Qdrant Authentication
Implementing a simple and fast HTTP Authentication for Qdrant
Table of contents
No headings in the article.
Qdrant is becoming more and more popular, and its use is increasing every day. At Intelijus, we decided to try its amazing capabilities and see how it performed.
Using the helm chart, everything worked perfectly to deploy into our cluster. However, some remote developers were interested in using it to make tests.
The Cloud version includes an API Key Authentication, but the usual deployment doesn't include any. We can further explore the initialization parameters for the Qdrant Python client:
def __init__(self,
host="localhost",
port=6333,
grpc_port=6334,
prefer_grpc=False,
https=None,
api_key=None,
prefix=None,
**kwargs):
So, the team analyzed two options.
— Kong as an API gateway, and the Key Authentication plugin
— Kubernetes Ingress using basic authentication
The qdrant-client implementation of the API_KEY header would benefit from Kong. The service implementation would be fast, but we would need to deploy Kong to this cluster. Kong is great. We have deployed it on some APIs, but on this test cluster, it's not installed. Kubernetes Ingress is already installed.
Given that the night was great for coding, I decided to take a look before our next meeting to discuss this. First, I deployed one Ingress routing to the Qdrant Cluster IP service on port 6333. Basic authentication and a certificate were set up using annotations. Then, I tested it using the httpx Python module. It was possible to contact Qdrant service.
cert-manager.io/cluster-issuer: certificate_issuer
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: qdrant-auth
nginx.ingress.kubernetes.io/auth-realm: Qdrant
The next step was to look at the Qdrant Python Client. It was promising to see the first look, they implemented a nested chain of keyword arguments. It would go from QdrantClient to the httpx client. If I add an auth and a verify parameter, it would propagate to the place I needed it. Furthermore, the port should be the one that Ingress is listening on.
client = QdrantClient(host="qdrant.mydomain.com", port=443, https=True, auth=('daniel', 'mypassword'), verify=False)
This setup made it easy to implement a basic authentication layer in front of our Qdrant vector database, which allowed us to expose it to our remote developers.
Look at you next, keep coding!