diff --git a/.chloggen/aws-sts-monolithic.yaml b/.chloggen/aws-sts-monolithic.yaml deleted file mode 100755 index b3cdcfc7e..000000000 --- a/.chloggen/aws-sts-monolithic.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' -change_type: enhancement - -# The name of the component, or a single word describing the area of concern, (e.g. tempostack, tempomonolithic, github action) -component: tempostack - -# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). -note: Add support for AWS S3 STS authentication. - -# One or more tracking issues related to the change -issues: [978] - -# (Optional) One or more lines of additional information to render under the primary note. -# These lines will be padded with 2 spaces and then inserted directly into the document. -# Use pipe (|) for multiline entries. -subtext: | - Now storage secret for S3 can contain - ``` - data: - bucket: # Bucket name - region: # A valid AWS region, e.g. us-east-1 - role_arn: # The AWS IAM Role associated with a trust relationship to Tempo serviceaccount - ``` diff --git a/.chloggen/aws-sts-tempostack.yaml b/.chloggen/aws-sts-tempostack.yaml deleted file mode 100755 index b60317691..000000000 --- a/.chloggen/aws-sts-tempostack.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' -change_type: enhancement - -# The name of the component, or a single word describing the area of concern, (e.g. tempostack, tempomonolithic, github action) -component: tempostack - -# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). -note: Add support for AWS S3 STS authentication. - -# One or more tracking issues related to the change -issues: [978] - -# (Optional) One or more lines of additional information to render under the primary note. -# These lines will be padded with 2 spaces and then inserted directly into the document. -# Use pipe (|) for multiline entries. -subtext: | - Now storage secret for S3 can contain - ``` - data: - bucket: # Bucket name - region: # A valid AWS region, e.g. us-east-1 - role_arn: # The AWS IAM Role associated with a trust relationship to Tempo serviceaccount - ``` diff --git a/.chloggen/fix_ca_cofigmap_dots.yaml b/.chloggen/fix_ca_cofigmap_dots.yaml deleted file mode 100755 index 60e1b0a98..000000000 --- a/.chloggen/fix_ca_cofigmap_dots.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' -change_type: bug_fix - -# The name of the component, or a single word describing the area of concern, (e.g. tempostack, tempomonolithic, github action) -component: tempostack, tempomonolithic - -# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). -note: Allow configmaps and secrets with dot in the name (as it is valid for those objects to have dots as part of it's name) - -# One or more tracking issues related to the change -issues: [983] - -# (Optional) One or more lines of additional information to render under the primary note. -# These lines will be padded with 2 spaces and then inserted directly into the document. -# Use pipe (|) for multiline entries. -subtext: diff --git a/.chloggen/fix_gateway_replicas.yaml b/.chloggen/fix_gateway_replicas.yaml deleted file mode 100755 index 63a30351c..000000000 --- a/.chloggen/fix_gateway_replicas.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' -change_type: bug_fix - -# The name of the component, or a single word describing the area of concern, (e.g. tempostack, tempomonolithic, github action) -component: tempostack - -# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). -note: Assign correct replicas in gateway component if it is specified in the CR, default is 1 if not set - -# One or more tracking issues related to the change -issues: [993] - -# (Optional) One or more lines of additional information to render under the primary note. -# These lines will be padded with 2 spaces and then inserted directly into the document. -# Use pipe (|) for multiline entries. -subtext: diff --git a/.chloggen/fix_tls_monolithic_both_enabled.yaml b/.chloggen/fix_tls_monolithic_both_enabled.yaml deleted file mode 100755 index a9c4fa9aa..000000000 --- a/.chloggen/fix_tls_monolithic_both_enabled.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' -change_type: bug_fix - -# The name of the component, or a single word describing the area of concern, (e.g. tempostack, tempomonolithic, github action) -component: tempomonolithic - -# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). -note: Allow create a monolithic with tls enabled on both grpc/http - -# One or more tracking issues related to the change -issues: [976] - -# (Optional) One or more lines of additional information to render under the primary note. -# These lines will be padded with 2 spaces and then inserted directly into the document. -# Use pipe (|) for multiline entries. -subtext: diff --git a/.chloggen/ingest_tls_openshift.yaml b/.chloggen/ingest_tls_openshift.yaml deleted file mode 100755 index 827407a6c..000000000 --- a/.chloggen/ingest_tls_openshift.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' -change_type: enhancement - -# The name of the component, or a single word describing the area of concern, (e.g. tempostack, tempomonolithic, github action) -component: tempostack - -# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). -note: Use TLS via OpenShift service annotation when gateway/multitenancy is disabled - -# One or more tracking issues related to the change -issues: [963] - -# (Optional) One or more lines of additional information to render under the primary note. -# These lines will be padded with 2 spaces and then inserted directly into the document. -# Use pipe (|) for multiline entries. -subtext: | - On OpenShift when operator config `servingCertsService` is enabled and the following TempoStack CR is used. - The operator provisions OpenShift serving certificates for the distributor ingest APIs - ``` - apiVersion: tempo.grafana.com/v1alpha1 - kind: TempoStack - spec: - template: - distributor: - tls: - enabled: true - ``` - No `certName` and `caName` should be provided, If you specify it, those will be used instead. - - In order to use this on the client side, the openshift CA certificate should be used, there are two ways of get - access to it. You can mount the configmap generated by the operator, which will have the name `-serving-cabundle` - Or you can access to it on `var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt`. - - An example of OTel configuration used: - - ``` - exporters: - otlp: - endpoint: tempo-simplest-distributor.chainsaw-tls-singletenant.svc.cluster.local:4317 - tls: - insecure: false - ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt" - ``` \ No newline at end of file diff --git a/.chloggen/tls_cert_serv_mono.yaml b/.chloggen/tls_cert_serv_mono.yaml deleted file mode 100755 index 04d077219..000000000 --- a/.chloggen/tls_cert_serv_mono.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' -change_type: enhancement - -# The name of the component, or a single word describing the area of concern, (e.g. tempostack, tempomonolithic, github action) -component: tempomonolithic - -# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). -note: Use TLS via OpenShift service annotation when gateway/multitenancy is disabled (monolithic) - -# One or more tracking issues related to the change -issues: [963] - -# (Optional) One or more lines of additional information to render under the primary note. -# These lines will be padded with 2 spaces and then inserted directly into the document. -# Use pipe (|) for multiline entries. -subtext: | - On OpenShift when operator config `servingCertsService` is enabled and the following TempoMonolithic CR is used. - The operator provisions OpenShift serving certificates for the distributor ingest APIs - - ``` - apiVersion: tempo.grafana.com/v1alpha1 - kind: TempoMonolithic - spec: - ingestion: - otlp: - grpc: - tls: - enabled: true - ``` - or - ``` - apiVersion: tempo.grafana.com/v1alpha1 - kind: TempoMonolithic - spec: - ingestion: - otlp: - http: - tls: - enabled: true - ``` - No `certName` and `caName` should be provided, If you specify it, those will be used instead. diff --git a/.chloggen/tls_rotation_gateway.yaml b/.chloggen/tls_rotation_gateway.yaml deleted file mode 100755 index d21ccf22c..000000000 --- a/.chloggen/tls_rotation_gateway.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' -change_type: enhancement - -# The name of the component, or a single word describing the area of concern, (e.g. tempostack, tempomonolithic, github action) -component: tempostack, tempomonolithic - -# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). -note: Bump observatorium gateway, - -# One or more tracking issues related to the change -issues: [991] - -# (Optional) One or more lines of additional information to render under the primary note. -# These lines will be padded with 2 spaces and then inserted directly into the document. -# Use pipe (|) for multiline entries. -subtext: In this version upstream certs and CA are reloaded if changed diff --git a/CHANGELOG.md b/CHANGELOG.md index ebc0d0087..5f306c648 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,85 @@ Changes by Version +## 0.12.0 + +### 💡 Enhancements 💡 + +- `tempostack, tempomonolithic`: Add support for AWS S3 STS authentication. (#978) + Now storage secret for S3 can contain + ``` + data: + bucket: # Bucket name + region: # A valid AWS region, e.g. us-east-1 + role_arn: # The AWS IAM Role associated with a trust relationship to Tempo serviceaccount + ``` +- `tempostack`: Use TLS via OpenShift service annotation when gateway/multitenancy is disabled (#963) + On OpenShift when operator config `servingCertsService` is enabled and the following TempoStack CR is used. + The operator provisions OpenShift serving certificates for the distributor ingest APIs + ``` + apiVersion: tempo.grafana.com/v1alpha1 + kind: TempoStack + spec: + template: + distributor: + tls: + enabled: true + ``` + No `certName` and `caName` should be provided, If you specify it, those will be used instead. + + In order to use this on the client side, the openshift CA certificate should be used, there are two ways of get + access to it. You can mount the configmap generated by the operator, which will have the name `-serving-cabundle` + Or you can access to it on `var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt`. + + An example of OTel configuration used: + + ``` + exporters: + otlp: + endpoint: tempo-simplest-distributor.chainsaw-tls-singletenant.svc.cluster.local:4317 + tls: + insecure: false + ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt" + ``` +- `tempomonolithic`: Use TLS via OpenShift service annotation when gateway/multitenancy is disabled (monolithic) (#963) + On OpenShift when operator config `servingCertsService` is enabled and the following TempoMonolithic CR is used. + The operator provisions OpenShift serving certificates for the distributor ingest APIs + + ``` + apiVersion: tempo.grafana.com/v1alpha1 + kind: TempoMonolithic + spec: + ingestion: + otlp: + grpc: + tls: + enabled: true + ``` + or + ``` + apiVersion: tempo.grafana.com/v1alpha1 + kind: TempoMonolithic + spec: + ingestion: + otlp: + http: + tls: + enabled: true + ``` + No `certName` and `caName` should be provided, If you specify it, those will be used instead. + +- `tempostack, tempomonolithic`: Bump observatorium gateway, (#991) + In this version upstream certs and CA are reloaded if changed + +### 🧰 Bug fixes 🧰 + +- `tempostack, tempomonolithic`: Allow configmaps and secrets with dot in the name (as it is valid for those objects to have dots as part of it's name) (#983) +- `tempostack`: Assign correct replicas in gateway component if it is specified in the CR, default is 1 if not set (#993) +- `tempomonolithic`: Allow create a monolithic with tls enabled on both grpc/http (#976) + +### Components +- Tempo: [v2.5.0](https://github.com/grafana/tempo/releases/tag/v2.5.0) + ## 0.11.1 ### 🧰 Bug fixes 🧰 diff --git a/Makefile b/Makefile index 4c99db1db..4dc0cfd6b 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ # Current Operator version -OPERATOR_VERSION ?= 0.11.1 +OPERATOR_VERSION ?= 0.12.0 TEMPO_VERSION ?= 2.5.0 TEMPO_QUERY_VERSION ?= 2.5.0 TEMPO_GATEWAY_VERSION ?= main-2024-08-05-11d0d94 diff --git a/bundle/community/manifests/tempo-operator.clusterserviceversion.yaml b/bundle/community/manifests/tempo-operator.clusterserviceversion.yaml index 8d11b658f..e2ef604d8 100644 --- a/bundle/community/manifests/tempo-operator.clusterserviceversion.yaml +++ b/bundle/community/manifests/tempo-operator.clusterserviceversion.yaml @@ -73,8 +73,8 @@ metadata: ] capabilities: Deep Insights categories: Logging & Tracing,Monitoring - containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.11.1 - createdAt: "2024-08-08T13:23:15Z" + containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.12.0 + createdAt: "2024-08-12T10:08:34Z" description: Create and manage deployments of Tempo, a high-scale distributed tracing backend. operatorframework.io/cluster-monitoring: "true" @@ -83,7 +83,7 @@ metadata: operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/grafana/tempo-operator support: Grafana Tempo Operator SIG - name: tempo-operator.v0.11.1 + name: tempo-operator.v0.12.0 namespace: placeholder spec: apiservicedefinitions: {} @@ -1400,7 +1400,7 @@ spec: value: quay.io/observatorium/opa-openshift:main-2024-04-29-914c13f - name: RELATED_IMAGE_OAUTH_PROXY value: quay.io/openshift/origin-oauth-proxy:4.12 - image: ghcr.io/grafana/tempo-operator/tempo-operator:v0.11.1 + image: ghcr.io/grafana/tempo-operator/tempo-operator:v0.12.0 livenessProbe: httpGet: path: /healthz @@ -1548,7 +1548,7 @@ spec: name: tempo-gateway-opa - image: quay.io/openshift/origin-oauth-proxy:4.12 name: oauth-proxy - version: 0.11.1 + version: 0.12.0 webhookdefinitions: - admissionReviewVersions: - v1 diff --git a/bundle/openshift/manifests/tempo-operator.clusterserviceversion.yaml b/bundle/openshift/manifests/tempo-operator.clusterserviceversion.yaml index e092cebc9..8f1cbd6fa 100644 --- a/bundle/openshift/manifests/tempo-operator.clusterserviceversion.yaml +++ b/bundle/openshift/manifests/tempo-operator.clusterserviceversion.yaml @@ -73,8 +73,8 @@ metadata: ] capabilities: Deep Insights categories: Logging & Tracing,Monitoring - containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.11.1 - createdAt: "2024-08-08T13:23:13Z" + containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.12.0 + createdAt: "2024-08-12T10:08:32Z" description: Create and manage deployments of Tempo, a high-scale distributed tracing backend. operatorframework.io/cluster-monitoring: "true" @@ -83,7 +83,7 @@ metadata: operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/grafana/tempo-operator support: Grafana Tempo Operator SIG - name: tempo-operator.v0.11.1 + name: tempo-operator.v0.12.0 namespace: placeholder spec: apiservicedefinitions: {} @@ -1410,7 +1410,7 @@ spec: value: quay.io/observatorium/opa-openshift:main-2024-04-29-914c13f - name: RELATED_IMAGE_OAUTH_PROXY value: quay.io/openshift/origin-oauth-proxy:4.12 - image: ghcr.io/grafana/tempo-operator/tempo-operator:v0.11.1 + image: ghcr.io/grafana/tempo-operator/tempo-operator:v0.12.0 livenessProbe: httpGet: path: /healthz @@ -1569,7 +1569,7 @@ spec: name: tempo-gateway-opa - image: quay.io/openshift/origin-oauth-proxy:4.12 name: oauth-proxy - version: 0.11.1 + version: 0.12.0 webhookdefinitions: - admissionReviewVersions: - v1 diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 97a721755..4d9c85d72 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -9,4 +9,4 @@ kind: Kustomization images: - name: controller newName: ghcr.io/grafana/tempo-operator/tempo-operator - newTag: v0.11.1 + newTag: v0.12.0 diff --git a/config/manifests/community/bases/tempo-operator.clusterserviceversion.yaml b/config/manifests/community/bases/tempo-operator.clusterserviceversion.yaml index 61a79ad2b..bf1b1ba8b 100644 --- a/config/manifests/community/bases/tempo-operator.clusterserviceversion.yaml +++ b/config/manifests/community/bases/tempo-operator.clusterserviceversion.yaml @@ -5,7 +5,7 @@ metadata: alm-examples: '[]' capabilities: Deep Insights categories: Logging & Tracing,Monitoring - containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.11.1 + containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.12.0 description: Create and manage deployments of Tempo, a high-scale distributed tracing backend. operatorframework.io/cluster-monitoring: "true" diff --git a/config/manifests/openshift/bases/tempo-operator.clusterserviceversion.yaml b/config/manifests/openshift/bases/tempo-operator.clusterserviceversion.yaml index fba15776a..85620452c 100644 --- a/config/manifests/openshift/bases/tempo-operator.clusterserviceversion.yaml +++ b/config/manifests/openshift/bases/tempo-operator.clusterserviceversion.yaml @@ -5,7 +5,7 @@ metadata: alm-examples: '[]' capabilities: Deep Insights categories: Logging & Tracing,Monitoring - containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.11.1 + containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.12.0 description: Create and manage deployments of Tempo, a high-scale distributed tracing backend. operatorframework.io/cluster-monitoring: "true"