You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs(otel): Document headers/auth for OTEL metrics exporter
Document the new headers field on runtime.telemetry.otel_exporter
(spiceai/spiceai#10347), plus update the 'gRPC only' note which is
now outdated (HTTP has been supported for a while).
features/observability/index.md:
- New 'Authentication' subsection with secret-store guidance.
- New examples: Datadog (OTLP/HTTP with DD-API-KEY), Grafana Cloud
(OTLP/HTTP with Basic Auth), and gRPC with lowercase metadata keys.
- Each cloud example includes the equivalent OTEL_EXPORTER_OTLP_*
environment-variable form as a cross-reference.
- Replaced the stale 'gRPC only' protocol statement with a two-line
gRPC/HTTP inference summary.
- Added 'headers' row to the param table.
- Callout noting gRPC metadata keys must be lowercase ASCII.
reference/spicepod/runtime.md:
- Added 'headers' row to the otel_exporter param table with secret-
store linking.
- Added Datadog, Grafana Cloud, and gRPC auth-header examples.
|`enabled`| No |`true`| Whether the OpenTelemetry exporter is enabled. |
90
+
|`endpoint`| Yes | - | The OpenTelemetry collector endpoint. Protocol (gRPC or HTTP) is inferred from the format. |
91
+
|`push_interval`| No |`60s`| How frequently metrics are pushed to the collector. |
92
+
|`metrics`| No |`[]`| List of metric names to export. When empty, all metrics are exported. |
93
+
|`headers`| No |`{}`| Map of headers to send with each export request. For HTTP: sent as HTTP headers. For gRPC: sent as metadata entries (keys must be lowercase ASCII). Values support the `${secrets:...}` replacement syntax. |
93
94
94
95
### Protocol
95
96
96
-
Spice currently supports only the gRPC protocol for OpenTelemetry metrics export. Specify the collector `endpoint` as a host and port (e.g., `localhost:4317`).
97
+
Spice infers the OTLP protocol from the `endpoint` format:
98
+
99
+
-**gRPC** — bare host:port with no scheme (e.g. `localhost:4317`). Default port: `4317`.
100
+
-**HTTP** — includes the `http://` or `https://` scheme and ends in `/v1/metrics` (e.g. `http://localhost:4318/v1/metrics`, `https://otlp.us3.datadoghq.com/v1/metrics`). Default port: `4318`.
101
+
102
+
### Authentication
103
+
104
+
For collectors that require authentication (Datadog, Grafana Cloud, New Relic, Honeycomb, etc.), set the `headers` map. Secret values should be loaded from a [supported secret store](../../components/secret-stores) using the `${secrets:...}`[replacement syntax](../../components/secret-stores#using-secrets) rather than committed to source:
105
+
106
+
```yaml
107
+
runtime:
108
+
telemetry:
109
+
otel_exporter:
110
+
endpoint: 'https://otlp.example.com/v1/metrics'
111
+
headers:
112
+
Authorization: 'Bearer ${secrets:otlp_token}'
113
+
```
114
+
115
+
:::tip gRPC metadata keys must be lowercase
116
+
When exporting over gRPC, header keys are sent as gRPC metadata and **must be lowercase ASCII** — use `authorization`, not `Authorization`. The runtime fails fast at startup if any gRPC metadata key is invalid. HTTP exports preserve the casing you provide.
117
+
:::
97
118
98
119
### Examples
99
120
100
-
**gRPC (default port 4317):**
121
+
#### Local gRPC collector
101
122
102
123
```yaml
103
124
runtime:
@@ -108,6 +129,77 @@ runtime:
108
129
push_interval: '30s'
109
130
```
110
131
132
+
#### Local HTTP collector
133
+
134
+
```yaml
135
+
runtime:
136
+
telemetry:
137
+
enabled: true
138
+
otel_exporter:
139
+
endpoint: 'http://localhost:4318/v1/metrics'
140
+
push_interval: '30s'
141
+
```
142
+
143
+
#### Datadog (OTLP/HTTP)
144
+
145
+
Replace `us3` with your Datadog site (`us3`, `us5`, `eu`, `ap1`, etc.) and store the API key in a secret store:
Grafana Cloud's OTLP gateway expects HTTP Basic authentication. Obtain the base64-encoded `instanceID:accessPolicyToken` credential from the Grafana Cloud "OpenTelemetry" connection page and store it in a secret:
Copy file name to clipboardExpand all lines: website/docs/reference/spicepod/runtime.md
+44-6Lines changed: 44 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -349,12 +349,13 @@ Enables or disables runtime telemetry collection. Defaults to `true`.
349
349
350
350
Configures an [OpenTelemetry](https://opentelemetry.io/) metrics exporter to push metrics to an OpenTelemetry collector. The exporter automatically infers the protocol (gRPC or HTTP) based on the endpoint configuration.
351
351
352
-
| Parameter name | Optional | Default | Description |
| `enabled` | Yes | `true` | Whether the OpenTelemetry exporter is enabled. |
355
+
| `endpoint` | No | - | The OpenTelemetry collector endpoint. Protocol is inferred from the format (see examples below). |
356
+
| `push_interval` | Yes | `60s` | How frequently metrics are pushed to the collector. Specify as a [duration](../duration). |
357
+
| `metrics` | Yes | `[]` | List of metric names to export. When empty (default), all metrics are exported. |
358
+
| `headers` | Yes | `{}` | Map of headers to send with each export request. For HTTP these are sent as HTTP headers; for gRPC they are sent as metadata entries (keys must be lowercase ASCII). Values support the `${secrets:...}` [replacement syntax](../../components/secret-stores#using-secrets) for loading credentials from a [secret store](../../components/secret-stores). |
358
359
359
360
**Protocol inference:**
360
361
@@ -403,6 +404,43 @@ runtime:
403
404
- dataset_load_state
404
405
```
405
406
407
+
**Authenticated exporters:**
408
+
409
+
For collectors that require authentication, set the `headers` map. Load credentials from a [secret store](../../components/secret-stores) via `${secrets:...}` rather than committing them to source.
410
+
411
+
Datadog (OTLP/HTTP) — replace `us3` with your Datadog site:
0 commit comments