Support Jaeger Login/Authentication

[aviranco]

I would like to expose the Jaeger UI with user/password authentication, is it currently possible?
If not, I think it would be really useful so only authorized users can view the logs

[yurishkuro]

it is possible, but it's not a function that Jaeger provides directly. At Uber we run Jaeger UI behind an nginx proxy that is integrated with single sign-on.

[Marusyk]

any plans to add auth for dashboard?

[yurishkuro]

Please see Issue #1718 for the summary of available security mechanisms in Jaeger.

[a1300]

@yurishkuro can you share your nginx revers proxy configuration?
Thanks in advance

[Marusyk]

Hi @a1300, I can share mine if it helps

I have simple basic auth here

apiVersion: v1
kind: Secret
metadata:
  name: basic-auth
type: Opaque
data:
  auth: ZWxhc3RpYzokYXByMSRCMDVsdW1FbSRWNWJkMmVqWE02RXBQVFZWVnVnbE8v
---

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: jaeger-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    certmanager.k8s.io/cluster-issuer: letsencrypt-production
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - ok'
spec:
  tls:
  - hosts:
    - host.com
    secretName: jaeger-crt
  rules:
  - host: host.com
    http:
      paths:
      - path: /jaeger
        backend:
          serviceName: jaeger
          servicePort: 16686

[yurishkuro]

@yurishkuro can you share your nginx revers proxy configuration?

I don't have access to it anymore, and it was not specific to Jaeger, but a general single sign-on for all internal web tools.

[ilyakaznacheev]

Any progress on this topic?

[yurishkuro]

We have no plans to implement login as a standalone feature, there are many existing solutions for that via reverse proxies. We may revisit if/when we support multi-tenancy and need to implement authorization.