-
Notifications
You must be signed in to change notification settings - Fork 897
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Environment variables specification should require _FILE
variations to support reading from files
#2739
Comments
Is this proposed change small, or does would it require making a proposal on https://github.com/open-telemetry/oteps? |
This should be likely covered by the config file. |
@tigrannajaryan, I do not consider it to be the same request as the config file proposal. It suffers from the issue that Kubernetes users would need to create a On the other hand, if someone only needs to set a few properties, then having the implicit |
What if the Otel config file supported a way to reference another file and fetch the value of a particular config setting from that other file? |
I'd expect that doing something similar with a Some software packages only support a An alternative, but not quite as convenient, would be just storing the secrets subset in another configuration file since the file would still need to be regenerated whenever the secret changes. Perhaps there is someone with more experience than me from CNCF Kubernetes or a whitepaper from the same that could point to the best practices (for Kubernetes, or other similar cloud users). |
we've moved this to "not blocking stability", because there is a workaround: mount the config file from a config map secret |
@open-telemetry/technical-committee does this belong to the configuration project or should this be handled independently? |
This is tracked in Configuration Project Board and is in the purview of Config SIG. We do not need to involve the TC. |
@svrnm what's the right triaging label to apply to issues that are moved to a SIG? |
@tigrannajaryan |
What are you trying to achieve?
If an SDK supports environment variables, all of the environment variables should have a variation with a
_FILE
suffix so that the value can be read from a file instead of the variable itself. In some environments this would be extremely helpful where secrets are not allowed to be passed in an environment variable, e.g., forOTEL_EXPORTER_JAEGER_PASSWORD
. Instead users should be able to point to a file specified byOTEL_EXPORTER_JAEGER_PASSWORD_FILE
.A use case that would probably be very common is mounting a Kubernetes
Secret
to a directory in a container. Besides actual secrets, Kubernetes users may access things like hostnames or ports within the sameSecret
, so supporting_FILE
suffix for everything would remove the configuration burden of adding multipleconfigMapKeyRef
and/orsecretKeyRef
references in Kubernetes workload resources. If all workloads reference the sameConfigMap
and/orSecrets
with theOTEL
configuration values in theirNamespace
, then it makes it easier to have workloads set up similarly with less toil.Additional context.
_FILE
suffix convention for secretsThe text was updated successfully, but these errors were encountered: