Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v2: when configuring OTLP destination authMode needs to be used instead of auth.type #844

Closed
marcomusso opened this issue Nov 6, 2024 · 3 comments · Fixed by #877
Closed

v2: when configuring OTLP destination authMode needs to be used instead of auth.type #844

marcomusso opened this issue Nov 6, 2024 · 3 comments · Fixed by #877

Comments

@marcomusso
Copy link

marcomusso commented Nov 6, 2024
edited
Loading

When defining an otlp/http destination like:

  - name: GrafanaCloudOTLP
    type: otlp
    protocol: http
    url: "{{ requiredEnv "GRAFANA_CLOUD_OTLP_HOST" }}/otlp"
    tenantId: "{{ requiredEnv "GRAFANA_CLOUD_INSTANCE_ID" }}"
    auth:
      type: basic
      username: "{{ requiredEnv "GRAFANA_CLOUD_INSTANCE_ID" }}"
      password: "{{ requiredEnv "GRAFANA_CLOUD_TOKEN" }}"
    metrics:
      enabled: true
    logs:
      enabled: true
    traces:
      enabled: true

This creates an exporter WITHOUT client.auth thus generating 401 from the destination:

otelcol.exporter.otlphttp "grafanacloudotlp" {
  client {
    endpoint = "https://otlp-gateway-prod-eu-west-2.grafana.net/otlp"
    headers = {
      "X-Scope-OrgID" = nonsensitive(remote.kubernetes.secret.grafanacloudotlp.data["tenantId"]),
    }
    tls {
      insecure = false
      insecure_skip_verify = false
      ca_pem = nonsensitive(remote.kubernetes.secret.grafanacloudotlp.data["ca"])
      cert_pem = nonsensitive(remote.kubernetes.secret.grafanacloudotlp.data["cert"])
      key_pem = remote.kubernetes.secret.grafanacloudotlp.data["key"]
    }
  }
}

Setting authMode: basic (single top level key) will result in the auth client attribute to be included:

otelcol.exporter.otlphttp "grafanacloudotlp" {
  client {
    endpoint = "https://otlp-gateway-prod-eu-west-2.grafana.net/otlp"
    auth = otelcol.auth.basic.grafanacloudotlp.handler                       // HERE
    headers = {
      "X-Scope-OrgID" = nonsensitive(remote.kubernetes.secret.grafanacloudotlp.data["tenantId"]),
    }
    tls {
      insecure = false
      insecure_skip_verify = false
      ca_pem = nonsensitive(remote.kubernetes.secret.grafanacloudotlp.data["ca"])
      cert_pem = nonsensitive(remote.kubernetes.secret.grafanacloudotlp.data["cert"])
      key_pem = remote.kubernetes.secret.grafanacloudotlp.data["key"]
    }
  }
}

But authMode is not documented anywhere and instead auth.type should be used like for other destinations.

Reference: https://github.com/grafana/k8s-monitoring-helm/blob/main/charts/k8s-monitoring/templates/destinations/_destination_otlp.tpl#L68
@marcomusso marcomusso changed the title When configuring OTLP destination in v2 authMode needs to be used instead of auth.type v2: when configuring OTLP destination authMode needs to be used instead of auth.type Nov 8, 2024
@petewall petewall linked a pull request Nov 8, 2024 that will close this issue
Use auth.type instead of authMode, which was a copy-paste error #877
Merged
@petewall
Copy link
Collaborator

petewall commented Nov 8, 2024

Thanks for catching this! I've opened a PR to fix this!

@marcomusso
Copy link
Author

Excellent @petewall , I'll pull as soon as you merge! thanks!

@petewall
Copy link
Collaborator

petewall commented Nov 8, 2024

I've got a few fixes coming in and I'll make an rc3 release later today!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use auth.type instead of authMode, which was a copy-paste error grafana/k8s-monitoring-helm
2 participants
@petewall @marcomusso