Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[REQ] Feature - TLS support for OTLP metrics clients #933

Open
1 task done
eanveden opened this issue Dec 22, 2023 · 2 comments
Open
1 task done

[REQ] Feature - TLS support for OTLP metrics clients #933

eanveden opened this issue Dec 22, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@eanveden
Copy link

eanveden commented Dec 22, 2023

What kind of request is this?

Feature

What is your request or suggestion?

I would like Eraser to add the ability to support TLS for the eraser client for otlp metrics.

The underlying client (otlphttpmetrics) already supports this, see here

It can either be done through exposing these environment variables:
OTEL_EXPORTER_OTLP_CERTIFICATE/OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE
OTEL_EXPORTER_OTLP_CLIENT_KEY/OTEL_EXPORTER_OTLP_METRICS_CLIENT_KEY

Or alternatively set up using this

I do not mind doing this work myself (I already somewhat started), just need to know if there are any considerations that you have with regards to the work, or if I am missing some crucial key points that would invalidate this work.

Are you willing to submit PRs to contribute to this feature request?

  • Yes, I am willing to implement it.
@eanveden eanveden added the enhancement New feature or request label Dec 22, 2023
@sozercan
Copy link
Member

sozercan commented Jan 3, 2024

@eanveden thanks for opening an issue!

sounds like this will need removing insecure option from

exporter, err := otlpmetrichttp.New(ctx, otlpmetrichttp.WithInsecure(), otlpmetrichttp.WithEndpoint(endpoint))

ideally, we should do https by default. we can integrate with https://github.com/open-policy-agent/cert-controller to auto generate the certificates and rotate continously. also have an option for user to specify their own certs instead of auto gen.

would you be interested in creating a design doc for this?

@eanveden
Copy link
Author

@sozercan, sure, I'll put something together.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants