Add otlp_grpc exporter mTLS certificate configuration option

[jochenehret]

Add certificate configuration parameters in case the exporter gRPC endpoint requires mTLS.

[jorbaum]

Coding looks good, I yet have to understand why this is necessary :) .

[chombium]

Hi @jochenehret,

thanks for the PP and sorry for the late reply. The PR is a step in the right direction, but we shouldn't add separate parameters for each exporter. It would be great if we have a template file which will write all credential files for all exporters.

The config property would be something like:

expor
exporters_creds:
    production_backend:
      ca: ((production_ca))
      cert: ((production_cert))
      key: ((production_key))
    staging_backend:
      ca: ((staging_ca))
      cert: ((staging_cert))
      key: ((staging_key))

than in the config.yaml.erb the cred files could be written by convention to var/vcap/jobs/otel-collector/config/certs. The operators can reference the file paths in the config, or if we want to automate the things we could add the references programmatically, the way you've done it in your PR.

Wdyt?

I will test this approach and take your PR as a basis.

[jorbaum]

It seems that this is actually not necessary and you should be able to configure certificates for each exporter via the main otel config (also documented in cf docs):

config:
  exporters:
    otlp_grpc/prod:
      endpoint: prod-backend:4317
      tls:
        ca_pem:   ((prod_ca))
        cert_pem: ((prod_cert))
        key_pem:  ((prod_key))

In case you need more flexibility there is also a secret config value that can be used to configure certificates per exporter.

I added some more documentation via #215 .

[chombium]

IMO we can close this PR in favor of #215 as we have the needed functionality, but we have to document it.

@jorbaum, @jochenehret wdyt?

@jochenehret Sorry for any inconvenience caused. I know that you've invested a lot of time in testing mTLS and creating this PR.