search

krakend / krakend-ce

KrakenD Community Edition: High-performance, stateless, declarative, API Gateway written in Go.
https://www.krakend.io
Apache License 2.0
2k stars 453 forks source link

allow_insecure_connections not working for OpenTelemetry #914

Open NapalmCodes opened 3 months ago

NapalmCodes commented 3 months ago

Environment info:

Describe the bug The KrakenD container does not trust self signed certs like the dotnet cli dev certs used by a .NET Aspire application. In attempting to build a component I would expect to be able to use the config allow_insecure_connections to publish to an OTEL OTLP Endpoint. However, I can only get this to work on http. Given KrakenD is acting as a client here shouldn't it be able in development to ignore the OTLP endpoint cert? Please note this is in using the GRPC protocol for communicating with the OTEL OTLP Endpoint.

Your configuration file:

{
  "$schema": "https://www.krakend.io/schema/krakend.json",
  "version": 3,
  "tls": {
    "disabled": true
  },
  "client_tls": {
    "allow_insecure_connections": true
  },
  "name": "gateway",
  "extra_config": {
    "telemetry/opentelemetry": {
      "service_name": "gateway",
      "service_version": "0.1",
      "skip_paths": [""],
      "metric_reporting_period": 30,
      "exporters": {
        "otlp": [
          {
            "name": "aspire_dashboard",
            "host": "{{ (split ":" (splitList "://" (env "OTEL_EXPORTER_OTLP_ENDPOINT") | last))._0 }}",
            "port": {{ int ((split ":" (splitList "://" (env "OTEL_EXPORTER_OTLP_ENDPOINT") | last))._1) }},
            "use_http": false,
            "disable_metrics": false,
            "disable_traces": false
          }
        ]
      },
      "layers": {
        "global": {
          "disable_metrics": false,
          "disable_traces": false,
          "disable_propagation": false
        },
        "proxy": {
          "disable_metrics": false,
          "disable_traces": false
        },
        "backend": {
          "metrics": {
            "disable_stage": false,
            "round_trip": false,
            "read_payload": false,
            "detailed_connection": false,
            "static_attributes": []
          },
          "traces": {
            "disable_stage": false,
            "round_trip": false,
            "read_payload": false,
            "detailed_connection": false,
            "static_attributes": []
          }
        }
      }
    },
    "telemetry/logging": {
      "level": "Debug",
      "prefix": "[KRAKEND]",
      "syslog": false,
      "stdout": true,
      "format": "default",
      "syslog_facility": "local3"
    }
  },
  "timeout": "3000ms",
  "cache_ttl": "300s",
  "output_encoding": "json"
}

Commands used How did you start the software?

The equivalent of this command was ran by .NET Aspire:
`docker run --rm -it -v $PWD:/etc/krakend \
        -e FC_ENABLE=1 \
        -e FC_OUT=result.json \
       -e KRAKEND_ALLOW_INSECURE_CONNECTIONS=true \
        devopsfaith/krakend:2.7.0 \
        run -c /etc/krakend/config/krakend.json -d`

Expected behavior KrakenD to publish metrics and traces to the local OTLP endpoint provided by .NET Aspire.

Logs

2024-08-15 18:05:29 [KRAKEND] 2024/08/15 - 22:05:29.589 ▶ DEBUG [SERVICE: telemetry/logging] Improved logging started.
2024-08-15 18:05:29 [KRAKEND] 2024/08/15 - 22:05:29.589 ▶ INFO Starting KrakenD v2.7.0
2024-08-15 18:05:29 [KRAKEND] 2024/08/15 - 22:05:29.590 ▶ INFO Working directory is /etc/krakend
2024-08-15 18:05:29 [KRAKEND] 2024/08/15 - 22:05:29.591 ▶ INFO Starting the KrakenD instance
2024-08-15 18:05:29 [KRAKEND] 2024/08/15 - 22:05:29.600 ▶ INFO [SERVICE: Gin] Listening on port: 8080
2024-08-15 18:05:34 [KRAKEND] 2024/08/15 - 22:05:34.590 ▶ DEBUG [SERVICE: Telemetry] Registering usage stats for Cluster ID Yta7MRc8MQb5XN9ZwYcln0YZ2Y1jPMg4vUMx0W2VwQE=
2024-08-15 18:06:09 [KRAKEND] 2024/08/15 - 22:06:09.590 ▶ ERROR [SERVICE: OpenTelemetry] failed to upload metrics: context deadline exceeded: rpc error: code = Unavailable desc = connection error: desc = "error reading server preface: EOF"
2024-08-15 18:06:39 [KRAKEND] 2024/08/15 - 22:06:39.589 ▶ ERROR [SERVICE: OpenTelemetry] failed to upload metrics: context deadline exceeded: rpc error: code = Unavailable desc = connection error: desc = "error reading server preface: EOF"
2024-08-15 18:07:09 [KRAKEND] 2024/08/15 - 22:07:09.588 ▶ ERROR [SERVICE: OpenTelemetry] failed to upload metrics: context deadline exceeded: rpc error: code = Unavailable desc = connection error: desc = "error reading server preface: EOF"
2024-08-15 18:07:39 [KRAKEND] 2024/08/15 - 22:07:39.588 ▶ ERROR [SERVICE: OpenTelemetry] failed to upload metrics: context deadline exceeded: rpc error: code = Unavailable desc = connection error: desc = "error reading server preface: EOF"
2024-08-15 18:05:29 Parsing configuration file: /etc/krakend/krakend.json
hoanbc commented 2 months ago

i have same question, how krakend working with insecure opentelemetry (http).