-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add prometheus_simple receiver #184
Add prometheus_simple receiver #184
Conversation
// Whether or not to use pod service account to authenticate. | ||
UseServiceAccount bool `mapstructure:"use_service_account"` | ||
// TLS configs in case connection is over HTTPS | ||
TLSCredentials *tlsCredentials `mapstructure:"tls_credentials"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I might just call the config value tls
as they're not necessarily credentials. For example you might set ca_file but not use cert_file and key_file for auth.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does this look like in config if you want to enable TLS but with just the defaults? If you do:
receivers:
prometheus_simple:
tls_config:
I think tls will be nil so not configured. But if you did:
receivers:
prometheus_simple:
tls_config: {}
TLS would be non-nil with the default zero values. Seems like it might be easy to mess up. 🤔
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since paths to the cert, key and the CA cert are all empty an empty TLS config would fail authentication right? Also, would it be a valid use case to have these be the empty default values?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it's empty it should use the system CA certs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like they avoid this problem by having TLS explicitly enabled or disabled with scheme
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh ok. I just looked at how prometheus handles these values and from first look, it does not seem like it picks up the system CA certs. Will dig a bit deeper and get back.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it'd end up using the default which is system default CA:
https://golang.org/src/crypto/tls/common.go?s=16110:25304#L526
// RootCAs defines the set of root certificate authorities
// that clients use when verifying server certificates.
// If RootCAs is nil, TLS uses the host's root CA set.
RootCAs *x509.CertPool
@asuresh4 please resolve the conflict. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, I already reviewed this code on an internal fork.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What was the outcome of #184 (comment)?
|
What about the next comment #184 (comment)? |
Based on the discussion we had, I tried the following configs,
and
In both cases To be able to support
the client would use TLS with default system CA certs in this case. |
Would suggest making this |
@jrcamp @asuresh4 so just to clarify. This is about TLS settings for a client, right? We previously had For clients we can use a different config approach as you suggested. We can have 2 sibling keys: I think this is fine. We don't have to use the same config struct for TLS clients and for TLS servers (which is what existing Sorry, I may have mislead you on this. |
ca_file: "/path/to/ca" | ||
cert_file: "/path/to/cert" | ||
key_file: "/path/to/key" | ||
insecure_skip_verify: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is no longer correct. This needs to be under tls_config
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The TLS options and the ones in httpConfig
are embedded in the receiver config so these would still be at the top level.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, I didn't notice tls_config
was removed. I was thinking we'd keep it but just add tls_enabled beside it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah yes, looking back at the example I gave above, I realized that's what we discussed too. Updated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
### Description The `prometheus_simple` receiver is a wrapper around the [prometheus receiver](https://github.com/open-telemetry/opentelemetry-collector/tree/master/receiver/prometheusreceiver). This receiver provides a simple configuration interface to configure the prometheus receiver to scrape metrics from a single target. This receiver would provide the `receiver_creator` a simplified configuration interface to collect prometheus metrics. An Example config, ```yaml receivers: prometheus_simple: endpoint: "172.17.0.5:9153" ``` The receiver can also be configured to use a Pod service account when running in a Kubernetes environment using `use_service_account`. ### Testing Unit tests Manual testing with SignalFx exporter ### Documentation https://github.com/signalfx/opentelemetry-collector-contrib/blob/simple-prometheus/receiver/simpleprometheusreceiver/README.md
There is only one config now, so no need to have version number in the file name.
Also fixes example module paths so that they use the vanity URL instead of the github URL. [Closes #184]
Update redis instrumentation to follow semantic conventions
…y#184) * Add Neuron monitor scraper to scrape metrics from NeuronMonitor --------- Co-authored-by: Hyunsoo Kim <hsookim@amazon.com> Co-authored-by: Aditya Purang <puranga@amazon.com>
Description
The
prometheus_simple
receiver is a wrapper around the prometheus receiver.This receiver provides a simple configuration interface to configure the prometheus
receiver to scrape metrics from a single target. This receiver would provide the
receiver_creator
a simplified configuration interface to collect prometheus metrics.An Example config,
The receiver can also be configured to use a Pod service account when running in a Kubernetes environment using
use_service_account
.Testing
Unit tests
Manual testing with SignalFx exporter
Documentation
https://github.com/signalfx/opentelemetry-collector-contrib/blob/simple-prometheus/receiver/simpleprometheusreceiver/README.md