Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Getting Certificate issue with google cloud exporter #27426

Closed
arjunvijaygoogle opened this issue Oct 4, 2023 · 2 comments
Closed

Getting Certificate issue with google cloud exporter #27426

arjunvijaygoogle opened this issue Oct 4, 2023 · 2 comments
Assignees
Labels
bug Something isn't working exporter/googlecloud priority:p2 Medium

Comments

@arjunvijaygoogle
Copy link

Component(s)

exporter/googlecloud

What happened?

Description

I am running this configuration

receivers:
  otlp:
    protocols:
      grpc:
      http:
exporters:
  googlecloud:
    impersonate:
      target_principal: otel-collector@arjun-demo-123.iam.gserviceaccount.com


processors:
  memory_limiter:
    check_interval: 1s
    limit_percentage: 65
    spike_limit_percentage: 20
  batch:
  resourcedetection:
    detectors: [gcp]
    timeout: 10s
service:
  pipelines:
#    traces:
#      receivers: [otlp]
#      processors: [memory_limiter, batch]
#      exporters: [googlecloud]
    metrics:
      receivers: [otlp]
      processors: [memory_limiter, batch]
      exporters: [googlecloud]
#    logs:
#      receivers: [otlp]
#      processors: [memory_limiter, batch]
#      exporters: [googlecloud]

getting this in collector logs

2023-10-04T15:41:53.565Z warn zapgrpc/zapgrpc.go:195 [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority" {"grpc_log": true}

Steps to Reproduce

Run the custom collector https://github.com/GoogleCloudPlatform/opentelemetry-collector-builder-sample

Expected Result

To send metrics to GCP

Actual Result

2023-10-04T15:41:53.565Z warn zapgrpc/zapgrpc.go:195 [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority" {"grpc_log": true}

Collector version

v0.86.0

Environment information

Environment

OS: (e.g., "Ubuntu 20.04")
Compiler(if manually compiled): (e.g., "go 14.2")

Copyright 2022 Google LLC

Licensed under the Apache License, Version 2.0 (the "License");

you may not use this file except in compliance with the License.

You may obtain a copy of the License at

https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.

FROM golang:latest as build
ARG OTEL_VERSION=0.86.0
WORKDIR /app
COPY . .
RUN go install go.opentelemetry.io/collector/cmd/builder@v${OTEL_VERSION}
RUN builder --config=builder-config.yaml

FROM ubuntu:latest
COPY --from=build /app/bin/otelcol-custom /

4317 - default OTLP receiver

55678 - opencensus (tracing) receiver

55679 - zpages

EXPOSE 4317/tcp 55678/tcp 55679/tcp

#RUN ls
#RUN chmod +x /otelcol-custom

ENTRYPOINT ["/otelcol-custom"]

OpenTelemetry Collector configuration

receivers:
  otlp:
    protocols:
      grpc:
      http:
exporters:
  googlecloud:
    impersonate:
      target_principal: otel-collector@arjun-demo-123.iam.gserviceaccount.com


processors:
  memory_limiter:
    check_interval: 1s
    limit_percentage: 65
    spike_limit_percentage: 20
  batch:
  resourcedetection:
    detectors: [gcp]
    timeout: 10s
service:
  pipelines:
#    traces:
#      receivers: [otlp]
#      processors: [memory_limiter, batch]
#      exporters: [googlecloud]
    metrics:
      receivers: [otlp]
      processors: [memory_limiter, batch]
      exporters: [googlecloud]
#    logs:
#      receivers: [otlp]
#      processors: [memory_limiter, batch]
#      exporters: [googlecloud]


### Log output

```shell
2023-10-04T15:41:25.156Z        info    memorylimiterprocessor@v0.86.0/memorylimiter.go:102     Memory limiter configured       {"kind": "processor", "name": "memory_limiter", "pipeline": "metrics", "limit_mib": 332, "spike_limit_mib": 102, "check_interval": 1}
2023-10-04T15:41:25.195Z        info    service@v0.86.0/service.go:138  Starting otelcol-custom...      {"Version": "1.0.0", "NumCPU": 4}
2023-10-04T15:41:25.195Z        info    extensions/extensions.go:31     Starting extensions...
2023-10-04T15:41:25.195Z        warn    internal@v0.86.0/warning.go:40  Using the 0.0.0.0 address exposes this server to every network interface, which may facilitate Denial of Service attacks       {"kind": "receiver", "name": "otlp", "data_type": "metrics", "documentation": "https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md#safeguards-against-denial-of-service-attacks"}
2023-10-04T15:41:25.196Z        info    otlpreceiver@v0.86.0/otlp.go:83 Starting GRPC server    {"kind": "receiver", "name": "otlp", "data_type": "metrics", "endpoint": "0.0.0.0:4317"}
2023-10-04T15:41:25.196Z        warn    internal@v0.86.0/warning.go:40  Using the 0.0.0.0 address exposes this server to every network interface, which may facilitate Denial of Service attacks       {"kind": "receiver", "name": "otlp", "data_type": "metrics", "documentation": "https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md#safeguards-against-denial-of-service-attacks"}
2023-10-04T15:41:25.196Z        info    otlpreceiver@v0.86.0/otlp.go:101        Starting HTTP server    {"kind": "receiver", "name": "otlp", "data_type": "metrics", "endpoint": "0.0.0.0:4318"}
2023-10-04T15:41:25.196Z        info    service@v0.86.0/service.go:161  Everything is ready. Begin running and processing data.
2023-10-04T15:41:25.210Z        warn    zapgrpc/zapgrpc.go:195  [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"    {"grpc_log": true}
2023-10-04T15:41:26.225Z        warn    zapgrpc/zapgrpc.go:195  [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"    {"grpc_log": true}
2023-10-04T15:41:27.959Z        warn    zapgrpc/zapgrpc.go:195  [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"    {"grpc_log": true}
2023-10-04T15:41:31.054Z        warn    zapgrpc/zapgrpc.go:195  [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"    {"grpc_log": true}
2023-10-04T15:41:34.595Z        warn    zapgrpc/zapgrpc.go:195  [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"    {"grpc_log": true}
2023-10-04T15:41:41.999Z        warn    zapgrpc/zapgrpc.go:195  [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"    {"grpc_log": true}
2023-10-04T15:41:53.565Z        warn    zapgrpc/zapgrpc.go:195  [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"    {"grpc_log": true}

Additional context

No response

@arjunvijaygoogle arjunvijaygoogle added bug Something isn't working needs triage New item requiring triage labels Oct 4, 2023
@github-actions
Copy link
Contributor

github-actions bot commented Oct 4, 2023

Pinging code owners:

See Adding Labels via Comments if you do not have permissions to add labels yourself.

@dashpole dashpole self-assigned this Oct 5, 2023
@dashpole dashpole added priority:p2 Medium and removed needs triage New item requiring triage labels Oct 5, 2023
@dashpole
Copy link
Contributor

dashpole commented Oct 5, 2023

Since this is using a custom build of the collector, lets move this issue to the https://github.com/GoogleCloudPlatform/opentelemetry-collector-builder-sample repository

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working exporter/googlecloud priority:p2 Medium
Projects
None yet
Development

No branches or pull requests

2 participants