search

eraser-dev / eraser

🧹 Cleaning up images from Kubernetes nodes
https://eraser-dev.github.io/eraser/
Apache License 2.0
493 stars 62 forks source link

[REQ] Feature - TLS support for OTLP metrics clients #933

Open eanveden opened 10 months ago

eanveden commented 10 months ago

What kind of request is this?

Feature

What is your request or suggestion?

I would like Eraser to add the ability to support TLS for the eraser client for otlp metrics.

The underlying client (otlphttpmetrics) already supports this, see here

It can either be done through exposing these environment variables: OTEL_EXPORTER_OTLP_CERTIFICATE/OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE OTEL_EXPORTER_OTLP_CLIENT_KEY/OTEL_EXPORTER_OTLP_METRICS_CLIENT_KEY

Or alternatively set up using this

I do not mind doing this work myself (I already somewhat started), just need to know if there are any considerations that you have with regards to the work, or if I am missing some crucial key points that would invalidate this work.

Are you willing to submit PRs to contribute to this feature request?

sozercan commented 10 months ago

@eanveden thanks for opening an issue!

sounds like this will need removing insecure option from https://github.com/eraser-dev/eraser/blob/afb831bcf61d665e1d766453c9b7d22d29297d78/pkg/metrics/metrics.go#L24

ideally, we should do https by default. we can integrate with https://github.com/open-policy-agent/cert-controller to auto generate the certificates and rotate continously. also have an option for user to specify their own certs instead of auto gen.

would you be interested in creating a design doc for this?

eanveden commented 9 months ago

@sozercan, sure, I'll put something together.