mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
68 lines
2.9 KiB
Plaintext
68 lines
2.9 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * observability/otel/otel-collector/otel-collector-extensions.adoc
|
|
|
|
:_mod-docs-content-type: REFERENCE
|
|
[id="otel-extensions-oauth2client-extension_{context}"]
|
|
= OAuth2Client Extension
|
|
|
|
[role="_abstract"]
|
|
The OAuth2Client Extension is an authenticator for exporters that are based on the HTTP and the gRPC protocol.
|
|
Client authentication for the OAuth2Client Extension is configured in a separate section in the OpenTelemetry Collector custom resource.
|
|
This extension supports traces, metrics, and logs.
|
|
|
|
:FeatureName: The OAuth2Client Extension
|
|
include::snippets/technology-preview.adoc[]
|
|
|
|
.OpenTelemetry Collector custom resource with client authentication configured for the OAuth2Client Extension
|
|
[source,yaml]
|
|
----
|
|
# ...
|
|
config:
|
|
extensions:
|
|
oauth2client:
|
|
client_id: <client_id> # <1>
|
|
client_secret: <client_secret> # <2>
|
|
endpoint_params: # <3>
|
|
audience: <audience>
|
|
token_url: https://example.com/oauth2/default/v1/token # <4>
|
|
scopes: ["api.metrics"] # <5>
|
|
# tls settings for the token client
|
|
tls: # <6>
|
|
insecure: true # <7>
|
|
ca_file: /var/lib/mycert.pem # <8>
|
|
cert_file: <cert_file> # <9>
|
|
key_file: <key_file> # <10>
|
|
timeout: 2s # <11>
|
|
|
|
receivers:
|
|
otlp:
|
|
protocols:
|
|
http: {}
|
|
|
|
exporters:
|
|
otlp:
|
|
auth:
|
|
authenticator: oauth2client # <12>
|
|
|
|
service:
|
|
extensions: [oauth2client]
|
|
pipelines:
|
|
traces:
|
|
receivers: [otlp]
|
|
exporters: [otlp]
|
|
# ...
|
|
----
|
|
<1> Client identifier, which is provided by the identity provider.
|
|
<2> Confidential key used to authenticate the client to the identity provider.
|
|
<3> Further metadata, in the key-value pair format, which is transferred during authentication. For example, `audience` specifies the intended audience for the access token, indicating the recipient of the token.
|
|
<4> The URL of the OAuth2 token endpoint, where the Collector requests access tokens.
|
|
<5> The scopes define the specific permissions or access levels requested by the client.
|
|
<6> The Transport Layer Security (TLS) settings for the token client, which is used to establish a secure connection when requesting tokens.
|
|
<7> When set to `true`, configures the Collector to use an insecure or non-verified TLS connection to call the configured token endpoint.
|
|
<8> The path to a Certificate Authority (CA) file that is used to verify the server's certificate during the TLS handshake.
|
|
<9> The path to the client certificate file that the client must use to authenticate itself to the OAuth2 server if required.
|
|
<10> The path to the client's private key file that is used with the client certificate if needed for authentication.
|
|
<11> Sets a timeout for the token client's request.
|
|
<12> You can assign the authenticator configuration to an OTLP exporter.
|