Cluster authorization

gagootron · September 24, 2025, 9:08am

How does Alloy control who can join a cluster? It seems to me that there is no auth at all and anybody can join a cluster as long as they can connect to the port.

I guess when you are using Kubernetes you can define network policies that prevent access, but if you deploy on bare metal then there is nothing nearly as secure available without creating a subnet dedicated to Alloy.

Am I understanding this right?

tonyswumac · September 24, 2025, 4:52pm

There is no cluster authentication as far as I can tell. However, when forming a cluster you should specify --cluster.join-addresses using a DNS record, and if you deploy in Kubernetes unless someone manages to alter the service DNS record it shouldn’t be a problem.

Topic		Replies	Views
Alloy UI authentication Grafana Alloy auth	5	539	August 28, 2024
Alloy Clustering Mode on kubernetes Grafana Alloy	2	50	January 12, 2026
Alloy clustering doubts Grafana Alloy	3	1131	August 29, 2024
Clustering Alloy on ECS Grafana Alloy	1	76	December 12, 2025
How does Alloy clustering work if the metrics needs to be pushed into alloy? Grafana Alloy	1	171	August 8, 2024

Cluster authorization

Related topics