Telegraf Oauth2 login for Authentik

My telegraf needs to send data to influxdb V2 that is behind Traefik with Authentik forward auth.
I think this means it will have to authenticate as an Oauth2 user to reach influx.

What do I need to add to my conf file to do this?
Currently I have:

[[outputs.influxdb_v2]]
  urls = ["https://systemmonitoring.influxv2.mydomain.com"]
  token = "###########my token#########"
  organization = "systemmonitoring"
  bucket = "Server_####.####"

Thanks

I don’t believe this is possible. We expect to connect directly to the output. @srebhan is it?

We do have a oauth2 secret store which allows getting credentials from oauth2 service, but that is not what you are after in this case.

Okay thanks for the info.
I’ll try and expose it on a second router via Traefik. One for the Influx webui and one for the Telegraf connection that isn’t on Authentik

Is basic auth possible or are you saying there’s no method of any type auth?
I see you was involved in a similar thread on github a while back

Thanks

If your system can read a token via a header value it might be possible. I have not tried this before.

Okay thanks,
I have a work around now. I can output with outputs.mqtt or outputs.http and ingest that with NodeRed. At that point it is within my docker network and doesn’t need to authenticate to reach influx.

Frustratingly, outputs.http has sections for basic auth and Oauth & outouts.influxdb for V1.x has basic auth

Thanks for the help, saved me endlessly trying to figure it out

1 Like

@jpowers I’m not sure, but we could use the http output, which now supports secrets in headers, and directly feed the serialized line-protocol to the write endpoint. This way, the user can add the custom authentication header for Traefik… Does that make sense?