docs/Cluster-VictoriaMetrics.md: document that multitenancy via labels is applied to data ingested via non-http protocols

Updates https://github.com/VictoriaMetrics/VictoriaMetrics/pull/3009
This commit is contained in:
Aliaksandr Valialkin 2023-11-27 11:13:32 +02:00
parent 5ccc22d66d
commit f2346a79b6
No known key found for this signature in database
GPG Key ID: 52C003EE2BCDB9EB
2 changed files with 10 additions and 0 deletions

View File

@ -99,6 +99,11 @@ while the `http_requests_total{path="/bar"} 34` would be stored in the tenant `a
The `vm_account_id` and `vm_project_id` labels are extracted after applying the [relabeling](https://docs.victoriametrics.com/relabeling.html) The `vm_account_id` and `vm_project_id` labels are extracted after applying the [relabeling](https://docs.victoriametrics.com/relabeling.html)
set via `-relabelConfig` command-line flag, so these labels can be set at this stage. set via `-relabelConfig` command-line flag, so these labels can be set at this stage.
The `vm_account_id` and `vm_project_id` labels are also taken into account when ingesting data via non-http-based protocols
such as [Graphite](https://docs.victoriametrics.com/#how-to-send-data-from-graphite-compatible-agents-such-as-statsd),
[InfluxDB line protocol via TCP and UDP](https://docs.victoriametrics.com/#how-to-send-data-from-influxdb-compatible-agents-such-as-telegraf) and
[OpenTSDB telnet put protocol](https://docs.victoriametrics.com/#sending-data-via-telnet-put-protocol).
**Security considerations:** it is recommended restricting access to `multitenant` endpoints only to trusted sources, **Security considerations:** it is recommended restricting access to `multitenant` endpoints only to trusted sources,
since untrusted source may break per-tenant data by writing unwanted samples to arbitrary tenants. since untrusted source may break per-tenant data by writing unwanted samples to arbitrary tenants.

View File

@ -110,6 +110,11 @@ while the `http_requests_total{path="/bar"} 34` would be stored in the tenant `a
The `vm_account_id` and `vm_project_id` labels are extracted after applying the [relabeling](https://docs.victoriametrics.com/relabeling.html) The `vm_account_id` and `vm_project_id` labels are extracted after applying the [relabeling](https://docs.victoriametrics.com/relabeling.html)
set via `-relabelConfig` command-line flag, so these labels can be set at this stage. set via `-relabelConfig` command-line flag, so these labels can be set at this stage.
The `vm_account_id` and `vm_project_id` labels are also taken into account when ingesting data via non-http-based protocols
such as [Graphite](https://docs.victoriametrics.com/#how-to-send-data-from-graphite-compatible-agents-such-as-statsd),
[InfluxDB line protocol via TCP and UDP](https://docs.victoriametrics.com/#how-to-send-data-from-influxdb-compatible-agents-such-as-telegraf) and
[OpenTSDB telnet put protocol](https://docs.victoriametrics.com/#sending-data-via-telnet-put-protocol).
**Security considerations:** it is recommended restricting access to `multitenant` endpoints only to trusted sources, **Security considerations:** it is recommended restricting access to `multitenant` endpoints only to trusted sources,
since untrusted source may break per-tenant data by writing unwanted samples to arbitrary tenants. since untrusted source may break per-tenant data by writing unwanted samples to arbitrary tenants.