Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WorkloadIdentity support in AzureDataExplorer exporter #33667

Open
mipnw opened this issue Jun 20, 2024 · 2 comments
Open

WorkloadIdentity support in AzureDataExplorer exporter #33667

mipnw opened this issue Jun 20, 2024 · 2 comments
Labels
enhancement New feature or request exporter/azuredataexplorer needs triage New item requiring triage Stale

Comments

@mipnw
Copy link
Contributor

mipnw commented Jun 20, 2024
edited
Loading

Component(s)

exporter/azuredataexplorer

Is your feature request related to a problem? Please describe.

exporter/azuredataexplorerexporter does not currently have support for Azure WorkloadIdentity.

Applications running on Kubernetes cannot yet securely export to Azure Data Explorer with this exporter. They would have to use a client secret to use this exporter, as opposed to using a managed identity. WorkloadIdentity is basically just another form of managed identity that is specific to Kubernetes. For more information see

Currently if you configure the exporter with managed_identity_id:system you don't get the correct behavior when hosted in Kubernetes, the exporter attempts to pull a token from Azure Instance Metadata Service (i.e. from 169.254.169.254) and there is no such service in Kubernetes, that would only be appropriate on an Azure hosted VM.

Describe the solution you'd like

One solution would be to add a new managed_identity_id=workloadidentity configuration and use Azure Kusto Go's ConnectionStringBuilder.WithKubernetesWorkloadIdentity when that option is present instead of the other connectionstring buildsers currently used to handle managed identities.

Describe alternatives you've considered

n/a

Additional context

I've forked this repository and created a branch with the proposed solution at https://github.com/mipnw/opentelemetry-collector-contrib/tree/feature/azuredataexplorer_workloadidentity
@mipnw mipnw added enhancement New feature or request needs triage New item requiring triage labels Jun 20, 2024
@github-actions GitHub Actions
Copy link
Contributor

Pinging code owners:

See Adding Labels via Comments if you do not have permissions to add labels yourself.

@mipnw mipnw mentioned this issue Jun 20, 2024
Closed
This was referenced Jun 20, 2024
Closed
Closed
Closed
@github-actions github-actions bot mentioned this issue Jul 2, 2024
Open
@github-actions github-actions bot mentioned this issue Jul 9, 2024
Open
This was referenced Jul 16, 2024
Closed
Closed
This was referenced Jul 30, 2024
Closed
Closed
This was referenced Aug 13, 2024
Closed
Closed
@github-actions GitHub Actions
Copy link
Contributor

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

Pinging code owners:

See Adding Labels via Comments if you do not have permissions to add labels yourself.

@github-actions github-actions bot added the Stale label Aug 21, 2024
This was referenced Aug 27, 2024
Closed
Closed
This was referenced Sep 10, 2024
Open
Open
This was referenced Sep 24, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request exporter/azuredataexplorer needs triage New item requiring triage Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mipnw