Enterprise Documentation
Authenticated metrics to SaaS providers using OTEL
Document updated on Apr 18, 2024
The OpenTelemetry Security component allows your KrakenD nodes to push data to a remote collector over the Internet that needs authentication, usually adding a token header.
It allows you to run KrakenD without installing a collector in your infrastructure and push data directly to a SaaS provider, saving time by simplifying the infrastructure needed to monitor the activity.
It combines with the telemetry/opentelemetry configuration and separates the authentication data into a new namespace: telemetry/opentelemetry-security.
To add authentication, you need a configuration like this:
{
"version": 3,
"telemetry/opentelemetry": {
"exporters": {
"otlp": [
{
"name": "newrelic",
"host": "https://otlp.eu01.nr-data.net",
"port": 4317,
"use_http": true
}
]
}
},
"telemetry/opentelemetry-security": {
"otlp": [
{
"name": "newrelic",
"headers": {
"api-key": "YOUR_NEWRELIC_LICENSE_KEY"
}
}
]
}
}
In the example above, the telemetry/opentelemetry is simplified and does not contain all required fields, but notice the following:
- Both components use the same exporter
name, which is a must. - The flag
use_httpis set totrueto send all data through HTTPS instead of gRPC, also a must. - The example header is
api-key, the header name New Relic expects, but each SaaS provider uses a different one. - The value of the header is your license or API key as assigned by the SaaS provider
Here are the fields allowed by the component:
Fields of OpenTelemetry Security
| The list of OTLP exporters that require authentication. Set at least one object to push metrics and traces to an external collector using OTLP.
Each item is an object with the following properties:
|
When the credentials do not work, you’ll see failure messages in the log when pushing the metrics. These usually look like this:
▶ ERROR [SERVICE: OpenTelemetry] failed to upload metrics: failed to send metrics to https://otlp.eu01.nr-data.net:4318/v1/metrics: 403 Forbidden
