Component(s)

No response

Describe the issue you're reporting

The docs for ConfigTLS seem to be either incorrect or need to be reworded, specifically the TLS/mTLS Configuration

Speaking from experience, when reading through the section, the reader might get left with the idea that mTLS is mandatory and only TLS (meaning only the server certificate will be verified) is not allowed.

This is due to the following part of the section:

By default, TLS is enabled:

insecure (default = false): whether to enable client transport security for the exporter's HTTPs or gRPC connection. See [grpc.WithInsecure()](https://godoc.org/google.golang.org/grpc#WithInsecure) for gRPC.
...
As a result, the following parameters are also required:

cert_file: Path to the TLS cert to use for TLS required connections. Should only be used if insecure is set to false.

cert_pem: Alternative to cert_file. Provide the certificate contents as a string instead of a filepath.
key_file: Path to the TLS key to use for TLS required connections. Should only be used if insecure is set to false.

key_pem: Alternative to key_file. Provide the key contents as a string instead of a filepath.

Since insecure will lead to no TLS being used, the section outlined says that the parameters:

• cert_pem
• key_file
• key_pem

are required. But these fields are needed only if mTLS needs to be configured.

Further, the aforementioned fields are not required but are rather optional. This can be seen in the code as well:

I suggest the docs is reworded such that it makes it obvious that those 3 fields are required only if mTLS needs to be configured. In the TLS case, only ca_file or ca_pem might be needed.

I can open a PR with some suggested changes if the authors of the config agree :)
Thank you!

Tip

_{React with 👍 to help prioritize this issue. Please use comments to provide useful context, avoiding +1 or me too, to help us triage it. Learn more here.}