Skip to content

OpAmp: added TLS configuration support for insecure endpoints#4921

Open
Horiodino wants to merge 2 commits into
open-telemetry:mainfrom
Horiodino:insecure_endpoints
Open

OpAmp: added TLS configuration support for insecure endpoints#4921
Horiodino wants to merge 2 commits into
open-telemetry:mainfrom
Horiodino:insecure_endpoints

Conversation

@Horiodino
Copy link
Copy Markdown
Member

@Horiodino Horiodino commented Apr 1, 2026

Description:
Adds TLS configuration support to the OpAMP Bridge, including options for disabling TLS (tls.insecure) and skipping certificate verification (tls.insecure_skip_verify).

  • Introduced a new OpAMPBridgeTLSConfig struct in the API.

  • Updated the agent to handle TLS behavior:

    • Convert secure endpoints (wss/https) to (ws/http) when tls.insecure=true.
    • Configure TLS with InsecureSkipVerify when tls.insecure_skip_verify=true.

  • Added validation to prevent both options being enabled simultaneously.

Link to tracking Issue(s):

Testing:

  • Added unit tests for agent TLS behavior covering:

    • Fully insecure (no TLS)
    • TLS with skipped verification
    • Default secure TLS behavior

  • Updated e2e tests to include TLS insecure configuration and verify no runtime errors (including handshake issues).

Documentation:

  • Updated CRDs and bundle manifests to expose the new TLS configuration.

@Horiodino
added insecure endpoints in OpAMP bridge configuration
d988309 
Signed-off-by: Praful <holiodin@gmail.com>
@Horiodino Horiodino requested a review from a team as a code owner April 1, 2026 15:26
@Horiodino Horiodino changed the title added insecure endpoints in OpAMP bridge configuration added TLS configuration support to the OpAMP Bridge Apr 1, 2026
@Horiodino
added chlog
fc86640 
Signed-off-by: Praful <holiodin@gmail.com>
@Horiodino Horiodino force-pushed the insecure_endpoints branch from 6f09319 to fc86640 Compare April 1, 2026 16:54
@Horiodino Horiodino changed the title added TLS configuration support to the OpAMP Bridge OpAmp: added TLS configuration support for insecure endpoints Apr 1, 2026
swiatekm
swiatekm approved these changes Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@swiatekm swiatekm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, @jaronoff97 can you have a look as well?

@swiatekm swiatekm requested a review from jaronoff97 April 2, 2026 12:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@swiatekm swiatekm swiatekm approved these changes

@jaronoff97 jaronoff97 Awaiting requested review from jaronoff97

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow insecure endpoints in OpAMP bridge configuration.

2 participants

@Horiodino @swiatekm