Hello there,
I’m trying to remove the mimir-gateway from the equation when using Alloy as a receiver which then sends the data directly to Mimir.
Currently the Gateway is used because it has some nginx checks for the x-scope-orgid header, like if there are multiple or none then do something.
Is there some way to do the same with Alloy directly?
Check and validate if a header or a specific metadata key has a specific value or not, or the header received via otelcol.receiver.otlp > otelcol.processor.batch for example?
So… a client sends it’s OTLP in either gRCP or HTTP to Alloy with or without the x-scope-orgid or an empty x-scope-orgid, and that Alloy is somehow able to see this, and if that is the case rename it to something like anonymouse or unknown?
But, when it is set, or when it has a value, then just take that and use it when sending it to the Mimir distributor.
My main reason is, that we see some high InterAZ traffic, and we want to minimize that by not having something in between Alloy and Mimir.
For some endpoints on Alloy we can already do this, because we determine the tenant hardcoded our self, but for some others we can not.
Thanks in advance!
Cheers,
BlackDex
I am not quite sure what you are asking actually. Are you asking if you can send directly to Mimir (with auth enabled presumably) without using an authentication gateway?
From the scenario you described I don’t think it makes sense. Your downstream applications shouldn’t have nor need the knowledge of which tenant to send the data to. That is up to you, the administrator, to decide. Also, in terms of network infrastructure, if you are concerned about intra-AZ traffic, you can always make sure to have multiple proxies (one per AZ) and direct traffic accordingly (might need an NLB in the front).
Well, there are multiple deployments which send data, these are enrolled via automation mainly. And in these deployments is an other alloy running which send metrics, logs and traces.
Some logs might have a different tenant based upon some variables. And also some systems not in our control which can send data in otlp format which are allowed to send there own tenant, and therefore we do not known it upfront.
And in the spirit of easy debugging i hoped i was able to catch this if something is wrong and redirect it to anonymous or something.
For some items using a specific endpoint with a fixed tenant is possible, but not for all unfortunately.
