opentelemetry-go
opentelemetry-go copied to clipboard
open-telemetry
The default endpoint should use HTTP, not HTTPS
Here's an excerpt from the OpenTelemetry's mission statement:
OpenTelemetry strives to be standards-compliant, vendor-neutral, and consistent across languages and components.
Now take a look at the following table:
| Language | Uses http://localhost:PORT endpoint by default |
|---|---|
| C++ | Yes |
| .NET | Yes |
| Erlang/Elixir | Yes |
| Go | No |
| Java | Yes |
| JavaScript | Yes |
| PHP | Yes |
| Python | Yes |
| Ruby | Yes |
| Rust | Yes |
| Swift | Yes |
I've searched for the issues a bit and found https://github.com/open-telemetry/opentelemetry-go/issues/4147#issuecomment-1770564661, which argues against the change, saying that:
One significant concern is that changing the default would break most code that is using secure HTTPS endpoints. Presently, the
otlptracehttplacks aWithSecuremethod, offering only an option for insecure connections.
However, I believe it is based on a false premise that we need treat all OTEL_EXPORTER_OTLP_ENDPOINT's as HTTP by default.
What we need instead is to simply change the default OTEL_EXPORTER_OTLP_ENDPOINT value from https://localhost:PORT to http://localhost:PORT.
Moreover, I'd strongly argue that most people won't notice this change at all, because almost everyone seems to run the OpenTelemetry Collector with the TLS disabled.
Cc: @pellared
Most people is not everyone. For some it would be a breaking change. This issue was already discussed at least 2 times during SIG meetings and nobody was supporting such change. There is a more detailed explanation in the issue that you mentioned.
Most people is not everyone. For some it would be a breaking change for them.
Is there a policy for making breaking changes?
It seems that when a single component in a whole ecosystem deviates from the rest of the ecosystem, by making it conform we will benefit not just this single component, but the whole ecosystem and its users in the long run, even if it involves making a breaking change.
There is a more detailed explanation in the issue that you mentioned.
I've read it all, but I believe it is based on a false premise, which I've explained in https://github.com/open-telemetry/opentelemetry-go/issues/4834#issue-2090953051.
Could you please clarify this?
https://github.com/open-telemetry/opentelemetry-go/blob/main/VERSIONING.md
https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md
Thanks!
So according to VERSIONING.md, it seems that the change proposed here falls under the following statement:
In addition to public APIs, telemetry produced by stable instrumentation will remain stable and backwards compatible. This is to avoid breaking alerts and dashboard.
Could this change be scheduled for v2 (perhaps added to a milestone or a roadmap)?
SDK stability, as defined above, will be maintained for a minimum of one year after the release of the next major SDK version.
Right now, I do not see any v2 label/milestone and we have more TODO than we are able to handle 😢 I am not sure if we want (or be able) to ever release a v2. I will discuss it during SIG meeting.
Closing as, according to my knowledge, the SIG is against creating a v2 until necessary. This proposal is not strong enough to create a v2. At last, I am not sure if we would even agree that this change is good as we preferred to be "secure by default" (like e.g. google.golang.org/grpc) .