Is there any way to dynamically manage loki users based on the tenants?

I need to dynamically manage loki users based on the tenants.
If a tenant is added need to add a new user for that specific tenant and similarly on deletion of that tenant delete that user.

Strictly speaking Loki doesn’t have the concept of users. It simply requires that all requests sent to Loki components have X-Scope-OrgID header if auth is enabled. And if you want to add some sort of authentication and user:tenant mapping it would happen at the frontend (most likely nginx).

We use Nginx with HTTP basic authentication plus a bit of configuration to map user to a tenant ID. So you can potentially build some sort of automation that generate the htpasswd file and nginx configuration and reload Nginx automatically.

1 Like

Thanks a lot, will try the suggested approach

If loki doesn’t have a concept of the user then what does the user signify in config like max_streams_per_user or max_global_streams_per_user?

For those configurations users are synonymous to tenants.

1 Like