Deprecate tls::*_file in favor of tls::*_pem
#7691
Comments
|
@erikbaranowski do you want to fix this? |
|
No longer on hold |
mx-psi
added this to the `go.opentelemetry.io/collector/config/configtls` 1.0 milestone
|
We spoke about this offline, we generally agree that we can keep both options for 1.0 and potentially deprecate (either now or in the future) the There are some things we want to check before we go ahead and close this though:
|
|
Jaeger Remote Sampling as well |
|
I see that reload is implemented for some of the configtls settings but only for the client CA file under the TLS server settings. Is there a use case for live reload of certs and pem files that must be provided by the package, or is the file provider able to provide this somehow? |
|
Reloading certs is a VERY common use case. If the file provider can't provide this, we shouldn't remove the _file options. |
|
The file provider could be made to reload the certs, but the semantics would be very different from how configtls does this today with the I think we will need to keep the |
|
Reloading of a single field in the configuration definitely seems difficult to achieve without a significant refactor, I think we can close this as not planned (though I would be interested in hearing @bogdandrutu's thoughts on this). We can file a separate issue for exploring supporting this reloading (out of scope for 1.0). I found a few other components that ask for a filepath in the configuration: I can file another issue on contrib to see if we should remove/replace the option on these. Does this make sense? |
|
I am surprised the discussion is going in this direction. What percentage of users do we expect to be able to provide data via files vs. in-memory mechanism? By my scientific napkin math it's 1000:1, with 95% confidence. |
I don't understand your argument, why should this ratio make us not close this issue? |
This sounds good to me. I think as a rule of thumb we can probably replace filepaths in the config with recommendations to use the file provider if the component does not re-read the file at runtime. |
|
@yurishkuro I am waiting on your reply to #7691 (comment) to close this issue. Could you have a look? |
Because, if you don't dispute the "math", it will break 1000 users per 1 who needs the new syntax? |
To be clear, we are not going to do any changes on We may change things in other components, following the rule that Evan proposed on #7691 (comment). This is the kind of change for which we can provide automated migrations on the Operator and using a tool like #7631 if needed, so I think the breakage would be minor. In any case, we can discuss this in the specific issues for the components |
After #7676 is merged, we will have duplicate functionality on the
TLSConfigstruct, where you can pass certificate and keys by providing either a file path (e.g.tls::ca_file) or in-memory (e.g.tls::ca_pem). Because of our support for${file:/path/to/file}URIs, the former is redundant; one can puttls::ca_pem: ${file:/path/to/ca}to get the same functionality.Once #7676 is released, we should deprecate the
tls::*_fileoptions in favor oftls::*_pemoptions.The text was updated successfully, but these errors were encountered: