin" | base64
# Output: YWRtaW46YWRtaW4=

OAuth2 Authentication

Enterprise OAuth2 integration with external providers.

oauth2-values.yaml
# Default values for jaeger.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
jaeger:
  storage:
    type: cassandra

cassandraSchemaJob:
  host: cassandra.cassandra.svc
  keyspace: jaeger
  password: admin
  username: admin
  datacenter: dc1

  # This parameter responsible for with either with SimpleStrategy (without replication)
  # or with NetworkReplicationStrategy (with replication):
  # * prod - will use NetworkReplicationStrategy
  # * test - will use SimpleStrategy
  mode: prod

collector:
  install: true

query:
  install: true

proxy:
  install: true

  # Enable OAuth2
  type: oauth2
  oauth2:
    tokenEndpoint: https://example-url.com/token
    authorizationEndpoint: https://example-url.com/auth
    clientId: envoy
    clientToken: envoy
    idpAddress: example-url.com
    idpPort: 80
  resources:
    limits:
      cpu: 100m
      memory: 200Mi
    requests:
      cpu: 50m
      memory: 100Mi

Key parameters: - proxy.type: oauth2 - Enables OAuth2 authentication - oauth2.issuerUrl - Identity provider endpoint - oauth2.allowedUsers - Authorized user emails - oauth2.allowedGroups - Authorized groups

Usage

  1. Choose authentication method
  2. Update configuration parameters
  3. Create required secrets:
# For OAuth2
kubectl create secret generic oauth2-config \
  --from-literal=client-secret=your-secret
  1. Deploy with Helm:
helm install jaeger qubership-jaeger/qubership-jaeger -f auth-values.yaml