Endpoint on opampbridge should support tls cert
3-commerce opened this issue · comments
I attemp to try opampbridge on this values
It's asking the endpoint of opamp server. However, based on opamp-go Agent in this repository we have to determine the CA tls for connecting to opamp server.
Is this Endpoint opamp server is http or wss (protobuf) ? In the example, it's given http but i am not sure the communication between agent to server using http. It should be websocket.
I don't find the opamp-server image, but i try to build it localy.
Hey there, @3-commerce! I'm here to help you out with any issues you're facing. I can assist with bugs, answer questions, and even guide you on becoming a contributor. Let's tackle this together!
- The OpAMP server endpoint is supposed to use HTTP. The configuration in the
values.yaml
file specifies the endpoint ashttp://opamp-server:8080
, which indicates HTTP is used.
opAMPBridge:
endpoint: http://opamp-server:8080
- There is an official image available for the OpAMP bridge. The
values.yaml
file specifies the image repository asghcr.io/open-telemetry/opentelemetry-operator/operator-opamp-bridge
.
opAMPBridge:
image:
repository: ghcr.io/open-telemetry/opentelemetry-operator/operator-opamp-bridge
pullPolicy: IfNotPresent
tag: "0.103.0"
Additionally, the bridge.yaml
file from the OpenTelemetry Helm charts provides a detailed configuration for the OpAMP bridge, including the endpoint, capabilities, and image details:
apiVersion: opentelemetry.io/v1alpha1
kind: OpAMPBridge
metadata:
name: example
labels:
helm.sh/chart: opentelemetry-kube-stack-0.0.9
app.kubernetes.io/version: "0.103.0"
app.kubernetes.io/managed-by: Helm
spec:
endpoint: http://opamp-server:8080
capabilities:
AcceptsOpAMPConnectionSettings: true
AcceptsOtherConnectionSettings: true
AcceptsRemoteConfig: true
AcceptsRestartCommand: true
ReportsEffectiveConfig: true
ReportsHealth: true
ReportsOwnLogs: true
ReportsOwnMetrics: true
ReportsOwnTraces: true
ReportsRemoteConfig: true
ReportsStatus: true
replicas: 1
image: "ghcr.io/open-telemetry/opentelemetry-operator/operator-opamp-bridge:0.103.0"
upgradeStrategy: automatic
securityContext:
runAsNonRoot: true
runAsUser: 1000
resources:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 250m
memory: 256Mi
env:
- name: OTEL_K8S_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: OTEL_K8S_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: OTEL_K8S_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: OTEL_K8S_POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OTEL_RESOURCE_ATTRIBUTES
value: "k8s.cluster.name=demo"
@3-commerce are you connecting to a self-signed opamp server? if not, it should be able to connect to a valid bridge server that has TLS.
Hi @jaronoff97
I have succeded to connect bridge endpoint to amp server (VM).
I choose amp server (VM) because it's provided the UI. However when i try "Save and Send to Agent", it's not work (the otelcol config is not reflected as i want and some configs part are removed when displayed.
I believe this is a bug in the latest opamp-bridge server. I have seen this reported elsewhere. Would you mind opening a new issue in the operator repo for this, and I can take a look there?
while there, can you also provide a link to the opamp server implementation please?
@jaronoff97 Hi, i really happy and glad to cooperate with you. meanwhile I cannot much contribute in code but I hope can help you for testing. 😅
How do i contact you in private ? Have a slack or something ?
no problem! You can message in the #agentmanwg in the CNCF slack and we can follow up there. Closing this issue for now.