-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Jaeger In-depth security #1718
Comments
Is there any documentation/tutorials on this? |
@rubenvp8510 is the bearer token propagation working already? I thought it hasn't been merged yet. |
@jpkrohling it is already working and I added tests here. but not on operator side, which is the current task I'm working on. note that at this moment, token propagation only works on ES, as far as I know there is no plans for support it on cassandra. |
Thanks for the info, @rubenvp8510. I changed the description to strike through the "bearer token propagation" in the Cassandra item (cc @j771). |
How to configure the Agent container to use TLS with client cert authentication? I'm running the Collector with mTLS. How do I tell the agent to use the client certs? |
Aren't these flags what you need?
|
In the 2019-05-04 Jaeger security audit, the auditors wrote:
However, the auditors were concerned with the lack of the actual security mechanisms:
This issue is a checklist of the existing security mechanisms in Jaeger, and any remaining gaps. It is broken into pairwise connections between Jaeger components.
Please refer to Security page in Jaeger documentation for instructions on securing Jaeger installation.
Client to Agent
Agent is deprecated (#1718).
UDP channels - no TLS/authenticationClient to Collector
Agent to Collector
Agent is deprecated (#1718).
Collector/Query to Storage
bearer token propagationBrowser to UI
Consumers to Query Service
The text was updated successfully, but these errors were encountered: