studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use Kratos session auth for observability endpoints

Browse Source 
Observability routes (systemmetrics, systemlogs, systemtracing) use
Kratos /sessions/whoami for auth_request — validates browser session
cookies scoped to the parent domain. Admin API routes (id, hydra,
search, vault) keep Hydra /userinfo for Bearer token auth (CLI access).
This commit is contained in:
Sienna Meridian Satterwhite
2026-03-24 13:58:34 +00:00
parent 0498d1c6b3
commit 4c02fe18ed
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
base/ingress/pingora-config.yaml
View File

@@ -230,7 +230,7 @@ data:
[[routes.paths]]
prefix = "/"
backend = "http://kube-prometheus-stack-prometheus.monitoring.svc.cluster.local:9090"
auth_request = "http://hydra-public.ory.svc.cluster.local:4444/userinfo"
auth_request = "http://kratos-public.ory.svc.cluster.local/sessions/whoami"
[[routes]]
host_prefix = "systemlogs"
@@ -239,7 +239,7 @@ data:
[[routes.paths]]
prefix = "/"
backend = "http://loki-gateway.monitoring.svc.cluster.local:80"
auth_request = "http://hydra-public.ory.svc.cluster.local:4444/userinfo"
auth_request = "http://kratos-public.ory.svc.cluster.local/sessions/whoami"
[[routes]]
host_prefix = "systemtracing"
@@ -248,7 +248,7 @@ data:
[[routes.paths]]
prefix = "/"
backend = "http://tempo.monitoring.svc.cluster.local:3200"
auth_request = "http://hydra-public.ory.svc.cluster.local:4444/userinfo"
auth_request = "http://kratos-public.ory.svc.cluster.local/sessions/whoami"
[[routes]]
host_prefix = "livekit"