Skip to content

Document how to use OTLP exporters with self-signed certificates #6882

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Document how to use OTLP exporters with self-signed certificates #6882

wants to merge 6 commits into from

Conversation

xue20xi
Copy link

@xue20xi xue20xi commented Jun 8, 2025
edited by pellared
Loading

Fixes #6661

@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Jun 8, 2025
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@xue20xi xue20xi mentioned this pull request Jun 8, 2025
Open
@codecov Codecov
Copy link

codecov bot commented Jun 9, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.3%. Comparing base (0669ee0) to head (100a26c).
Report is 6 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##            main   #6882     +/-   ##
=======================================
- Coverage   82.3%   82.3%   -0.1%     
=======================================
  Files        263     263             
  Lines      24418   24418             
=======================================
- Hits       20098   20097      -1     
- Misses      3938    3939      +1     
  Partials     382     382

see 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

pellared
pellared requested changes Jun 9, 2025
View reviewed changes
@xue20xi
Copy link
Author

xue20xi commented Jun 9, 2025

Hi @pellared ,
I just pushed a new commit to address your comments, could you review again?

@pellared pellared changed the title Document how to use OTLP exporters with self-signed certificates (#6661) Document how to use OTLP exporters with self-signed certificates Jun 9, 2025
pellared
pellared reviewed Jun 9, 2025
View reviewed changes
pellared
pellared reviewed Jun 9, 2025
View reviewed changes
exporters/otlp/otlplog/otlploggrpc/example_test.go Outdated
Comment on lines 41 to 42
// ExampleWithTLSCredentials demonstrates how to configure the exporter with certificates, including self-signed certificates.
func ExampleWithTLSCredentials() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we simplify the example so that it only demonstrate how to use self-signed certificates?

Suggested change
// ExampleWithTLSCredentials demonstrates how to configure the exporter with certificates, including self-signed certificates.
func ExampleWithTLSCredentials() {
// Demonstrates how to configure the exporter using self-signed certificates.
func Example_selfSignedCertificates() {

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May comment was not only about the name and description of the example but related to the content as well. It should be simplified.

pellared
pellared reviewed Jun 9, 2025
View reviewed changes
exporters/otlp/otlplog/otlploggrpc/example_test.go
if caFile != "" && clientCert != "" && clientKey != "" {
// mTLS connection
tlsCfg := tls.Config{
InsecureSkipVerify: false,
Copy link
Member

@pellared pellared Jun 9, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it needed if we add CA certificate to root CA pool?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use new cert pool instead

Copy link
Member

@pellared pellared Jun 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sill, do we need to set InsecureSkipVerify to false?

Is this not the only thing that is needed?

pool := x509.NewCertPool()
if !pool.AppendCertsFromPEM(data) {
	panic("failed to add CA certificate to root CA pool")
}
tlsCfg := &tls.Config{
	RootCAs:    certs,
}
creds := credentials.NewTLS(tlsCfg)

dmathieu
dmathieu reviewed Jun 10, 2025
View reviewed changes
@dmathieu dmathieu added the Skip Changelog PRs that do not require a CHANGELOG.md entry label Jun 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmathieu dmathieu dmathieu left review comments

@pellared pellared pellared requested changes

@MrAlias MrAlias Awaiting requested review from MrAlias MrAlias is a code owner

@XSAM XSAM Awaiting requested review from XSAM XSAM is a code owner

@dashpole dashpole Awaiting requested review from dashpole dashpole is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
Skip Changelog PRs that do not require a CHANGELOG.md entry
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Document how to use OTLP exporters with self-signed certificates
3 participants
@xue20xi @dmathieu @pellared