Merge pull request #101769 from max-cx/OBSDOCS-2751

OBSDOCS-2751: Modularize otel-collector-extensions.adoc

Author: max-cx

modules/otel-extensions-bearertokenauth-extension.adoc

@@ -0,0 +1,48 @@
+// Module included in the following assemblies:
+//
+// * observability/otel/otel-collector/otel-collector-extensions.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="otel-extensions-bearertokenauth-extension_{context}"]
+= BearerTokenAuth Extension
+
+[role="_abstract"]
+The BearerTokenAuth Extension is an authenticator for receivers and exporters that are based on the HTTP and the gRPC protocol.
+You can use the OpenTelemetry Collector custom resource to configure client authentication and server authentication for the BearerTokenAuth Extension on the receiver and exporter side.
+This extension supports traces, metrics, and logs.
+
+.OpenTelemetry Collector custom resource with client and server authentication configured for the BearerTokenAuth Extension
+[source,yaml]
+----
+# ...
+  config:
+    extensions:
+      bearertokenauth:
+        scheme: "Bearer" # <1>
+        token: "<token>" # <2>
+        filename: "<token_file>" # <3>
+
+    receivers:
+      otlp:
+        protocols:
+          http:
+            auth:
+              authenticator: bearertokenauth # <4>
+    exporters:
+      otlp:
+        auth:
+          authenticator: bearertokenauth # <5>
+
+    service:
+      extensions: [bearertokenauth]
+      pipelines:
+        traces:
+          receivers: [otlp]
+          exporters: [otlp]
+# ...
+----
+<1> You can configure the BearerTokenAuth Extension to send a custom `scheme`. The default is `Bearer`.
+<2> You can add the BearerTokenAuth Extension token as metadata to identify a message.
+<3> Path to a file that contains an authorization token that is transmitted with every message.
+<4> You can assign the authenticator configuration to an OTLP Receiver.
+<5> You can assign the authenticator configuration to an OTLP Exporter.

modules/otel-extensions-filestorage-extension.adoc

@@ -0,0 +1,50 @@
+// Module included in the following assemblies:
+//
+// * observability/otel/otel-collector/otel-collector-extensions.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="otel-extensions-filestorage-extension_{context}"]
+= File Storage Extension
+
+[role="_abstract"]
+The File Storage Extension supports traces, metrics, and logs. This extension can persist the state to the local file system. This extension persists the sending queue for the OpenTelemetry Protocol (OTLP) exporters that are based on the HTTP and the gRPC protocols. This extension requires the read and write access to a directory. This extension can use a default directory, but the default directory must already exist.
+
+:FeatureName: The File Storage Extension
+include::snippets/technology-preview.adoc[]
+
+.OpenTelemetry Collector custom resource with a configured File Storage Extension that persists an OTLP sending queue
+[source,yaml]
+----
+# ...
+  config:
+    extensions:
+      file_storage/all_settings:
+        directory: /var/lib/otelcol/mydir # <1>
+        timeout: 1s # <2>
+        compaction:
+          on_start: true # <3>
+          directory: /tmp/ # <4>
+          max_transaction_size: 65_536 # <5>
+        fsync: false # <6>
+
+    exporters:
+      otlp:
+        sending_queue:
+          storage: file_storage/all_settings # <7>
+
+    service:
+      extensions: [file_storage/all_settings] # <8>
+      pipelines:
+        traces:
+          receivers: [otlp]
+          exporters: [otlp]
+# ...
+----
+<1> Specifies the directory in which the telemetry data is stored.
+<2> Specifies the timeout time interval for opening the stored files.
+<3> Starts compaction when the Collector starts. If omitted, the default is `+false+`.
+<4> Specifies the directory in which the compactor stores the telemetry data.
+<5> Defines the maximum size of the compaction transaction. To ignore the transaction size, set to zero. If omitted, the default is `+65536+` bytes.
+<6> When set, forces the database to perform an `fsync` call after each write operation. This helps to ensure database integrity if there is an interruption to the database process, but at the cost of performance.
+<7> Buffers the OTLP Exporter data on the local file system.
+<8> Starts the File Storage Extension by the Collector.

modules/otel-extensions-healthcheck-extension.adoc

@@ -0,0 +1,55 @@
+// Module included in the following assemblies:
+//
+// * observability/otel/otel-collector/otel-collector-extensions.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="otel-extensions-healthcheck-extension_{context}"]
+= Health Check Extension
+
+[role="_abstract"]
+The Health Check Extension provides an HTTP URL for checking the status of the OpenTelemetry Collector. You can use this extension as a liveness and readiness probe on OpenShift.
+
+:FeatureName: The Health Check Extension
+include::snippets/technology-preview.adoc[]
+
+.OpenTelemetry Collector custom resource with the configured Health Check Extension
+[source,yaml]
+----
+# ...
+  config:
+    extensions:
+      health_check:
+        endpoint: "0.0.0.0:13133" # <1>
+        tls: # <2>
+          ca_file: "/path/to/ca.crt"
+          cert_file: "/path/to/cert.crt"
+          key_file: "/path/to/key.key"
+        path: "/health/status" # <3>
+        check_collector_pipeline: # <4>
+          enabled: true # <5>
+          interval: "5m" # <6>
+          exporter_failure_threshold: 5 # <7>
+
+    receivers:
+      otlp:
+        protocols:
+          http: {}
+
+    exporters:
+      debug: {}
+
+    service:
+      extensions: [health_check]
+      pipelines:
+        traces:
+          receivers: [otlp]
+          exporters: [debug]
+# ...
+----
+<1> The target IP address for publishing the health check status. The default is `0.0.0.0:13133`.
+<2> The TLS server-side configuration. Defines paths to TLS certificates. If omitted, the TLS is disabled.
+<3> The path for the health check server. The default is `/`.
+<4> Settings for the Collector pipeline health check.
+<5> Enables the Collector pipeline health check. The default is `false`.
+<6> The time interval for checking the number of failures. The default is `5m`.
+<7> The threshold of multiple failures until which a container is still marked as healthy. The default is `5`.

modules/otel-extensions-jaegerremotesampling-extension.adoc

@@ -0,0 +1,93 @@
+// Module included in the following assemblies:
+//
+// * observability/otel/otel-collector/otel-collector-extensions.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="otel-extensions-jaegerremotesampling-extension_{context}"]
+= Jaeger Remote Sampling Extension
+
+[role="_abstract"]
+The Jaeger Remote Sampling Extension enables serving sampling strategies after Jaeger's remote sampling API. You can configure this extension to proxy requests to a backing remote sampling server such as a Jaeger collector down the pipeline or to a static JSON file from the local file system.
+
+:FeatureName: The Jaeger Remote Sampling Extension
+include::snippets/technology-preview.adoc[]
+
+.OpenTelemetry Collector custom resource with a configured Jaeger Remote Sampling Extension
+[source,yaml]
+----
+# ...
+  config:
+    extensions:
+      jaegerremotesampling:
+        source:
+          reload_interval: 30s # <1>
+          remote:
+            endpoint: jaeger-collector:14250 # <2>
+          file: /etc/otelcol/sampling_strategies.json # <3>
+
+    receivers:
+      otlp:
+        protocols:
+          http: {}
+
+    exporters:
+      debug: {}
+
+    service:
+      extensions: [jaegerremotesampling]
+      pipelines:
+        traces:
+          receivers: [otlp]
+          exporters: [debug]
+# ...
+----
+<1> The time interval at which the sampling configuration is updated.
+<2> The endpoint for reaching the Jaeger remote sampling strategy provider.
+<3> The path to a local file that contains a sampling strategy configuration in the JSON format.
+
+.Example of a Jaeger Remote Sampling strategy file
+[source,json]
+----
+{
+  "service_strategies": [
+    {
+      "service": "foo",
+      "type": "probabilistic",
+      "param": 0.8,
+      "operation_strategies": [
+        {
+          "operation": "op1",
+          "type": "probabilistic",
+          "param": 0.2
+        },
+        {
+          "operation": "op2",
+          "type": "probabilistic",
+          "param": 0.4
+        }
+      ]
+    },
+    {
+      "service": "bar",
+      "type": "ratelimiting",
+      "param": 5
+    }
+  ],
+  "default_strategy": {
+    "type": "probabilistic",
+    "param": 0.5,
+    "operation_strategies": [
+      {
+        "operation": "/health",
+        "type": "probabilistic",
+        "param": 0.0
+      },
+      {
+        "operation": "/metrics",
+        "type": "probabilistic",
+        "param": 0.0
+      }
+    ]
+  }
+}
+----

modules/otel-extensions-oauth2client-extension.adoc

@@ -0,0 +1,67 @@
+// Module included in the following assemblies:
+//
+// * observability/otel/otel-collector/otel-collector-extensions.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="otel-extensions-oauth2client-extension_{context}"]
+= OAuth2Client Extension
+
+[role="_abstract"]
+The OAuth2Client Extension is an authenticator for exporters that are based on the HTTP and the gRPC protocol.
+Client authentication for the OAuth2Client Extension is configured in a separate section in the OpenTelemetry Collector custom resource.
+This extension supports traces, metrics, and logs.
+
+:FeatureName: The OAuth2Client Extension
+include::snippets/technology-preview.adoc[]
+
+.OpenTelemetry Collector custom resource with client authentication configured for the OAuth2Client Extension
+[source,yaml]
+----
+# ...
+  config:
+    extensions:
+      oauth2client:
+        client_id: <client_id> # <1>
+        client_secret: <client_secret> # <2>
+        endpoint_params: # <3>
+          audience: <audience>
+        token_url: https://example.com/oauth2/default/v1/token # <4>
+        scopes: ["api.metrics"] # <5>
+        # tls settings for the token client
+        tls: # <6>
+          insecure: true # <7>
+          ca_file: /var/lib/mycert.pem # <8>
+          cert_file: <cert_file> # <9>
+          key_file: <key_file> # <10>
+        timeout: 2s # <11>
+
+    receivers:
+      otlp:
+        protocols:
+          http: {}
+
+    exporters:
+      otlp:
+        auth:
+          authenticator: oauth2client # <12>
+
+    service:
+      extensions: [oauth2client]
+      pipelines:
+        traces:
+          receivers: [otlp]
+          exporters: [otlp]
+# ...
+----
+<1> Client identifier, which is provided by the identity provider.
+<2> Confidential key used to authenticate the client to the identity provider.
+<3> Further metadata, in the key-value pair format, which is transferred during authentication. For example, `audience` specifies the intended audience for the access token, indicating the recipient of the token.
+<4> The URL of the OAuth2 token endpoint, where the Collector requests access tokens.
+<5> The scopes define the specific permissions or access levels requested by the client.
+<6> The Transport Layer Security (TLS) settings for the token client, which is used to establish a secure connection when requesting tokens.
+<7> When set to `true`, configures the Collector to use an insecure or non-verified TLS connection to call the configured token endpoint.
+<8> The path to a Certificate Authority (CA) file that is used to verify the server's certificate during the TLS handshake.
+<9> The path to the client certificate file that the client must use to authenticate itself to the OAuth2 server if required.
+<10> The path to the client's private key file that is used with the client certificate if needed for authentication.
+<11> Sets a timeout for the token client's request.
+<12> You can assign the authenticator configuration to an OTLP exporter.

modules/otel-extensions-oidcauth-extension.adoc

@@ -0,0 +1,48 @@
+// Module included in the following assemblies:
+//
+// * observability/otel/otel-collector/otel-collector-extensions.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="otel-extensions-oidcauth-extension_{context}"]
+= OIDC Auth Extension
+
+[role="_abstract"]
+The OIDC Auth Extension authenticates incoming requests to receivers by using the OpenID Connect (OIDC) protocol.
+It validates the ID token in the authorization header against the issuer and updates the authentication context of the incoming request.
+
+:FeatureName: The OIDC Auth Extension
+include::snippets/technology-preview.adoc[]
+
+.OpenTelemetry Collector custom resource with the configured OIDC Auth Extension
+[source,yaml]
+----
+# ...
+  config:
+    extensions:
+      oidc:
+        attribute: authorization # <1>
+        issuer_url: https://example.com/auth/realms/opentelemetry # <2>
+        issuer_ca_path: /var/run/tls/issuer.pem # <3>
+        audience: otel-collector # <4>
+        username_claim: email # <5>
+    receivers:
+      otlp:
+        protocols:
+          grpc:
+            auth:
+              authenticator: oidc
+    exporters:
+      debug: {}
+    service:
+      extensions: [oidc]
+      pipelines:
+        traces:
+          receivers: [otlp]
+          exporters: [debug]
+# ...
+----
+<1> The name of the header that contains the ID token. The default name is `authorization`.
+<2> The base URL of the OIDC provider.
+<3> Optional: The path to the issuer's CA certificate.
+<4> The audience for the token.
+<5> The name of the claim that contains the username. The default name is `sub`.