[REQ] Feature - TLS support for OTLP metrics clients

[eanveden]

What kind of request is this?

Feature

What is your request or suggestion?

I would like Eraser to add the ability to support TLS for the eraser client for otlp metrics.

The underlying client (otlphttpmetrics) already supports this, see here

It can either be done through exposing these environment variables:
OTEL_EXPORTER_OTLP_CERTIFICATE/OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE
OTEL_EXPORTER_OTLP_CLIENT_KEY/OTEL_EXPORTER_OTLP_METRICS_CLIENT_KEY

Or alternatively set up using this

I do not mind doing this work myself (I already somewhat started), just need to know if there are any considerations that you have with regards to the work, or if I am missing some crucial key points that would invalidate this work.

Are you willing to submit PRs to contribute to this feature request?

• Yes, I am willing to implement it.

[sozercan]

@eanveden thanks for opening an issue!

sounds like this will need removing insecure option from

eraser/pkg/metrics/metrics.go

Line 24 in afb831b

exporter, err := otlpmetrichttp.New(ctx, otlpmetrichttp.WithInsecure(), otlpmetrichttp.WithEndpoint(endpoint))

ideally, we should do https by default. we can integrate with https://github.com/open-policy-agent/cert-controller to auto generate the certificates and rotate continously. also have an option for user to specify their own certs instead of auto gen.

would you be interested in creating a design doc for this?

[eanveden]

@sozercan, sure, I'll put something together.