This message was deleted SigNoz Community #support

Join Slack

This message was deleted.

# support

Slackbot

06/13/2022, 10:25 AM

This message was deleted.

Valentin Baert

06/13/2022, 11:36 AM

Currently on the agent collector side I have this log :

Copy code

2022-06-13T10:19:20.149Z    warn    zapgrpc/zapgrpc.go:191    [core[] grpc: addrConn.createTransport failed to connect to {signoz-otel-collector.apm.svc.cluster.local:4317 signoz-otel-collector.apm.svc.cluster.local:4317 <nil> <nil> 0 <nil>}. Err: connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake"    {"grpc_log": true}

And on the signoz collector side I have this log :

Copy code

signoz-otel-collector 2022-06-13T11:35:23.876Z    warn    zapgrpc/zapgrpc.go:191    [core[] grpc: Server.Serve failed to create ServerTransport:  connection error: desc = "transport: http2Server.HandleStreams received bogus greeting from client: \"\\x16\\x03\\x01\\x00\\xf5\\x01\\x00\\x00\\xf1\\x03\\x03\\xe4VlZE\\xd2\\xe4\\xe9\\xc6\\x1b\\x86/`\""    {"grpc_log": true}

So I'd like to enable TLS since it appears to be not enabled according to the error message. The client seems to expect a SSL handshake but the server does not answer appropiately

Prashant Shahi

06/13/2022, 12:05 PM

@Valentin Baert can you share the config that you used?

Valentin Baert

06/13/2022, 12:29 PM

On the signoz collector I'm using the helm charts + these values.yaml override :

Copy code

helm upgrade --install signoz signoz/signoz --namespace "apm" --create-namespace     --values override-values.yaml

Copy code

clickhouse:
  user: "admin"
  password: "xxxxx"
  cloud: gcp
  installCustomStorageClass: true
  persistence:
    storageClass: gce-resizable

otelCollector:
  config:
    receivers:
      otlp/auth:
        protocols:
          grpc:
            endpoint: 0.0.0.0:4317
            auth:
              authenticator: oidc
    extensions:
      oidc:
        issuer_url: <https://xxxxx.com/>
        audience: <https://xxxxx.com/>
    service:
      extensions: [health_check, zpages, oidc]
      pipelines:
        traces:
          receivers: [jaeger, otlp/auth]
          processors: [signozspanmetrics/prometheus, batch]
          exporters: [clickhousetraces]
        metrics:
          receivers: [otlp/auth, hostmetrics]
          processors: [batch]
          exporters: [clickhousemetricswrite]

Then I have deployed cert-manager and the open telemetry operator for kubernetes :

Copy code

helm upgrade --install     cert-manager jetstack/cert-manager     --namespace cert-manager     --create-namespace     --version v1.8.0     --set installCRDs=true     --set prometheus.enabled=false


kubectl apply -f <https://github.com/open-telemetry/opentelemetry-operator/releases/latest/download/opentelemetry-operator.yaml>

Then I have deployed a OpenTelemetryCollector to automate injecting a sidecar :

Copy code

apiVersion: <http://opentelemetry.io/v1alpha1|opentelemetry.io/v1alpha1>
kind: OpenTelemetryCollector
metadata:
    name: otel-sidecar-signoz
spec:
    mode: sidecar
    image: otel/opentelemetry-collector-contrib:0.43.0
    config: |

        extensions:
          oauth2client:
            client_id: xxxxx
            client_secret: xxxxx
            token_url: <https://xxxxx.com/api/auth/v1/oauth/token>

        receivers:
          otlp:
            protocols:
              grpc:
                endpoint: localhost:4317

        processors:

        exporters:
          otlp/auth:
            endpoint: signoz-otel-collector.apm.svc.cluster.local:4317
            auth:
              authenticator: oauth2client

        service:
          extensions:
            - oauth2client
          pipelines:
            traces:
              receivers:
                - otlp
              processors: []
              exporters:
                - otlp/auth

The sidecar injector properly detects when a Deployment has the annotation (

<http://sidecar.opentelemetry.io/inject|sidecar.opentelemetry.io/inject>: "true"

) and starts a sidecar container. However that sidecar container fails to send data to the signoz collector with the following error :

Copy code

2022-06-13T10:19:20.149Z    warn    zapgrpc/zapgrpc.go:191    [core[] grpc: addrConn.createTransport failed to connect to {signoz-otel-collector.apm.svc.cluster.local:4317 signoz-otel-collector.apm.svc.cluster.local:4317 <nil> <nil> 0 <nil>}. Err: connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake"    {"grpc_log": true}

The same error on the signoz collector side :

Copy code

signoz-otel-collector 2022-06-13T11:35:23.876Z    warn    zapgrpc/zapgrpc.go:191    [core[] grpc: Server.Serve failed to create ServerTransport:  connection error: desc = "transport: http2Server.HandleStreams received bogus greeting from client: \"\\x16\\x03\\x01\\x00\\xf5\\x01\\x00\\x00\\xf1\\x03\\x03\\xe4VlZE\\xd2\\xe4\\xe9\\xc6\\x1b\\x86/`\""    {"grpc_log": true}

Valentin Baert

06/13/2022, 1:06 PM

So I guess I must me missing something on the signoz otel collector side because it seems it wants an unsecured connection whereas I'd like it to want an secured tls connection. I'm trying to find in the docs how I should configure the otel collector on signoz to accept authenticated connections but I'm struggling to find the appropriate documentation to do this. I'm not sure how all of this fits together using the cert-manager deployment.

Prashant Shahi

06/14/2022, 11:22 AM

@Valentin Baert we haven't tested oauthclient/oidc authenticators yet. Like previously mentioned, we have only tested BasicAuth and it works as expected.

Prashant Shahi

06/14/2022, 11:24 AM

Also, we are using v0.45.X since recent release.

314 Views

Open in Slack

Previous Next