Merge pull request #64719 from pavolloffay/otel-tls-options

jab-rh · web-flow · commit 66ab25a37fac · 2023-09-25T12:00:10.000-04:00
TRACING-3262 | Document OTEL TLS options
diff --git a/modules/distr-tracing-otel-config-collector.adoc b/modules/distr-tracing-otel-config-collector.adoc
@@ -157,12 +157,15 @@ The OTLP receiver ingests data using the OpenTelemetry protocol (OTLP).
         protocols:
           grpc:
             endpoint: 0.0.0.0:4317 <1>
+            tls: <2>
+              ca_file: ca.pem
+              cert_file: cert.pem
+              key_file: key.pem
+              client_ca_file: client.pem <3>
+              reload_interval: 1h <4>
           http:
-            endpoint: 0.0.0.0:4318 <2>
-          tls: <3>
-            ca_file: ca.pem
-            cert_file: cert.pem
-            key_file: key.pem
+            endpoint: 0.0.0.0:4318 <5>
+            tls: <6>
 
     service:
       pipelines:
@@ -172,8 +175,11 @@ The OTLP receiver ingests data using the OpenTelemetry protocol (OTLP).
           receivers: [otlp]
 ----
 <1> The OTLP gRPC endpoint. If omitted, the default `+0.0.0.0:4317+` is used.
-<2> The OTLP HTTP endpoint. If omitted, the default `+0.0.0.0:4318+` is used.
-<3> The TLS server side configuration. Defines paths to TLS certificates. If omitted, TLS is disabled.
+<2> The server-side TLS configuration. Defines paths to TLS certificates. If omitted, TLS is disabled.
+<3> The path to the TLS certificate at which the server verifies a client certificate. This sets the value of `ClientCAs` and `ClientAuth` to `RequireAndVerifyClientCert` in the `TLSConfig`. For more information, see the link:https://godoc.org/crypto/tls#Config[`Config` of the Golang TLS package].
+<4> Specifies the time interval at which the certificate is reloaded. If the value is not set, the certificate is never reloaded.  `reload_interval` accepts a string containing valid units of time such as `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`.
+<5> The OTLP HTTP endpoint. The default value is `+0.0.0.0:4318+`.
+<6> The server-side TLS configuration. For more information, see `grpc` protocol configuration section.
 
 [id="jaeger-receiver_{context}"]
 ==== Jaeger Receiver
@@ -297,7 +303,11 @@ The OTLP gRPC exporter exports data using the OpenTelemetry protocol (OTLP).
           ca_file: ca.pem
           cert_file: cert.pem
           key_file: key.pem
-        headers: <3>
+          insecure: false <3>
+          insecure_skip_verify: false <4>
+          reload_interval: 1h <5>
+          server_name_override: <name> <6>
+        headers: <7>
           X-Scope-OrgID: "dev"
     service:
       pipelines:
@@ -308,7 +318,11 @@ The OTLP gRPC exporter exports data using the OpenTelemetry protocol (OTLP).
 ----
 <1> The OTLP gRPC endpoint. If the `+https://+` scheme is used, then client transport security is enabled and overrides the `insecure` setting in the `tls`.
 <2> The client side TLS configuration. Defines paths to TLS certificates.
-<3> Headers are sent for every RPC performed during an established connection.
+<3> Disables client transport security when set to `true`. The default value is `false` by default.
+<4> Skips verifying the certificate when set to `true`. The default value is `false`.
+<5> Specifies the time interval at which the certificate is reloaded. If the value is not set, the certificate is never reloaded. `reload_interval` accepts a string containing valid units of time such as `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`.
+<6> Overrides the virtual host name of authority such as the authority header field in requests. You can use this for testing.
+<7> Headers are sent for every request performed during an established connection.
 
 [id="otlp-http-exporter_{context}"]
 ==== OTLP HTTP exporter
@@ -326,9 +340,6 @@ The OTLP HTTP exporter exports data using the OpenTelemetry protocol (OTLP).
       otlphttp:
         endpoint: http://tempo-ingester:4318 <1>
         tls: <2>
-          ca_file: ca.pem
-          cert_file: cert.pem
-          key_file: key.pem
         headers: <3>
           X-Scope-OrgID: "dev"
 
@@ -359,9 +370,6 @@ The Jaeger exporter exports data using the Jaeger proto format through gRPC.
       jaeger:
         endpoint: jaeger-all-in-one:14250 <1>
         tls: <2>
-          ca_file: ca.pem
-          cert_file: cert.pem
-          key_file: key.pem
     service:
       pipelines:
         traces:
