Skip to content

otlploggrpc: Add examples with self-signed certificates #6882

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

otlploggrpc: Add examples with self-signed certificates #6882

wants to merge 15 commits into from
+86 −0

Conversation

xue20xi
Copy link

@xue20xi xue20xi commented Jun 8, 2025
edited by pellared
Loading

Towards #6661

@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Jun 8, 2025
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@xue20xi xue20xi mentioned this pull request Jun 8, 2025
Open
@codecov Codecov
Copy link

codecov bot commented Jun 9, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.8%. Comparing base (5da6cd2) to head (ac7b5c0).

Additional details and impacted files

Impacted file tree graph

@@          Coverage Diff          @@
##            main   #6882   +/-   ##
=====================================
  Coverage   82.8%   82.8%           
=====================================
  Files        262     262           
  Lines      24339   24339           
=====================================
+ Hits       20153   20154    +1     
+ Misses      3811    3810    -1     
  Partials     375     375

see 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

pellared
pellared requested changes Jun 9, 2025
View reviewed changes
@xue20xi
Copy link
Author

xue20xi commented Jun 9, 2025

Hi @pellared ,
I just pushed a new commit to address your comments, could you review again?

@pellared pellared changed the title Document how to use OTLP exporters with self-signed certificates (#6661) Document how to use OTLP exporters with self-signed certificates Jun 9, 2025
pellared
pellared reviewed Jun 9, 2025
View reviewed changes
pellared
pellared reviewed Jun 9, 2025
View reviewed changes
pellared
pellared reviewed Jun 9, 2025
View reviewed changes
dmathieu
dmathieu reviewed Jun 10, 2025
View reviewed changes
@dmathieu dmathieu added the Skip Changelog PRs that do not require a CHANGELOG.md entry label Jun 10, 2025
@xue20xi xue20xi requested a review from pellared June 22, 2025 13:54
@pellared
Copy link
Member

This PR seems improperly synced with main.

pellared
pellared reviewed Jun 24, 2025
View reviewed changes
pellared
pellared reviewed Jul 7, 2025
View reviewed changes
Copy link
Member

@pellared pellared left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this. I just added some cleanup comments. Hopefully these are my last comments 😉

Do you want to make similar PRs for other OTLP exporters (otlploghttp, otlpmetricgrpc, otlpmetrichttp, otlptracegrpc, otlptracehttp)?

@pellared pellared changed the title Document how to use OTLP exporters with self-signed certificates otlploggrpc: Add examples with self-signed certificates Jul 7, 2025
@xue20xi
Copy link
Author

xue20xi commented Jul 10, 2025

I like this. I just added some cleanup comments. Hopefully these are my last comments 😉

Do you want to make similar PRs for other OTLP exporters (otlploghttp, otlpmetricgrpc, otlpmetrichttp, otlptracegrpc, otlptracehttp)?

Yes, I'd like to, if no other comments, will start to work on the other exporters

pellared
pellared approved these changes Jul 11, 2025
View reviewed changes
Copy link
Member

@pellared pellared left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made a little refactoring 63c83a4

@open-telemetry/go-approvers, PTAL

@xue20xi
Copy link
Author

xue20xi commented Jul 12, 2025
edited
Loading

I like this. I just added some cleanup comments. Hopefully these are my last comments 😉
Do you want to make similar PRs for other OTLP exporters (otlploghttp, otlpmetricgrpc, otlpmetrichttp, otlptracegrpc, otlptracehttp)?

Yes, I'd like to, if no other comments, will start to work on the other exporters

I have checked the otlploghttp module, it seems the example for self-signed certificate is not needed.

It works fine when only specify the environment variable "OTEL_EXPORTER_OTLP_CERTIFICATE" for self-signed certificate TLS connection.
It works fine when only specify the environment variable "OTEL_EXPORTER_OTLP_CERTIFICATE", "OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE" and "OTEL_EXPORTER_OTLP_CLIENT_KEY" for self-signed certificate mTLS connection.

The reason is otlploghttp.New(ctx) will load the TLS config from the environment variables (newConfig() in otlploghttp/config.go )

So otlploghttp.WithTLSClientConfig() is not needed, this is align with the README (https://pkg.go.dev/go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp)

OTEL_EXPORTER_OTLP_CERTIFICATE, OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE (default: none) - the filepath to the trusted certificate to use when verifying a server's TLS credentials. OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE takes precedence over OTEL_EXPORTER_OTLP_CERTIFICATE. The configuration can be overridden by WithTLSClientConfig option.

pellared
pellared requested changes Jul 14, 2025
View reviewed changes
Copy link
Member

@pellared pellared left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have checked the otlploghttp module, it seems the example for self-signed certificate is not needed.

I quickly checked the otlploggrpc code and docs and I would suspect that this should work the same way as for otlploghttp. I have a strong feeling that my comment #6661 (comment) was incorrect (sorry for that).

Do you know of this issue is true for other gRPC OTLP exporters? I wouldn't be surprised if this is only a problem only in otlploggrpc.

@xue20xi
Copy link
Author

xue20xi commented Jul 18, 2025

I have checked the otlploghttp module, it seems the example for self-signed certificate is not needed.

I quickly checked the otlploggrpc code and docs and I would suspect that this should work the same way as for otlploghttp. I have a strong feeling that my comment #6661 (comment) was incorrect (sorry for that).

Do you know of this issue is true for other gRPC OTLP exporters? I wouldn't be surprised if this is only a problem only in otlploggrpc.

I have checked otlpmetricgrpc and otlptracegrpc, they both work fine, so you're right, it seems a problem only in otlploggrpc

@pellared
Copy link
Member

@xue20xi, given the latest comment I think we can close the PR. Do you want to work on fixing #6661 given it seems to be a bug and you already know what code should be invoked so that it works properly? I mean the examples here work and this is the code that should be invoke when e.g. OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE is set.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmathieu dmathieu dmathieu left review comments

@pellared pellared pellared requested changes

@dashpole dashpole dashpole approved these changes

@MrAlias MrAlias Awaiting requested review from MrAlias MrAlias is a code owner

@XSAM XSAM Awaiting requested review from XSAM XSAM is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
Skip Changelog PRs that do not require a CHANGELOG.md entry
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@xue20xi @pellared @dmathieu @dashpole