Skip to content

Release v0.12.0

Compare
Choose a tag to compare
@github-actions github-actions released this 12 Aug 10:59
· 63 commits to main since this release
7bdfce0

💡 Enhancements 💡

  • tempostack, tempomonolithic: Add support for AWS S3 STS authentication. (#978)
    Now storage secret for S3 can contain

    data:
      bucket:      # Bucket name
      region:      # A valid AWS region, e.g. us-east-1
      role_arn:    # The AWS IAM Role associated with a trust relationship to Tempo serviceaccount
    
  • tempostack: Use TLS via OpenShift service annotation when gateway/multitenancy is disabled (#963)
    On OpenShift when operator config servingCertsService is enabled and the following TempoStack CR is used.
    The operator provisions OpenShift serving certificates for the distributor ingest APIs

      apiVersion: tempo.grafana.com/v1alpha1
      kind:  TempoStack
      spec:
        template:
          distributor:
            tls:
              enabled: true
    

    No certName and caName should be provided, If you specify it, those will be used instead.

    In order to use this on the client side, the openshift CA certificate should be used, there are two ways of get
    access to it. You can mount the configmap generated by the operator, which will have the name <tempostack-name>-serving-cabundle
    Or you can access to it on var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt.

    An example of OTel configuration used:

       exporters:
        otlp:
          endpoint: tempo-simplest-distributor.chainsaw-tls-singletenant.svc.cluster.local:4317
          tls:
            insecure: false
            ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
    
  • tempomonolithic: Use TLS via OpenShift service annotation when gateway/multitenancy is disabled (monolithic) (#963)
    On OpenShift when operator config servingCertsService is enabled and the following TempoMonolithic CR is used.
    The operator provisions OpenShift serving certificates for the distributor ingest APIs

      apiVersion: tempo.grafana.com/v1alpha1
      kind:  TempoMonolithic
      spec:
        ingestion:
          otlp:
            grpc:
              tls:
                enabled: true
    

    or

      apiVersion: tempo.grafana.com/v1alpha1
      kind:  TempoMonolithic
      spec:
        ingestion:
          otlp:
            http:
              tls:
                enabled: true
    

    No certName and caName should be provided, If you specify it, those will be used instead.

  • tempostack, tempomonolithic: Bump observatorium gateway, (#991)
    In this version upstream certs and CA are reloaded if changed

🧰 Bug fixes 🧰

  • tempostack, tempomonolithic: Allow configmaps and secrets with dot in the name (as it is valid for those objects to have dots as part of it's name) (#983)
  • tempostack: Assign correct replicas in gateway component if it is specified in the CR, default is 1 if not set (#993)
  • tempomonolithic: Allow create a monolithic with tls enabled on both grpc/http (#976)

Components