Add IMGPROXY_OPEN_TELEMETRY_GRPC_INSECURE config

CHANGELOG.md

@@ -1,6 +1,8 @@
 # Changelog
 
 ## [Unreleased]
+### Add
+- Add `IMGPROXY_OPEN_TELEMETRY_GRPC_INSECURE` config.
 
 ## [3.10.0] - 2022-11-04
 ### Add

config/config.go

@@ -150,6 +150,7 @@ var (
 	OpenTelemetryServerCert        string
 	OpenTelemetryClientCert        string
 	OpenTelemetryClientKey         string
+	OpenTelemetryGRPCInsecure      bool
 	OpenTelemetryPropagators       []string
 	OpenTelemetryConnectionTimeout int
 
@@ -328,6 +329,7 @@ func Reset() {
 	OpenTelemetryServerCert = ""
 	OpenTelemetryClientCert = ""
 	OpenTelemetryClientKey = ""
+	OpenTelemetryGRPCInsecure = true
 	OpenTelemetryPropagators = make([]string, 0)
 	OpenTelemetryConnectionTimeout = 5
 
@@ -518,6 +520,7 @@ func Configure() error {
 	configurators.String(&OpenTelemetryServerCert, "IMGPROXY_OPEN_TELEMETRY_SERVER_CERT")
 	configurators.String(&OpenTelemetryClientCert, "IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT")
 	configurators.String(&OpenTelemetryClientKey, "IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY")
+	configurators.Bool(&OpenTelemetryGRPCInsecure, "IMGPROXY_OPEN_TELEMETRY_GRPC_INSECURE")
 	configurators.StringSlice(&OpenTelemetryPropagators, "IMGPROXY_OPEN_TELEMETRY_PROPAGATORS")
 	configurators.Int(&OpenTelemetryConnectionTimeout, "IMGPROXY_OPEN_TELEMETRY_CONNECTION_TIMEOUT")
 

docs/configuration.md

@@ -407,6 +407,7 @@ imgproxy can send request traces to an OpenTelemetry collector:
 * `IMGPROXY_OPEN_TELEMETRY_SERVER_CERT`: OpenTelemetry collector TLS certificate, PEM-encoded. Default: blank
 * `IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT`: OpenTelemetry client TLS certificate, PEM-encoded. Default: blank
 * `IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY`: OpenTelemetry client TLS key, PEM-encoded. Default: blank
+* `IMGPROXY_OPEN_TELEMETRY_GRPC_INSECURE`: when `true`, `IMGPROXY_OPEN_TELEMETRY_PROTOCOL` is set to `grpc`, and the collector TLS certificate is not provided, imgproxy will use an insecure GRPC connection. Default: `true`
 * `IMGPROXY_OPEN_TELEMETRY_PROPAGATORS`: a list of OpenTelemetry text map propagators, comma divided. Supported propagators are `tracecontext`, `baggage`, `b3`, `b3multi`, `jaeger`, `xray`, and `ottrace`. Default: blank
 * `IMGPROXY_OPEN_TELEMETRY_CONNECTION_TIMEOUT`: the maximum duration (in seconds) for establishing a connection to the OpenTelemetry collector. Default: `5`
 

docs/open_telemetry.md

@@ -16,7 +16,7 @@ imgproxy can send request traces to an OpenTelemetry collector. To use this feat
     * `jaeger`: [Jaeger](https://www.jaegertracing.io/docs/1.21/client-libraries/#propagation-format)
     * `xray`: [AWS X-Ray](https://docs.aws.amazon.com/xray/latest/devguide/xray-concepts.html#xray-concepts-tracingheader)
     * `ottrace`: [OT Trace](https://github.com/opentracing?q=basic&type=&language=)
-5. _(optional)_ [Set up TLS certificates](#tls-configuration).
+5. _(optional)_ [Set up TLS certificates](#tls-configuration) or set `IMGPROXY_OPEN_TELEMETRY_GRPC_INSECURE` to `false` to use secure connection without TLS certificates set.
 6. _(optional)_ Set `IMGPROXY_OPEN_TELEMETRY_ENABLE_METRICS` to `true` to enable sending metrics via OpenTelemetry Metrics API.
 
 imgproxy will send the following info to the collector:

metrics/otel/otel.go

@@ -175,7 +175,7 @@ func buildGRPCExporters() (*otlptrace.Exporter, sdkmetric.Exporter, error) {
 		creds := credentials.NewTLS(tlsConf)
 		tracerOpts = append(tracerOpts, otlptracegrpc.WithTLSCredentials(creds))
 		meterOpts = append(meterOpts, otlpmetricgrpc.WithTLSCredentials(creds))
-	} else {
+	} else if config.OpenTelemetryGRPCInsecure {
 		tracerOpts = append(tracerOpts, otlptracegrpc.WithInsecure())
 		meterOpts = append(meterOpts, otlpmetricgrpc.WithInsecure())
 	}