otelcol.extension.jaeger_remote_sampling
otelcol.extension.jaeger_remote_sampling serves a specified Jaeger remote sampling document.
Note
otelcol.extension.jaeger_remote_samplingis a wrapper over the upstream OpenTelemetry Collectorjaegerremotesamplingextension. Bug reports or feature requests will be redirected to the upstream repository, if necessary.
You can specify multiple otelcol.extension.jaeger_remote_sampling components by giving them different labels.
Usage
otelcol.extension.jaeger_remote_sampling "<LABEL>" {
source {
}
}Arguments
otelcol.extension.jaeger_remote_sampling doesn’t support any arguments and is configured fully through inner blocks.
Blocks
You can use the following blocks with otelcol.extension.jaeger_remote_sampling:
| Block | Description | Required |
|---|---|---|
source | Configures the Jaeger remote sampling document. | yes |
source >
remote | Configures the gRPC client used to retrieve the Jaeger remote sampling document. | no |
source > remote >
keepalive client | Configures keepalive settings for the gRPC client. | no |
source > remote >
tls client | Configures TLS for the gRPC client. | no |
http | Configures the HTTP server to serve Jaeger remote sampling. | no |
http >
cors | Configures CORS for the HTTP server. | no |
http >
tls | Configures TLS for the HTTP server. | no |
grpc | Configures the gRPC server to serve Jaeger remote sampling. | no |
grpc >
keepalive | Configures keepalive settings for the configured server. | no |
grpc > keepalive >
enforcement_policy | Enforcement policy for keepalive settings. | no |
grpc > keepalive >
server_parameters | Server parameters used to configure keepalive settings. | no |
grpc >
tls | Configures TLS for the gRPC server. | no |
debug_metrics | Configures the metrics that this component generates to monitor its state. | no |
The > symbol indicates deeper levels of nesting.
For example, grpc > tls refers to a tls block defined inside a grpc block.
source
Required
The source block configures the method of retrieving the Jaeger remote sampling document that’s served by the servers specified in the grpc and http blocks.
The following arguments are supported:
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
content | string | A string containing the Jaeger remote sampling contents directly. | "" | no |
file | string | A local file containing a Jaeger remote sampling document. | "" | no |
reload_interval | duration | The interval at which to reload the specified file. Leave at 0 to never reload. | 0 | no |
Exactly one of the file argument, content argument or remote block must be specified.
remote
The remote block configures the gRPC client used by the component.
The following arguments are supported:
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
endpoint | string | host:port to send telemetry data to. | yes | |
auth | capsule(otelcol.Handler) | Handler from an otelcol.auth component to use for authenticating requests. | no | |
authority | string | Overrides the default :authority header in gRPC requests from the gRPC client. | no | |
compression | string | Compression mechanism to use for requests. | "gzip" | no |
headers | map(string) | Additional headers to send with the request. | {} | no |
read_buffer_size | string | Size of the read buffer the gRPC client to use for reading server responses. | no | |
wait_for_ready | boolean | Waits for gRPC connection to be in the READY state before sending data. | false | no |
write_buffer_size | string | Size of the write buffer the gRPC client to use for writing requests. | "512KiB" | no |
By default, requests are compressed with Gzip.
The compression argument controls which compression mechanism to use. Supported strings are:
"gzip""zlib""deflate""snappy""zstd"
If you set compression to "none" or an empty string "", the requests aren’t compressed.
The supported values for balancer_name are listed in the gRPC documentation on
Load balancing:
pick_first: Tries to connect to the first address. It uses the address for all RPCs if it connects, or if it fails, it tries the next address and keeps trying until one connection is successful. Because of this, all the RPCs are sent to the same backend.round_robin: Connects to all the addresses it sees and sends an RPC to each backend one at a time in order. For example, the first RPC is sent to backend-1, the second RPC is sent to backend-2, and the third RPC is sent to backend-1.
The :authority header in gRPC specifies the host to which the request is being sent.
It’s similar to the Host
header in HTTP requests.
By default, the value for :authority is derived from the endpoint URL used for the gRPC call.
Overriding :authority could be useful when routing traffic using a proxy like Envoy, which
makes routing decisions based on the value of the :authority header.
An HTTP proxy can be configured through the following environment variables:
HTTPS_PROXYNO_PROXY
The HTTPS_PROXY environment variable specifies a URL to use for proxying requests.
Connections to the proxy are established via
the HTTP CONNECT method.
The NO_PROXY environment variable is an optional list of comma-separated hostnames for which the HTTPS proxy should not be used.
Each hostname can be provided as an IP address (1.2.3.4), an IP address in CIDR notation (1.2.3.4/8), a domain name (example.com), or *.
A domain name matches that domain and all subdomains. A domain name with a leading “.” (.example.com) matches subdomains only.
NO_PROXY is only read when HTTPS_PROXY is set.
Because otelcol.extension.jaeger_remote_sampling uses gRPC, the configured proxy server must be able to handle and proxy HTTP/2 traffic.
keepalive client
This keepalive block configures keepalive settings for gRPC client connections.
The following arguments are supported:
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
ping_wait | duration | How often to ping the server after no activity. | no | |
ping_response_timeout | duration | Time to wait before closing inactive connections if the server doesn’t respond to a ping. | no | |
ping_without_stream | boolean | Send pings even if there is no active stream request. | no |
tls client
This tls block configures TLS settings used for the connection to the gRPC server.
The following arguments are supported:
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
ca_file | string | Path to the CA file. | no | |
ca_pem | string | CA PEM-encoded text to validate the server with. | no | |
cert_file | string | Path to the TLS certificate. | no | |
cert_pem | string | Certificate PEM-encoded text for client authentication. | no | |
cipher_suites | list(string) | A list of TLS cipher suites that the TLS transport can use. | [] | no |
curve_preferences | list(string) | Set of elliptic curves to use in a handshake. | [] | no |
include_system_ca_certs_pool | boolean | Whether to load the system certificate authorities pool alongside the certificate authority. | false | no |
insecure_skip_verify | boolean | Ignores insecure server TLS certificates. | no | |
insecure | boolean | Disables TLS when connecting to the configured server. | no | |
key_file | string | Path to the TLS certificate key. | no | |
key_pem | secret | Key PEM-encoded text for client authentication. | no | |
max_version | string | Maximum acceptable TLS version for connections. | "TLS 1.3" | no |
min_version | string | Minimum acceptable TLS version for connections. | "TLS 1.2" | no |
reload_interval | duration | The duration after which the certificate is reloaded. | "0s" | no |
server_name | string | Verifies the hostname of server certificates when set. | no |
If the server doesn’t support TLS, you must set the insecure argument to true.
To disable tls for connections to the server, set the insecure argument to true.
If you set reload_interval to "0s", the certificate never reloaded.
The following pairs of arguments are mutually exclusive and can’t both be set simultaneously:
ca_pemandca_filecert_pemandcert_filekey_pemandkey_file
If cipher_suites is left blank, a safe default list is used.
Refer to the
Go TLS documentation for a list of supported cipher suites.
The curve_preferences argument determines the set of
elliptic curves to prefer during a handshake in preference order.
If not provided, a default list is used.
The set of elliptic curves available are X25519, P521, P256, and P384.
http
The http block configures an HTTP server which serves the Jaeger remote sampling document.
The following arguments are supported:
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
auth | capsule(otelcol.Handler) | Handler from an otelcol.auth component to use for authenticating requests. | no | |
compression_algorithms | list(string) | A list of compression algorithms the server can accept. | ["", "gzip", "zstd", "zlib", "snappy", "deflate", "lz4"] | no |
endpoint | string | host:port to listen for traffic on. | "0.0.0.0:5778" | no |
include_metadata | boolean | Propagate incoming connection metadata to downstream consumers. | no | |
max_request_body_size | string | Maximum request body size the server will allow. | 20MiB | no |
cors
The cors block configures CORS settings for an HTTP server.
The following arguments are supported:
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
allowed_headers | list(string) | Accepted headers from CORS requests. | ["X-Requested-With"] | no |
allowed_origins | list(string) | Allowed values for the Origin header. | no | |
max_age | number | Configures the Access-Control-Max-Age response header. | no |
The allowed_headers specifies which headers are acceptable from a CORS request.
The following headers are always implicitly allowed:
AcceptAccept-LanguageContent-TypeContent-Language
If allowed_headers includes "*", all headers will be permitted.
tls
The tls block configures TLS settings used for a server. If the tls block
isn’t provided, TLS won’t be used for connections to the server.
The following arguments are supported:
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
ca_file | string | Path to the CA file. | no | |
ca_pem | string | CA PEM-encoded text to validate the server with. | no | |
cert_file | string | Path to the TLS certificate. | no | |
cert_pem | string | Certificate PEM-encoded text for client authentication. | no | |
cipher_suites | list(string) | A list of TLS cipher suites that the TLS transport can use. | [] | no |
client_ca_file | string | Path to the TLS cert to use by the server to verify a client certificate. | no | |
curve_preferences | list(string) | Set of elliptic curves to use in a handshake. | [] | no |
include_system_ca_certs_pool | boolean | Whether to load the system certificate authorities pool alongside the certificate authority. | false | no |
key_file | string | Path to the TLS certificate key. | no | |
key_pem | secret | Key PEM-encoded text for client authentication. | no | |
max_version | string | Maximum acceptable TLS version for connections. | "TLS 1.3" | no |
min_version | string | Minimum acceptable TLS version for connections. | "TLS 1.2" | no |
reload_interval | duration | The duration after which the certificate is reloaded. | "0s" | no |
If reload_interval is set to "0s", the certificate never reloaded.
The following pairs of arguments are mutually exclusive and can’t both be set simultaneously:
ca_pemandca_filecert_pemandcert_filekey_pemandkey_file
If cipher_suites is left blank, a safe default list is used.
Refer to the
Go Cipher Suites documentation for a list of supported cipher suites.
client_ca_file sets the ClientCA and ClientAuth to RequireAndVerifyClientCert in the TLSConfig.
Refer to the
Go TLS documentation for more information.
The curve_preferences argument determines the set of elliptic curves to prefer during a handshake in preference order.
If not provided, a default list is used.
The set of elliptic curves available are X25519, P521, P256, and P384.
grpc
The grpc block configures a gRPC server which serves the Jaeger remote sampling document.
The following arguments are supported:
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
auth | capsule(otelcol.Handler) | Handler from an otelcol.auth component to use for authenticating requests. | no | |
endpoint | string | host:port to listen for traffic on. | "0.0.0.0:14250" | no |
include_metadata | boolean | Propagate incoming connection metadata to downstream consumers. | no | |
max_concurrent_streams | number | Limit the number of concurrent streaming RPC calls. | no | |
max_recv_msg_size | string | Maximum size of messages the server will accept. | "4MiB" | no |
read_buffer_size | string | Size of the read buffer the gRPC server will use for reading from clients. | "512KiB" | no |
transport | string | Transport to use for the gRPC server. | "tcp" | no |
write_buffer_size | string | Size of the write buffer the gRPC server will use for writing to clients. | no |
keepalive
The keepalive block configures keepalive settings for connections to a gRPC server.
keepalive doesn’t support any arguments and is configured fully through inner blocks.
enforcement_policy
The enforcement_policy block configures the keepalive enforcement policy for gRPC servers.
The server will close connections from clients that violate the configured policy.
The following arguments are supported:
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
min_time | duration | Minimum time clients should wait before sending a keepalive ping. | "5m" | no |
permit_without_stream | boolean | Allow clients to send keepalive pings when there are no active streams. | false | no |
server_parameters
The server_parameters block controls keepalive and maximum age settings for gRPC servers.
The following arguments are supported:
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
max_connection_age_grace | duration | Time to wait before forcibly closing connections. | "infinity" | no |
max_connection_age | duration | Maximum age for non-idle connections. | "infinity" | no |
max_connection_idle | duration | Maximum age for idle connections. | "infinity" | no |
time | duration | How often to ping inactive clients to check for liveness. | "2h" | no |
timeout | duration | Time to wait before closing inactive clients that don’t respond to liveness checks. | "20s" | no |
debug_metrics
The debug_metrics block configures the metrics that this component generates to monitor its state.
The following arguments are supported:
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
disable_high_cardinality_metrics | boolean | Whether to disable certain high cardinality metrics. | true | no |
disable_high_cardinality_metrics is the Alloy equivalent to the telemetry.disableHighCardinalityMetrics feature gate in the OpenTelemetry Collector.
It removes attributes that could cause high cardinality metrics.
For example, attributes with IP addresses and port numbers in metrics about HTTP and gRPC connections are removed.
Note
If configured,
disable_high_cardinality_metricsonly applies tootelcol.exporter.*andotelcol.receiver.*components.
Component health
otelcol.extension.jaeger_remote_sampling is only reported as unhealthy if given an invalid configuration.
Debug information
otelcol.extension.jaeger_remote_sampling doesn’t expose any component-specific debug information.
Examples
Serve from a file
This example configures the Jaeger remote sampling extension to load a local JSON document and serve it over the default HTTP port of 5778. Currently this configuration style exists for consistency with upstream OpenTelemetry Collector components and may be removed.
otelcol.extension.jaeger_remote_sampling "example" {
http {
}
source {
file = "/path/to/jaeger-sampling.json"
reload_interval = "10s"
}
}Serve from another component
This example uses the output of a component to determine what sampling rules to serve:
local.file "sampling" {
filename = "/path/to/jaeger-sampling.json"
}
otelcol.extension.jaeger_remote_sampling "example" {
http {
}
source {
content = local.file.sampling.content
}
}Enable authentication
You can use jaeger_remote_sampling to authenticate requests.
This allows you to limit access to the sampling document.
Note
Not all OpenTelemetry Collector authentication plugins support receiver authentication. Refer to the documentation for each
otelcol.auth.*component to determine its compatibility.
otelcol.extension.jaeger_remote_sampling "default" {
http {
auth = otelcol.auth.basic.creds.handler
}
grpc {
auth = otelcol.auth.basic.creds.handler
}
}
otelcol.auth.basic "creds" {
username = sys.env("USERNAME")
password = sys.env("PASSWORD")
}