[Telemetry] mTLS support for TracePipeline OTLP output #17995
Labels
area/telemetry
Issues or PRs related to the telemetry module
kind/feature
Categorizes issue or PR as related to a new feature.
Milestone
Description
A security best practice is to use mTLS to establish a secure connection a a remote party. Especially when integrating with 3party systems this is a common practice which should be supported by a TracePipeline.
The OTLP output of the TracePipeline supports TLS in general and a header based authentication. However, it does not provide functionality for mutual TLS yet. Also the typical settings for verifying the server-side certificate are missing.
An API to support this scenarios could look like this, which adds a general
tls
section introducing the missing settings for TLS and mTLS.The related files should be provided by secrets where the secret attributes need to get mounted as files into the gateway pod.
Criterias:
Reasons
It should be possible to follow security best practices using the functionality
Attachments
supported settings of the otlpexporter: https://github.com/open-telemetry/opentelemetry-collector/blob/main/config/configtls/README.md
The text was updated successfully, but these errors were encountered: