-
Notifications
You must be signed in to change notification settings - Fork 527
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrading OpenTelemetry dependency changes how receiver connects to network address #4465
Comments
That's a tough one b/c it will likely break every Tempo install including the default helm configuration. Can we detect a configuration with no specified endpoints like:
and default to 0.0.0.0? should we and log a warning? The option to specify something more specific exists and this way we wouldn't have this massive breaking change. |
I believe we could that here: tempo/modules/distributor/receiver/shim.go Lines 249 to 273 in 3d9bb0b
It feels pretty hacky though. I'm not 100% sure what the logic should look like. If endpoint is empty, replace by |
We discussed this briefly in the dev chat: changing the configuration is a bit tedious, so if possible we want to avoid this. In terms of impact: this will potentially impact a large amount of installations, so we need to add a big warning in the release notes. The I'm not sure if |
Tempo currently has a whole bunch of OTel dependencies at
v0.102.1
, when I upgrade these to a recent version (v0.116.0
) the receiver is not able to receive data anymore in certain configurations.Background
The cause is a change in behaviour: the OpenTelemetry Collector used to listen on
0.0.0.0
by default. Meaning, if you enabled the receivers with default config, the otlp receiver would for instance listen on0.0.0.0:4317
.This was brought up as a security risk: open-telemetry/opentelemetry-collector#8510.
Documentation: open-telemetry/opentelemetry-collector//docs/security-best-practices.md#safeguards-against-denial-of-service-attacks
In
v0.94.0
a feature gate was added to change this behaviour.This comment links a lot of PRs related to this work: open-telemetry/opentelemetry-collector#8510 (comment)
Summarized:
UseLocalHostAsDefaultHost
, an unspecified address will be replaced bylocalhost
In
v0.110.0
this flag was made stable.In
v0.112.0
the flag was removed entirely.How does this impact Tempo?
Most Tempo installations use the receivers with the default config, something like:
This used to work fine since the receivers defaulted to
0.0.0.0:4317
and0.0.0.0:4318
respectively. With the changes to replace unspecified address, the receivers now default tolocalhost:4317
andlocalhost:4318
.And as a result connections to Tempo running in a Docker container don't work anymore.
To workaround this you need to specify the address you want to bind to explicitly. For instance if Tempo is running in a container with hostname
tempo
this should work:You can also explicitly bind to
0.0.0.0
still, but this has potential security risks:If we wish to upgrade the OTel depedency, we need to document this. I don't believe there is a feasible workaround we can do to preserve the original behaviour (nor would it be desirable considering the aforementioned security risks).
To Reproduce
If you do the same but run Tempo directly (not containerized) it works:
The text was updated successfully, but these errors were encountered: