diff --git a/docs/operator/config.yaml b/docs/operator/config.yaml index 562060415..138da9368 100644 --- a/docs/operator/config.yaml +++ b/docs/operator/config.yaml @@ -5,38 +5,6 @@ # More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources apiVersion: "" -# CacheNamespace if specified restricts the manager's cache to watch objects in -# the desired namespace Defaults to all namespaces -# -# Note: If a namespace is specified, controllers can still Watch for a -# cluster-scoped resource (e.g Node). For namespaced resources the cache -# will only hold objects from the desired namespace. -cacheNamespace: "" - -# Controller contains global configuration options for controllers -# registered within this manager. -controller: - - # CacheSyncTimeout refers to the time limit set to wait for syncing caches. - # Defaults to 2 minutes if not set. - cacheSyncTimeout: 0 - - # GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - # allowed for that controller. - # - # When a controller is registered within this manager using the builder utilities, - # users have to specify the type the controller reconciles in the For(...) call. - # If the object's kind passed matches one of the keys in this map, the concurrency - # for that controller is set to the number specified. - # - # The key is expected to be consistent in form with GroupKind.String(), - # e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - groupKindConcurrency: - "key": 0 - - # RecoverPanic indicates if panics should be recovered. - recoverPanic: false - # Distribution defines the operator distribution name. distribution: "" @@ -171,12 +139,6 @@ featureGates: # when using HTTPEncryption or GRPCEncryption. tlsProfile: "" -# GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. -# To disable graceful shutdown, set to time.Duration(0) -# To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) -# The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. -gracefulShutDown: 0h - # Health contains the controller health configuration health: @@ -185,12 +147,6 @@ health: # It can be set to "0" or "" to disable serving the health probe. healthProbeBindAddress: "" - # LivenessEndpointName, defaults to "healthz" - livenessEndpointName: "" - - # ReadinessEndpointName, defaults to "readyz" - readinessEndpointName: "" - # Kind is a string value representing the REST resource this object represents. # Servers may infer this from the endpoint the client submits requests to. # Cannot be updated. @@ -246,27 +202,9 @@ metrics: # It can be set to "0" to disable the metrics serving. bindAddress: "" -# SyncPeriod determines the minimum frequency at which watched resources are -# reconciled. A lower period will correct entropy more quickly, but reduce -# responsiveness to change if there are many watched resources. Change this -# value only if you know what you are doing. Defaults to 10 hours if unset. -# there will a 10 percent jitter between the SyncPeriod of all controllers -# so that all controllers will not send list requests simultaneously. -syncPeriod: 0h - # Webhook contains the controllers webhook configuration webhook: - # CertDir is the directory that contains the server key and certificate. - # if not set, webhook server would look up the server key and certificate in - # {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - # must be named tls.key and tls.crt, respectively. - certDir: "" - - # Host is the hostname that the webhook server binds to. - # It is used to set webhook.Server.Host. - host: "" - # Port is the port that the webhook server serves at. # It is used to set webhook.Server.Port. port: 0 diff --git a/docs/spec/tempo.grafana.com_tempomonolithics.yaml b/docs/spec/tempo.grafana.com_tempomonolithics.yaml index f4ab9605b..87c39b640 100644 --- a/docs/spec/tempo.grafana.com_tempomonolithics.yaml +++ b/docs/spec/tempo.grafana.com_tempomonolithics.yaml @@ -9,14 +9,14 @@ spec: # TempoMonolithicSpec defines the desir otlp: # OTLP defines the ingestion configuration for the OTLP protocol. grpc: # GRPC defines the OTLP over gRPC configuration. enabled: true # Enabled defines if OTLP over gRPC is enabled. Default: enabled. - tls: # TLS defines the TLS configuration for OTLP/gRPC ingestion. On OpenShift when operator config `servingCertsService` and TLS is enabled but no `certName` and `caName` are provided it will use OpenShift serving certificate service. + tls: # TLS defines the TLS configuration for OTLP/gRPC ingestion. On OpenShift when operator config `servingCertsService` and TLS is enabled but no `certName` and `caName` are provided it will use OpenShift serving certificate service. enabled: false # Enabled defines if TLS is enabled. caName: "" # CA is the name of a ConfigMap containing a CA certificate (service-ca.crt). It needs to be in the same namespace as the Tempo custom resource. certName: "" # Cert is the name of a Secret containing a certificate (tls.crt) and private key (tls.key). It needs to be in the same namespace as the Tempo custom resource. minVersion: "" # MinVersion defines the minimum acceptable TLS version. http: # HTTP defines the OTLP over HTTP configuration. enabled: true # Enabled defines if OTLP over HTTP is enabled. Default: enabled. - tls: # TLS defines the TLS configuration for OTLP/HTTP ingestion. On OpenShift when operator config `servingCertsService` and TLS is enabled but no `certName` and `caName` are provided it will use OpenShift serving certificate service. + tls: # TLS defines the TLS configuration for OTLP/HTTP ingestion. On OpenShift when operator config `servingCertsService` and TLS is enabled but no `certName` and `caName` are provided it will use OpenShift serving certificate service. enabled: false # Enabled defines if TLS is enabled. caName: "" # CA is the name of a ConfigMap containing a CA certificate (service-ca.crt). It needs to be in the same namespace as the Tempo custom resource. certName: "" # Cert is the name of a Secret containing a certificate (tls.crt) and private key (tls.key). It needs to be in the same namespace as the Tempo custom resource. @@ -27,7 +27,7 @@ spec: # TempoMonolithicSpec defines the desir enabled: false # Defines if the authentication will be enabled for jaeger UI. sar: "" # SAR defines the SAR to be used in the oauth-proxy default is "{"namespace": "", "resource": "pods", "verb": "get"} resources: # Resources defines the compute resource requirements of the OAuth Proxy container. The OAuth Proxy performs authentication and authorization of incoming requests to Jaeger UI when multi-tenancy is disabled. - claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. + claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. - name: "" # Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. limits: # Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ cpu: "750m" @@ -48,7 +48,7 @@ spec: # TempoMonolithicSpec defines the desir termination: "" # Termination specifies the termination type. servicesQueryDuration: "" # ServicesQueryDuration defines how long the services will be available in the services list resources: # Resources defines the compute resource requirements of the Jaeger UI container. - claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. + claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. - name: "" # Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. limits: # Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ cpu: "750m" @@ -87,7 +87,7 @@ spec: # TempoMonolithicSpec defines the desir - "" mode: "static" # Mode defines the multitenancy mode. resources: # Resources defines the compute resource requirements of the gateway container. The gateway performs authentication and authorization of incoming requests when multi-tenancy is enabled. - claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. + claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. - name: "" # Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. limits: # Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ cpu: "750m" @@ -134,7 +134,7 @@ spec: # TempoMonolithicSpec defines the desir podAntiAffinity: {} # Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). nodeSelector: {} # NodeSelector defines which labels are required by a node to schedule the pod onto it. resources: # Resources defines the compute resource requirements of the Tempo container. - claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. + claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. - name: "" # Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. limits: # Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ cpu: "750m" @@ -154,6 +154,6 @@ status: # TempoMonolithicStatus defines the obs observedGeneration: 0 # observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. reason: "" # reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. status: "" # status of the condition, one of True, False, Unknown. - type: "" # type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: "" # type of condition in CamelCase or in foo.example.com/CamelCase. operatorVersion: "" # Version of the Tempo Operator. tempoVersion: "" # Version of the managed Tempo instance. diff --git a/docs/spec/tempo.grafana.com_tempostacks.yaml b/docs/spec/tempo.grafana.com_tempostacks.yaml index b946cb156..767576d9d 100644 --- a/docs/spec/tempo.grafana.com_tempostacks.yaml +++ b/docs/spec/tempo.grafana.com_tempostacks.yaml @@ -81,7 +81,7 @@ spec: # TempoStackSpec defines the desired st template: # Template defines requirements for a set of tempo components. compactor: # Compactor defines the tempo compactor component spec. podSecurityContext: # PodSecurityContext defines security context will be applied to all pods of this component. - fsGroup: 0 # A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. + fsGroup: 0 # A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. fsGroupChangePolicy: "" # fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. runAsGroup: 0 # The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. runAsNonRoot: false # Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -93,7 +93,7 @@ spec: # TempoStackSpec defines the desired st user: "" # User is a SELinux user label that applies to the container. seccompProfile: # The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. localhostProfile: "" # localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. - type: "" # type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + type: "" # type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. supplementalGroups: # A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. - 0 sysctls: # Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. @@ -107,7 +107,7 @@ spec: # TempoStackSpec defines the desired st replicas: 0 # Replicas defines the number of replicas to be created for this component. nodeSelector: {} # NodeSelector defines the simple form of the node-selection constraint. resources: # Resources defines resources for this component, this will override the calculated resources derived from total - claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. + claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. - name: "" # Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. limits: # Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ cpu: "750m" @@ -117,9 +117,9 @@ spec: # TempoStackSpec defines the desired st memory: "1Gi" tolerations: {} # Tolerations defines component-specific pod tolerations. distributor: # Distributor defines the distributor component spec. - component: # TempoComponentSpec is embedded to extend this definition with further options. Currently, there is no way to inline this field. See: https://github.com/golang/go/issues/6213 + component: # TempoComponentSpec is embedded to extend this definition with further options. Currently, there is no way to inline this field. See: https://github.com/golang/go/issues/6213 podSecurityContext: # PodSecurityContext defines security context will be applied to all pods of this component. - fsGroup: 0 # A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. + fsGroup: 0 # A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. fsGroupChangePolicy: "" # fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. runAsGroup: 0 # The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. runAsNonRoot: false # Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -131,7 +131,7 @@ spec: # TempoStackSpec defines the desired st user: "" # User is a SELinux user label that applies to the container. seccompProfile: # The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. localhostProfile: "" # localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. - type: "" # type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + type: "" # type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. supplementalGroups: # A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. - 0 sysctls: # Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. @@ -145,7 +145,7 @@ spec: # TempoStackSpec defines the desired st replicas: 0 # Replicas defines the number of replicas to be created for this component. nodeSelector: {} # NodeSelector defines the simple form of the node-selection constraint. resources: # Resources defines resources for this component, this will override the calculated resources derived from total - claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. + claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. - name: "" # Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. limits: # Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ cpu: "750m" @@ -154,16 +154,16 @@ spec: # TempoStackSpec defines the desired st cpu: "500m" memory: "1Gi" tolerations: {} # Tolerations defines component-specific pod tolerations. - tls: # TLS defines TLS configuration for distributor receivers If openshift feature flag `servingCertsService` is enabled and TLS is enabled but no certName or caName is specified, OpenShift service serving certificates will be used. + tls: # TLS defines TLS configuration for distributor receivers If openshift feature flag `servingCertsService` is enabled and TLS is enabled but no certName or caName is specified, OpenShift service serving certificates will be used. enabled: false # Enabled defines if TLS is enabled. caName: "" # CA is the name of a ConfigMap containing a CA certificate (service-ca.crt). It needs to be in the same namespace as the Tempo custom resource. certName: "" # Cert is the name of a Secret containing a certificate (tls.crt) and private key (tls.key). It needs to be in the same namespace as the Tempo custom resource. minVersion: "" # MinVersion defines the minimum acceptable TLS version. gateway: # Gateway defines the tempo gateway spec. enabled: false - component: # TempoComponentSpec is embedded to extend this definition with further options. Currently there is no way to inline this field. See: https://github.com/golang/go/issues/6213 + component: # TempoComponentSpec is embedded to extend this definition with further options. Currently there is no way to inline this field. See: https://github.com/golang/go/issues/6213 podSecurityContext: # PodSecurityContext defines security context will be applied to all pods of this component. - fsGroup: 0 # A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. + fsGroup: 0 # A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. fsGroupChangePolicy: "" # fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. runAsGroup: 0 # The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. runAsNonRoot: false # Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -175,7 +175,7 @@ spec: # TempoStackSpec defines the desired st user: "" # User is a SELinux user label that applies to the container. seccompProfile: # The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. localhostProfile: "" # localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. - type: "" # type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + type: "" # type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. supplementalGroups: # A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. - 0 sysctls: # Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. @@ -189,7 +189,7 @@ spec: # TempoStackSpec defines the desired st replicas: 0 # Replicas defines the number of replicas to be created for this component. nodeSelector: {} # NodeSelector defines the simple form of the node-selection constraint. resources: # Resources defines resources for this component, this will override the calculated resources derived from total - claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. + claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. - name: "" # Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. limits: # Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ cpu: "750m" @@ -207,7 +207,7 @@ spec: # TempoStackSpec defines the desired st type: "" # Type defines the type of Ingress for the Jaeger Query UI. Currently ingress, route and none are supported. ingester: # Ingester defines the ingester component spec. podSecurityContext: # PodSecurityContext defines security context will be applied to all pods of this component. - fsGroup: 0 # A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. + fsGroup: 0 # A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. fsGroupChangePolicy: "" # fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. runAsGroup: 0 # The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. runAsNonRoot: false # Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -219,7 +219,7 @@ spec: # TempoStackSpec defines the desired st user: "" # User is a SELinux user label that applies to the container. seccompProfile: # The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. localhostProfile: "" # localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. - type: "" # type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + type: "" # type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. supplementalGroups: # A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. - 0 sysctls: # Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. @@ -233,7 +233,7 @@ spec: # TempoStackSpec defines the desired st replicas: 0 # Replicas defines the number of replicas to be created for this component. nodeSelector: {} # NodeSelector defines the simple form of the node-selection constraint. resources: # Resources defines resources for this component, this will override the calculated resources derived from total - claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. + claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. - name: "" # Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. limits: # Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ cpu: "750m" @@ -244,7 +244,7 @@ spec: # TempoStackSpec defines the desired st tolerations: {} # Tolerations defines component-specific pod tolerations. querier: # Querier defines the querier component spec. podSecurityContext: # PodSecurityContext defines security context will be applied to all pods of this component. - fsGroup: 0 # A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. + fsGroup: 0 # A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. fsGroupChangePolicy: "" # fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. runAsGroup: 0 # The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. runAsNonRoot: false # Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -256,7 +256,7 @@ spec: # TempoStackSpec defines the desired st user: "" # User is a SELinux user label that applies to the container. seccompProfile: # The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. localhostProfile: "" # localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. - type: "" # type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + type: "" # type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. supplementalGroups: # A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. - 0 sysctls: # Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. @@ -270,7 +270,7 @@ spec: # TempoStackSpec defines the desired st replicas: 0 # Replicas defines the number of replicas to be created for this component. nodeSelector: {} # NodeSelector defines the simple form of the node-selection constraint. resources: # Resources defines resources for this component, this will override the calculated resources derived from total - claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. + claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. - name: "" # Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. limits: # Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ cpu: "750m" @@ -280,9 +280,9 @@ spec: # TempoStackSpec defines the desired st memory: "1Gi" tolerations: {} # Tolerations defines component-specific pod tolerations. queryFrontend: # TempoQueryFrontendSpec defines the query frontend spec. - component: # TempoComponentSpec is embedded to extend this definition with further options. Currently there is no way to inline this field. See: https://github.com/golang/go/issues/6213 + component: # TempoComponentSpec is embedded to extend this definition with further options. Currently there is no way to inline this field. See: https://github.com/golang/go/issues/6213 podSecurityContext: # PodSecurityContext defines security context will be applied to all pods of this component. - fsGroup: 0 # A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. + fsGroup: 0 # A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. fsGroupChangePolicy: "" # fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. runAsGroup: 0 # The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. runAsNonRoot: false # Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -294,7 +294,7 @@ spec: # TempoStackSpec defines the desired st user: "" # User is a SELinux user label that applies to the container. seccompProfile: # The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. localhostProfile: "" # localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. - type: "" # type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. + type: "" # type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. supplementalGroups: # A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. - 0 sysctls: # Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. @@ -308,7 +308,7 @@ spec: # TempoStackSpec defines the desired st replicas: 0 # Replicas defines the number of replicas to be created for this component. nodeSelector: {} # NodeSelector defines the simple form of the node-selection constraint. resources: # Resources defines resources for this component, this will override the calculated resources derived from total - claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. + claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. - name: "" # Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. limits: # Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ cpu: "750m" @@ -323,7 +323,7 @@ spec: # TempoStackSpec defines the desired st enabled: false # Defines if the authentication will be enabled for jaeger UI. sar: "" # SAR defines the SAR to be used in the oauth-proxy default is "{"namespace": "", "resource": "pods", "verb": "get"} resources: # Resources defines the compute resource requirements of the OAuth Proxy container. The OAuth Proxy performs authentication and authorization of incoming requests to Jaeger UI when multi-tenancy is disabled. - claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. + claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. - name: "" # Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. limits: # Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ cpu: "750m" @@ -346,7 +346,7 @@ spec: # TempoStackSpec defines the desired st servicesQueryDuration: "" # ServicesQueryDuration defines how long the services will be available in the services list tempoQuery: # TempoQuery defines options specific to the Tempoo Query component. resources: # Resources defines resources for this component, this will override the calculated resources derived from total - claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. + claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. - name: "" # Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. limits: # Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ cpu: "750m" @@ -355,7 +355,7 @@ spec: # TempoStackSpec defines the desired st cpu: "500m" memory: "1Gi" resources: # Resources defines resources for this component, this will override the calculated resources derived from total - claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. + claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. - name: "" # Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. limits: # Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ cpu: "750m" @@ -394,7 +394,7 @@ spec: # TempoStackSpec defines the desired st timeout: "" # Timeout configures the same timeout on all components starting at ingress down to the ingestor/querier. Timeout configuration on a specific component has a higher precedence. Defaults to 30 seconds. resources: # Resources defines resources configuration. total: # The total amount of resources for Tempo instance. The operator autonomously splits resources between deployed Tempo components. Only limits are supported, the operator calculates requests automatically. See http://github.com/grafana/tempo/issues/1540. - claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. + claims: # Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. - name: "" # Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. limits: # Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ cpu: "750m" @@ -428,7 +428,7 @@ status: # TempoStackStatus defines the observed observedGeneration: 0 # observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. reason: "" # reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. status: "" # status of the condition, one of True, False, Unknown. - type: "" # type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: "" # type of condition in CamelCase or in foo.example.com/CamelCase. operatorVersion: "" # Version of the Tempo Operator. tempoQueryVersion: "" # DEPRECATED. Version of the Tempo Query component used. tempoVersion: "" # Version of the managed Tempo instance.