Skip to content

Release v0.12.0
Compare
Choose a tag to compare
@github-actions github-actions released this 12 Aug 10:59
· 57 commits to main since this release
v0.12.0
7bdfce0
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

💡 Enhancements 💡

  • tempostack, tempomonolithic: Add support for AWS S3 STS authentication. (#978)
    Now storage secret for S3 can contain

    data:
  bucket:      # Bucket name
  region:      # A valid AWS region, e.g. us-east-1
  role_arn:    # The AWS IAM Role associated with a trust relationship to Tempo serviceaccount

  • tempostack: Use TLS via OpenShift service annotation when gateway/multitenancy is disabled (#963)
    On OpenShift when operator config servingCertsService is enabled and the following TempoStack CR is used.
    The operator provisions OpenShift serving certificates for the distributor ingest APIs

      apiVersion: tempo.grafana.com/v1alpha1
  kind:  TempoStack
  spec:
    template:
      distributor:
        tls:
          enabled: true

    No certName and caName should be provided, If you specify it, those will be used instead.

    In order to use this on the client side, the openshift CA certificate should be used, there are two ways of get
    access to it. You can mount the configmap generated by the operator, which will have the name <tempostack-name>-serving-cabundle
    Or you can access to it on var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt.

    An example of OTel configuration used:

       exporters:
    otlp:
      endpoint: tempo-simplest-distributor.chainsaw-tls-singletenant.svc.cluster.local:4317
      tls:
        insecure: false
        ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"

  • tempomonolithic: Use TLS via OpenShift service annotation when gateway/multitenancy is disabled (monolithic) (#963)
    On OpenShift when operator config servingCertsService is enabled and the following TempoMonolithic CR is used.
    The operator provisions OpenShift serving certificates for the distributor ingest APIs

      apiVersion: tempo.grafana.com/v1alpha1
  kind:  TempoMonolithic
  spec:
    ingestion:
      otlp:
        grpc:
          tls:
            enabled: true

    or

      apiVersion: tempo.grafana.com/v1alpha1
  kind:  TempoMonolithic
  spec:
    ingestion:
      otlp:
        http:
          tls:
            enabled: true

    No certName and caName should be provided, If you specify it, those will be used instead.

  • tempostack, tempomonolithic: Bump observatorium gateway, (#991)
    In this version upstream certs and CA are reloaded if changed

🧰 Bug fixes 🧰

  • tempostack, tempomonolithic: Allow configmaps and secrets with dot in the name (as it is valid for those objects to have dots as part of it's name) (#983)
  • tempostack: Assign correct replicas in gateway component if it is specified in the CR, default is 1 if not set (#993)
  • tempomonolithic: Allow create a monolithic with tls enabled on both grpc/http (#976)

Components

Assets 3
Loading