search

open-telemetry / opentelemetry-go

OpenTelemetry Go API and SDK
https://opentelemetry.io/docs/languages/go
Apache License 2.0
5.16k stars 1.04k forks source link

OTLP env config / WithClientCert doesn't reload certificates #4683

Open abh opened 10 months ago

abh commented 10 months ago

Description

Certificates configured with OTEL_EXPORTER_OTLP_CLIENT_KEY and OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE aren't reloaded, so if they are short lived certificates they only work for a short time.

See also #3363

Environment

Steps To Reproduce

  1. Use the configuration options OTEL_EXPORTER_OTLP_CLIENT_KEY and OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE.
  2. Run the process
  3. Wait for certificates to be replaced
  4. See error when the original certificates expire

Expected behavior

Certificates are reloaded, or have an option to be reloaded, when they change on disk.

Related issues / solutions in the collector: https://github.com/open-telemetry/opentelemetry-collector/pull/4737 https://github.com/open-telemetry/opentelemetry-collector/issues/7619

pellared commented 10 months ago
  1. Is there OTLP exporter in any other language who works that way?
  2. This behavior is not specified in https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md.

have an option to be reloaded, when they change on disk.

I think you would have to write custom code to handle it.