Hi i have configured below TLS in tempo configuration, My application is giving below error for tempo otlp endpoint
2024-03-13T04:17:47,743 ERROR [grpc-default-executor-2] i.o.e.o.trace.OtlpGrpcSpanExporter - Failed to export spans. Server is UNAVAILABLE. Make sure your collector is running and reachable from this network. Full error message:UNAVAILABLE
Below is my tempo configuration
stream_over_http_enabled: true
server:
http_listen_port: 3200
log_level: info
tls_cipher_suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
tls_min_version: VersionTLS12
grpc_tls_config:
cert_file: /etc/tempo/example.crt
key_file: /etc/tempo/example.key
client_auth_type: VerifyClientCertIfGiven
client_ca_file: /etc/tempo/ca.crt
http_tls_config:
cert_file: /etc/tempo/example.crt
key_file: /etc/tempo/example.key
client_auth_type: VerifyClientCertIfGiven
client_ca_file: /etc/tempo/ca.crt
querier:
frontend_worker:
grpc_client_config:
tls_enabled: true
tls_cert_path: /etc/tempo/example.crt
tls_key_path: /etc/tempo/example.key
tls_ca_path: /etc/tempo/ca.crt
tls_insecure_skip_verify: true
tls_cipher_suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
tls_min_version: VersionTLS12
query_frontend:
search:
duration_slo: 5s
throughput_bytes_slo: 1.073741824e+09
trace_by_id:
duration_slo: 5s
metrics_generator_client:
grpc_client_config:
tls_enabled: true
tls_cert_path: /etc/tempo/example.crt
tls_key_path: /etc/tempo/example.key
tls_ca_path: /etc/tempo/ca.crt
tls_insecure_skip_verify: true
tls_cipher_suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
tls_min_version: VersionTLS12
ingester_client:
grpc_client_config:
tls_enabled: true
tls_cert_path: /etc/tempo/example.crt
tls_key_path: /etc/tempo/example.key
tls_ca_path: /etc/tempo/ca.crt
tls_insecure_skip_verify: true
tls_cipher_suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
tls_min_version: VersionTLS12
distributor:
receivers: # this configuration will listen on all ports and protocols that tempo is capable of.
jaeger: # the receives all come from the OpenTelemetry collector. more configuration information can
protocols: # be found there: https://github.com/open-telemetry/opentelemetry-collector/tree/main/receiver
thrift_http: #
grpc: # for a production deployment you should only enable the receivers you need!
thrift_binary:
thrift_compact:
zipkin:
otlp:
protocols:
http:
tls:
ca_file: /etc/tempo/ca.crt
cert_file: /etc/tempo/example.crt
key_file: /etc/tempo/example.key
grpc:
tls:
ca_file: /etc/tempo/ca.crt
cert_file: /etc/tempo/example.crt
key_file: /etc/tempo/example.key
opencensus:
ingester:
max_block_duration: 5m # cut the headblock when this much time passes. this is being set for demo purposes and should probably be left alone normally
compactor:
compaction:
block_retention: 1h # overall Tempo trace retention. set for demo purposes
metrics_generator:
registry:
external_labels:
source: tempo
cluster: docker-compose
storage:
path: /tmp/tempo/generator/wal
remote_write:
- url: http://192.168.1.90:9090/api/v1/write
send_exemplars: true
memberlist:
tls_enabled: true
tls_cert_path: /etc/tempo/example.crt
tls_key_path: /etc/tempo/example.key
tls_ca_path: /etc/tempo/ca.crt
tls_insecure_skip_verify: true
storage:
trace:
backend: local # backend configuration to use
wal:
path: /tmp/tempo/wal # where to store the the wal locally
local:
path: /tmp/tempo/blocks
overrides:
defaults:
metrics_generator:
processors: [service-graphs, span-metrics] # enables metrics generator