-
Notifications
You must be signed in to change notification settings - Fork 835
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(HTTP) Exporter rotating certificate based authentication #5215
Comments
Hi, thanks for reaching out with this feature-request. 🙂
This is possible by implementing the Once it's time to rotate certificates, a new internal exporter is created that replaces the old one. The old one can be shut down and operation resumes with the new one. |
thanks for that alternative. Do you have an example/documentation of how to register the implementation of In general do you think that's the desired solution or a workaround which is possible right now? What would be your idea of how a good solution for this (maybe not too uncommon) usecase? Maybe I can even contribute it then. |
Ah sorry, apologies - I meant the
I don't think it's a desired solution, no - it is a workaround that is possible today. Ideally we could allow to reconfigure everything and even allow custom agent implementations (for i.e connect proxies) but this is especially tricky to do in a "safe" way without breaking other features, like In particular when exposing interfaces that encourage people to use the Usually the go-to way for anything that goes beyond the default is to use an OTel collector co-deployed with the app (in Agent mode) - it's what I usually recommend if the exporter itself does not do exactly what one wants it to do. The otlphttpexporter does offer a way to hot-reload certificates as well via the |
Is your feature request related to a problem? Please describe.
Currently certificate based authentication with the exporter is possible right now with httpAgentOptions e.g.
However, with short lived certificates (which are rotated on filesystem level) this will fail when the certificate is expired.
Describe the solution you'd like
Not entirely sure, maybe
Describe alternatives you've considered
metricExporter._otlpExporter.agent = myNewAgent
setGlobalMeterProvider
). However it could still be possible somehow I imagine.Additional context
The text was updated successfully, but these errors were encountered: