| Name | -Type | -Description | -Required | -
|---|---|---|---|
| effect | -string | -
- Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - |
- false | -
| key | -string | -
- Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - |
- false | -
| operator | -string | -
- Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - |
- false | -
| tolerationSeconds | -integer | -
- TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - - Format: int64 - |
- false | -
| value | -string | -
- Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| nodeSelector | -map[string]string | -
- NodeSelector is the simplest recommended form of node selection constraint. - |
- false | -
| replicas | -integer | -
- Replicas represents the number of replicas to create for this component. - - Format: int32 - |
- false | -
| tolerations | -[]object | -
- Tolerations defines component specific pod tolerations. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| effect | -string | -
- Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - |
- false | -
| key | -string | -
- Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - |
- false | -
| operator | -string | -
- Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - |
- false | -
| tolerationSeconds | -integer | -
- TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - - Format: int64 - |
- false | -
| value | -string | -
- Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| enabled | -boolean | -
- - |
- true | -
| component | -object | -
- TempoComponentSpec is embedded to extend this definition with further options.
- Currently there is no way to inline this field. See: https://github.com/golang/go/issues/6213 - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| nodeSelector | -map[string]string | -
- NodeSelector is the simplest recommended form of node selection constraint. - |
- false | -
| replicas | -integer | -
- Replicas represents the number of replicas to create for this component. - - Format: int32 - |
- false | -
| tolerations | -[]object | -
- Tolerations defines component specific pod tolerations. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| effect | -string | -
- Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - |
- false | -
| key | -string | -
- Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - |
- false | -
| operator | -string | -
- Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - |
- false | -
| tolerationSeconds | -integer | -
- TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - - Format: int64 - |
- false | -
| value | -string | -
- Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| nodeSelector | -map[string]string | -
- NodeSelector is the simplest recommended form of node selection constraint. - |
- false | -
| replicas | -integer | -
- Replicas represents the number of replicas to create for this component. - - Format: int32 - |
- false | -
| tolerations | -[]object | -
- Tolerations defines component specific pod tolerations. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| effect | -string | -
- Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - |
- false | -
| key | -string | -
- Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - |
- false | -
| operator | -string | -
- Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - |
- false | -
| tolerationSeconds | -integer | -
- TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - - Format: int64 - |
- false | -
| value | -string | -
- Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| nodeSelector | -map[string]string | -
- NodeSelector is the simplest recommended form of node selection constraint. - |
- false | -
| replicas | -integer | -
- Replicas represents the number of replicas to create for this component. - - Format: int32 - |
- false | -
| tolerations | -[]object | -
- Tolerations defines component specific pod tolerations. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| effect | -string | -
- Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - |
- false | -
| key | -string | -
- Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - |
- false | -
| operator | -string | -
- Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - |
- false | -
| tolerationSeconds | -integer | -
- TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - - Format: int64 - |
- false | -
| value | -string | -
- Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| component | -object | -
- TempoComponentSpec is embedded to extend this definition with further options.
- Currently there is no way to inline this field. See: https://github.com/golang/go/issues/6213 - |
- false | -
| jaegerQuery | -object | -
- JaegerQuerySpec defines Jaeger Query specific options. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| nodeSelector | -map[string]string | -
- NodeSelector is the simplest recommended form of node selection constraint. - |
- false | -
| replicas | -integer | -
- Replicas represents the number of replicas to create for this component. - - Format: int32 - |
- false | -
| tolerations | -[]object | -
- Tolerations defines component specific pod tolerations. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| effect | -string | -
- Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - |
- false | -
| key | -string | -
- Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - |
- false | -
| operator | -string | -
- Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - |
- false | -
| tolerationSeconds | -integer | -
- TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - - Format: int64 - |
- false | -
| value | -string | -
- Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| enabled | -boolean | -
- Enabled is used to define if Jaeger Query component should be created. - |
- false | -
| ingress | -object | -
- Ingress defines Jaeger Query Ingress options. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| annotations | -map[string]string | -
- Annotations defines the annotations of the Ingress object. - |
- false | -
| host | -string | -
- Host defines the hostname of the Ingress object. - |
- false | -
| ingressClassName | -string | -
- IngressClassName is the name of an IngressClass cluster resource. Ingress controller implementations use this field to know whether they should be serving this Ingress resource. - |
- false | -
| route | -object | -
- Route defines OpenShift Route specific options. - |
- false | -
| type | -enum | -
- Type defines the type of Ingress for the Jaeger Query UI. Currently ingress, route and none are supported. - - Enum: ingress, route - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| termination | -enum | -
- Termination specifies the termination type. By default "edge" is used. - - Enum: insecure, edge, passthrough, reencrypt - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| mode | -enum | -
- Mode defines the multitenancy mode. - - Enum: static, openshift - Default: static - |
- true | -
| authentication | -[]object | -
- Authentication defines the tempo-gateway component authentication configuration spec per tenant. - |
- false | -
| authorization | -object | -
- Authorization defines the tempo-gateway component authorization configuration spec per tenant. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| tenantId | -string | -
- TenantID defines the id of the tenant. - |
- true | -
| tenantName | -string | -
- TenantName defines the name of the tenant. - |
- true | -
| oidc | -object | -
- OIDC defines the spec for the OIDC tenant's authentication. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| groupClaim | -string | -
- Group claim field from ID Token - |
- false | -
| issuerURL | -string | -
- IssuerURL defines the URL for issuer. - |
- false | -
| redirectURL | -string | -
- RedirectURL defines the URL for redirect. - |
- false | -
| secret | -object | -
- Secret defines the spec for the clientID, clientSecret and issuerCAPath for tenant's authentication. - |
- false | -
| usernameClaim | -string | -
- User claim field from ID Token - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| name | -string | -
- Name of a secret in the namespace configured for tenant secrets. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| roleBindings | -[]object | -
- RoleBindings defines configuration to bind a set of roles to a set of subjects. - |
- false | -
| roles | -[]object | -
- Roles defines a set of permissions to interact with a tenant. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| name | -string | -
- - |
- true | -
| roles | -[]string | -
- - |
- true | -
| subjects | -[]object | -
- - |
- true | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| kind | -enum | -
- SubjectKind is a kind of Tempo Gateway RBAC subject. - - Enum: user, group - |
- true | -
| name | -string | -
- - |
- true | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| name | -string | -
- - |
- true | -
| permissions | -[]enum | -
- - |
- true | -
| resources | -[]string | -
- - |
- true | -
| tenants | -[]string | -
- - |
- true | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| components | -object | -
- Components provides summary of all Tempo pod status grouped per component. - |
- false | -
| conditions | -[]object | -
- Conditions of the Tempo deployment health. - |
- false | -
| tempoQueryVersion | -string | -
- Version of the Tempo Query component used. - |
- false | -
| tempoVersion | -string | -
- Version of the managed Tempo instance. - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| compactor | -map[string][]string | -
- Compactor is a map to the pod status of the compactor pod. - |
- false | -
| distributor | -map[string][]string | -
- Distributor is a map to the per pod status of the distributor deployment - |
- false | -
| gateway | -map[string][]string | -
- Gateway is a map to the per pod status of the query frontend deployment - |
- false | -
| ingester | -map[string][]string | -
- Ingester is a map to the per pod status of the ingester statefulset - |
- false | -
| querier | -map[string][]string | -
- Querier is a map to the per pod status of the querier deployment - |
- false | -
| queryFrontend | -map[string][]string | -
- QueryFrontend is a map to the per pod status of the query frontend deployment - |
- false | -
| Name | -Type | -Description | -Required | -
|---|---|---|---|
| lastTransitionTime | -string | -
- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - - Format: date-time - |
- true | -
| message | -string | -
- message is a human readable message indicating details about the transition. This may be an empty string. - |
- true | -
| reason | -string | -
- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - |
- true | -
| status | -enum | -
- status of the condition, one of True, False, Unknown. - - Enum: True, False, Unknown - |
- true | -
| type | -string | -
- type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - |
- true | -
| observedGeneration | -integer | -
- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - - Format: int64 - Minimum: 0 - |
- false | -
+
+
+
+Resource Types:
+
+
+## AuthenticationSpec { #tempo-grafana-com-v1alpha1-AuthenticationSpec }
+
+Package v1alpha1 contains API Schema definitions for the tempo v1alpha1 API group.
+ ++ +(Appears on:TenantsSpec) + +
+ +
+
+
+
+AuthenticationSpec defines the oidc configuration per tenant for tempo Gateway component.
+ +| Field | + +Description | + +
|---|---|
+
+tenantName+ + + +string + + + + |
+
+
+
+ TenantName defines the name of the tenant. + + |
+
+
+tenantId+ + + +string + + + + |
+
+
+
+ TenantID defines the id of the tenant. + + |
+
+
+oidc+ + + + + +OIDCSpec + + + + + + |
+
+
+
+(Optional)
+
+ OIDC defines the spec for the OIDC tenant’s authentication. + + |
+
+ +(Appears on:TenantsSpec) + +
+ +
+
+
+
+AuthorizationSpec defines the opa, role bindings and roles +configuration per tenant for tempo Gateway component.
+ +| Field | + +Description | + +
|---|---|
+
+roles+ + + + + +[]RoleSpec + + + + + + |
+
+
+
+(Optional)
+
+ Roles defines a set of permissions to interact with a tenant. + + |
+
+
+roleBindings+ + + + + +[]RoleBindingsSpec + + + + + + |
+
+
+
+(Optional)
+
+ RoleBindings defines configuration to bind a set of roles to a set of subjects. + + |
+
+ +(Appears on:TempoStackStatus) + +
+ +
+
+
+
+ComponentStatus defines the status of each component.
+ +| Field | + +Description | + +
|---|---|
+
+compactor+ + + + + +PodStatusMap + + + + + + |
+
+
+
+(Optional)
+
+ Compactor is a map to the pod status of the compactor pod. + + |
+
+
+distributor+ + + + + +PodStatusMap + + + + + + |
+
+
+
+(Optional)
+
+ Distributor is a map to the per pod status of the distributor deployment + + |
+
+
+ingester+ + + + + +PodStatusMap + + + + + + |
+
+
+
+(Optional)
+
+ Ingester is a map to the per pod status of the ingester statefulset + + |
+
+
+querier+ + + + + +PodStatusMap + + + + + + |
+
+
+
+(Optional)
+
+ Querier is a map to the per pod status of the querier deployment + + |
+
+
+queryFrontend+ + + + + +PodStatusMap + + + + + + |
+
+
+
+(Optional)
+
+ QueryFrontend is a map to the per pod status of the query frontend deployment + + |
+
+
+gateway+ + + + + +PodStatusMap + + + + + + |
+
+
+
+(Optional)
+
+ Gateway is a map to the per pod status of the query frontend deployment + + |
+
string alias)
+
+
+
+
+
+ConditionReason defines possible reasons for each condition.
+ +| Value | + +Description | + +
|---|---|
"CouldNotGetOpenShiftBaseDomain" |
+
+ReasonCouldNotGetOpenShiftBaseDomain when operator cannot get OpenShift base domain, that is used for OAuth redirect URL. + |
+
+
"CouldNotGetOpenShiftTLSPolicy" |
+
+ReasonCouldNotGetOpenShiftTLSPolicy when operator cannot get OpenShift TLS security cluster policy. + |
+
+
"FailedComponents" |
+
+ReasonFailedComponents when all/some Tempo components fail to roll out. + |
+
+
"InvalidStorageConfig" |
+
+ReasonInvalidStorageConfig defines that the object storage configuration is invalid (missing or incomplete storage secret). + |
+
+
"PendingComponents" |
+
+ReasonPendingComponents when all/some Tempo components pending dependencies. + |
+
+
"Ready" |
+
+ReasonReady defines a healthy tempo instance. + |
+
+
string alias)
+
+
+
+
+
+ConditionStatus defines the status of a condition (e.g. ready or degraded).
+ +| Value | + +Description | + +
|---|---|
"Degraded" |
+
+ConditionDegraded defines that one or more components are in a degraded state. + |
+
+
"Failed" |
+
+ConditionFailed defines that one or more components are in a failed state. + |
+
+
"Pending" |
+
+ConditionPending defines that one or more components are in a degraded state. + |
+
+
"Ready" |
+
+ConditionReady defines that all components are ready. + |
+
+
+
+
+
+Defaulter implements the CustomDefaulter interface.
+ +| Field | + +Description | + +
|---|---|
+
+ctrlConfig+ + + + + +Feature Gates.ProjectConfig + + + + + + |
+
++ + | +
+ +(Appears on:RateLimitSpec) + +
+ +
+
+
+
+IngestionLimitSpec defines the limits applied at the ingestion path.
+ +| Field | + +Description | + +
|---|---|
+
+ingestionBurstSizeBytes+ + + +int + + + + |
+
+
+
+(Optional)
+
+ IngestionBurstSizeBytes defines the burst size (bytes) used in ingestion. + + |
+
+
+ingestionRateLimitBytes+ + + +int + + + + |
+
+
+
+(Optional)
+
+ IngestionRateLimitBytes defines the Per-user ingestion rate limit (bytes) used in ingestion. + + |
+
+
+maxBytesPerTrace+ + + +int + + + + |
+
+
+
+(Optional)
+
+ MaxBytesPerTrace defines the maximum number of bytes of an acceptable trace. + + |
+
+
+maxTracesPerUser+ + + +int + + + + |
+
+
+
+(Optional)
+
+ MaxTracesPerUser defines the maximum number of traces a user can send. + + |
+
string alias)
+
++ +(Appears on:JaegerQueryIngressSpec) + +
+ +
+
+
+
+IngressType represents how a service should be exposed (ingress vs route).
+ +| Value | + +Description | + +
|---|---|
"ingress" |
+
+IngressTypeIngress specifies that an ingress entry should be created. + |
+
+
"" |
+
+IngressTypeNone specifies that no ingress or route entry should be created. + |
+
+
"route" |
+
+IngressTypeRoute specifies that a route entry should be created. + |
+
+
+ +(Appears on:JaegerQuerySpec) + +
+ +
+
+
+
+JaegerQueryIngressSpec defines Jaeger Query Ingress options.
+ +| Field | + +Description | + +
|---|---|
+
+type+ + + + + +IngressType + + + + + + |
+
+
+
+(Optional)
+
+ Type defines the type of Ingress for the Jaeger Query UI. +Currently ingress, route and none are supported. + + |
+
+
+annotations+ + + +map[string]string + + + + |
+
+
+
+(Optional)
+
+ Annotations defines the annotations of the Ingress object. + + |
+
+
+host+ + + +string + + + + |
+
+
+
+(Optional)
+
+ Host defines the hostname of the Ingress object. + + |
+
+
+ingressClassName+ + + +string + + + + |
+
+
+
+(Optional)
+
+ IngressClassName is the name of an IngressClass cluster resource. Ingress +controller implementations use this field to know whether they should be +serving this Ingress resource. + + |
+
+
+route+ + + + + +JaegerQueryRouteSpec + + + + + + |
+
+
+
+(Optional)
+
+ Route defines OpenShift Route specific options. + + |
+
+ +(Appears on:JaegerQueryIngressSpec) + +
+ +
+
+
+
+JaegerQueryRouteSpec defines OpenShift Route specific options.
+ +| Field | + +Description | + +
|---|---|
+
+termination+ + + + + +TLSRouteTerminationType + + + + + + |
+
+
+
+(Optional)
+
+ Termination specifies the termination type. By default “edge” is used. + + |
+
+ +(Appears on:TempoQueryFrontendSpec) + +
+ +
+
+
+
+JaegerQuerySpec defines Jaeger Query options.
+ +| Field | + +Description | + +
|---|---|
+
+enabled+ + + +bool + + + + |
+
+
+
+(Optional)
+
+ Enabled is used to define if Jaeger Query component should be created. + + |
+
+
+ingress+ + + + + +JaegerQueryIngressSpec + + + + + + |
+
+
+
+(Optional)
+
+ Ingress defines Jaeger Query Ingress options. + + |
+
+ +(Appears on:TempoStackSpec) + +
+ +
+
+
+
+LimitSpec defines Global and PerTenant rate limits.
+ +| Field | + +Description | + +
|---|---|
+
+perTenant+ + + + + +map[string]github.com/os-observability/tempo-operator/apis/tempo/v1alpha1.RateLimitSpec + + + + + + |
+
+
+
+(Optional)
+
+ PerTenant is used to define rate limits per tenant. + + |
+
+
+global+ + + + + +RateLimitSpec + + + + + + |
+
+
+
+(Optional)
+
+ Global is used to define global rate limits. + + |
+
string alias)
+
++ +(Appears on:TenantsSpec) + +
+ +
+
+
+
+ModeType is the authentication/authorization mode in which Tempo Gateway +will be configured.
+ +| Value | + +Description | + +
|---|---|
"openshift" |
+
+OpenShift mode uses TokenReview API for authentication and subject access review for authorization. + |
+
+
"static" |
+
+Static mode asserts the Authorization Spec’s Roles and RoleBindings +using an in-process OpenPolicyAgent Rego authorizer. + |
+
+
+ +(Appears on:AuthenticationSpec) + +
+ +
+
+
+
+OIDCSpec defines the oidc configuration spec for Tempo Gateway component.
+ +| Field | + +Description | + +
|---|---|
+
+secret+ + + + + +TenantSecretSpec + + + + + + |
+
+
+
+(Optional)
+
+ Secret defines the spec for the clientID, clientSecret and issuerCAPath for tenant’s authentication. + + |
+
+
+issuerURL+ + + +string + + + + |
+
+
+
+(Optional)
+
+ IssuerURL defines the URL for issuer. + + |
+
+
+redirectURL+ + + +string + + + + |
+
+
+
+(Optional)
+
+ RedirectURL defines the URL for redirect. + + |
+
+
+groupClaim+ + + +string + + + + |
+
+
+
+(Optional)
+
+ Group claim field from ID Token + + |
+
+
+usernameClaim+ + + +string + + + + |
+
+
+
+(Optional)
+
+ User claim field from ID Token + + |
+
+ +(Appears on:TempoStackSpec) + +
+ +
+
+
+
+ObjectStorageSpec defines the requirements to access the object +storage bucket to persist traces by the ingester component.
+ +| Field | + +Description | + +
|---|---|
+
+tls+ + + + + +ObjectStorageTLSSpec + + + + + + |
+
+
+
+(Optional)
+
+ TLS configuration for reaching the object storage endpoint. + + |
+
+
+secret+ + + +string + + + + |
+
+
+
+ Secret for object storage authentication. +Name of a secret in the same namespace as the tempo TempoStack custom resource. + + |
+
+ +(Appears on:ObjectStorageSpec) + +
+ +
+
+
+
+ObjectStorageTLSSpec is the TLS configuration for reaching the object storage endpoint.
+ +| Field | + +Description | + +
|---|---|
+
+caName+ + + +string + + + + |
+
+
+
+(Optional)
+
+ CA is the name of a ConfigMap containing a CA certificate. +It needs to be in the same namespace as the Tempo custom resource. + + |
+
string alias)
+
++ +(Appears on:RoleSpec) + +
+ +
+
+
+
+PermissionType is a Tempo Gateway RBAC permission.
+ +| Value | + +Description | + +
|---|---|
"read" |
+
+Read gives access to read data from a tenant. + |
+
+
"write" |
+
+Write gives access to write data to a tenant. + |
+
+
map[k8s.io/api/core/v1.PodPhase][]string alias)
+
++ +(Appears on:ComponentStatus) + +
+ +
+
+
+
+
+## QueryLimit { #tempo-grafana-com-v1alpha1-QueryLimit }
+
+PodStatusMap defines the type for mapping pod status to pod name.
+ ++ +(Appears on:RateLimitSpec) + +
+ +
+
+
+
+QueryLimit defines query limits.
+ +| Field | + +Description | + +
|---|---|
+
+maxBytesPerTagValues+ + + +int + + + + |
+
+
+
+(Optional)
+
+ MaxBytesPerTagValues defines the maximum size in bytes of a tag-values query. + + |
+
+
+maxSearchBytesPerTrace+ + + +int + + + + |
+
+
+
+(Optional)
+
+ MaxSearchBytesPerTrace defines the maximum size of search data for a single
+trace in bytes.
+default: |
+
+ +(Appears on:LimitSpec) + +
+ +
+
+
+
+RateLimitSpec defines rate limits for Ingestion and Query components.
+ +| Field | + +Description | + +
|---|---|
+
+ingestion+ + + + + +IngestionLimitSpec + + + + + + |
+
+
+
+(Optional)
+
+ Ingestion is used to define ingestion rate limits. + + |
+
+
+query+ + + + + +QueryLimit + + + + + + |
+
+
+
+(Optional)
+
+ Query is used to define query rate limits. + + |
+
+ +(Appears on:TempoStackSpec) + +
+ +
+
+
+
+Resources defines resources configuration.
+ +| Field | + +Description | + +
|---|---|
+
+total+ + + + + +Kubernetes core/v1.ResourceRequirements + + + + + + |
+
+
+
+(Optional)
+
+ The total amount of resources for Tempo instance. +The operator autonomously splits resources between deployed Tempo components. +Only limits are supported, the operator calculates requests automatically. +See http://github.com/grafana/tempo/issues/1540. + + |
+
+ +(Appears on:RetentionSpec) + +
+ +
+
+
+
+RetentionConfig defines how long data should be provided.
+ +| Field | + +Description | + +
|---|---|
+
+traces+ + + + + +Kubernetes meta/v1.Duration + + + + + + |
+
+
+
+(Optional)
+
+ Traces defines retention period. Supported parameter suffixes are “s”, “m” and “h”. +example: 336h +default: value is 48h. + + |
+
+ +(Appears on:TempoStackSpec) + +
+ +
+
+
+
+RetentionSpec defines global and per tenant retention configurations.
+ +| Field | + +Description | + +
|---|---|
+
+perTenant+ + + + + +map[string]github.com/os-observability/tempo-operator/apis/tempo/v1alpha1.RetentionConfig + + + + + + |
+
+
+
+(Optional)
+
+ PerTenant is used to configure retention per tenant. + + |
+
+
+global+ + + + + +RetentionConfig + + + + + + |
+
+
+
+(Optional)
+
+ Global is used to configure global retention. + + |
+
+ +(Appears on:AuthorizationSpec) + +
+ +
+
+
+
+RoleBindingsSpec binds a set of roles to a set of subjects.
+ +| Field | + +Description | + +
|---|---|
+
+name+ + + +string + + + + |
+
++ + | +
+
+subjects+ + + + + +[]Subject + + + + + + |
+
++ + | +
+
+roles+ + + +[]string + + + + |
+
++ + | +
+ +(Appears on:AuthorizationSpec) + +
+ +
+
+
+
+RoleSpec describes a set of permissions to interact with a tenant.
+ +| Field | + +Description | + +
|---|---|
+
+name+ + + +string + + + + |
+
++ + | +
+
+resources+ + + +[]string + + + + |
+
++ + | +
+
+tenants+ + + +[]string + + + + |
+
++ + | +
+
+permissions+ + + + + +[]PermissionType + + + + + + |
+
++ + | +
+ +(Appears on:TempoStackSpec) + +
+ +
+
+
+
+SearchSpec specified the global search parameters.
+ +| Field | + +Description | + +
|---|---|
+
+defaultResultLimit+ + + +int + + + + |
+
+
+
+(Optional)
+
+ Limit used for search requests if none is set by the caller (default: 20) + + |
+
+
+maxDuration+ + + + + +Kubernetes meta/v1.Duration + + + + + + |
+
+
+
+(Optional)
+
+ The maximum allowed time range for a search, default: 0s which means unlimited. + + |
+
+
+maxResultLimit+ + + +int + + + + |
+
+
+
+(Optional)
+
+ The maximum allowed value of the limit parameter on search requests. If the search request limit parameter +exceeds the value configured here it will be set to the value configured here. +The default value of 0 disables this limit. + + |
+
+ +(Appears on:RoleBindingsSpec) + +
+ +
+
+
+
+Subject represents a subject that has been bound to a role.
+ +| Field | + +Description | + +
|---|---|
+
+name+ + + +string + + + + |
+
++ + | +
+
+kind+ + + + + +SubjectKind + + + + + + |
+
++ + | +
string alias)
+
++ +(Appears on:Subject) + +
+ +
+
+
+
+SubjectKind is a kind of Tempo Gateway RBAC subject.
+ +| Value | + +Description | + +
|---|---|
"group" |
+
+Group represents a subject that is a group. + |
+
+
"user" |
+
+User represents a subject that is a user. + |
+
+
string alias)
+
++ +(Appears on:JaegerQueryRouteSpec) + +
+ +
+
+
+
+TLSRouteTerminationType is used to indicate which TLS settings should be used.
+ +| Value | + +Description | + +
|---|---|
"edge" |
+
+TLSRouteTerminationTypeEdge indicates that encryption should be terminated +at the edge router. + |
+
+
"insecure" |
+
+TLSRouteTerminationTypeInsecure indicates that insecure connections are allowed. + |
+
+
"passthrough" |
+
+TLSRouteTerminationTypePassthrough indicates that the destination service is +responsible for decrypting traffic. + |
+
+
"reencrypt" |
+
+TLSRouteTerminationTypeReencrypt indicates that traffic will be decrypted on the edge +and re-encrypt using a new certificate. + |
+
+
+ +(Appears on:TempoComponentsSpec, TempoGatewaySpec, TempoQueryFrontendSpec) + +
+ +
+
+
+
+TempoComponentSpec defines specific schedule settings for tempo components.
+ +| Field | + +Description | + +
|---|---|
+
+replicas+ + + +int32 + + + + |
+
+
+
+(Optional)
+
+ Replicas represents the number of replicas to create for this component. + + |
+
+
+nodeSelector+ + + +map[string]string + + + + |
+
+
+
+(Optional)
+
+ NodeSelector is the simplest recommended form of node selection constraint. + + |
+
+
+tolerations+ + + + + +[]Kubernetes core/v1.Toleration + + + + + + |
+
+
+
+(Optional)
+
+ Tolerations defines component specific pod tolerations. + + |
+
+ +(Appears on:TempoStackSpec) + +
+ +
+
+
+
+TempoComponentsSpec defines the template of all requirements to configure +scheduling of all Tempo components to be deployed.
+ +| Field | + +Description | + +
|---|---|
+
+distributor+ + + + + +TempoComponentSpec + + + + + + |
+
+
+
+(Optional)
+
+ Distributor defines the distributor component spec. + + |
+
+
+ingester+ + + + + +TempoComponentSpec + + + + + + |
+
+
+
+(Optional)
+
+ Ingester defines the ingester component spec. + + |
+
+
+compactor+ + + + + +TempoComponentSpec + + + + + + |
+
+
+
+(Optional)
+
+ Compactor defines the tempo compactor component spec. + + |
+
+
+querier+ + + + + +TempoComponentSpec + + + + + + |
+
+
+
+(Optional)
+
+ Querier defines the querier component spec. + + |
+
+
+queryFrontend+ + + + + +TempoQueryFrontendSpec + + + + + + |
+
+
+
+(Optional)
+
+ TempoQueryFrontendSpec defines the query frontend spec. + + |
+
+
+gateway+ + + + + +TempoGatewaySpec + + + + + + |
+
+
+
+(Optional)
+
+ Gateway defines the tempo gateway spec. + + |
+
+ +(Appears on:TempoComponentsSpec) + +
+ +
+
+
+
+TempoGatewaySpec extends TempoComponentSpec with gateway parameters.
+ +| Field | + +Description | + +
|---|---|
+
+component+ + + + + +TempoComponentSpec + + + + + + |
+
+
+
+(Optional)
+
+ TempoComponentSpec is embedded to extend this definition with further options. + +Currently there is no way to inline this field. +See: https://github.com/golang/go/issues/6213 + + |
+
+
+enabled+ + + +bool + + + + |
+
++ + | +
+ +(Appears on:TempoComponentsSpec) + +
+ +
+
+
+
+TempoQueryFrontendSpec extends TempoComponentSpec with frontend specific parameters.
+ +| Field | + +Description | + +
|---|---|
+
+component+ + + + + +TempoComponentSpec + + + + + + |
+
+
+
+(Optional)
+
+ TempoComponentSpec is embedded to extend this definition with further options. + +Currently there is no way to inline this field. +See: https://github.com/golang/go/issues/6213 + + |
+
+
+jaegerQuery+ + + + + +JaegerQuerySpec + + + + + + |
+
+
+
+(Optional)
+
+ JaegerQuerySpec defines Jaeger Query specific options. + + |
+
+
+
+
+TempoStack is the Schema for the tempostacks API.
+ +| Field | + +Description | + +
|---|---|
+
+status+ + + + + +TempoStackStatus + + + + + + |
+
++ + | +
+
+metadata+ + + + + +Kubernetes meta/v1.ObjectMeta + + + + + + |
+
+
+
+Refer to the Kubernetes API documentation for the fields of the
+
+metadata field.
+
+ |
+
+
+spec+ + + + + +TempoStackSpec + + + + + + |
+
++ + | +
+ +(Appears on:TempoStack) + +
+ +
+
+
+
+TempoStackSpec defines the desired state of TempoStack.
+ +| Field | + +Description | + +
|---|---|
+
+limits+ + + + + +LimitSpec + + + + + + |
+
+
+
+(Optional)
+
+ LimitSpec is used to limit ingestion and querying rates. + + |
+
+
+storageClassName+ + + +string + + + + |
+
+
+
+(Optional)
+
+ StorageClassName for PVCs used by ingester. Defaults to nil (default storage class in the cluster). + + |
+
+
+resources+ + + + + +Resources + + + + + + |
+
+
+
+(Optional)
+
+ Resources defines resources configuration. + + |
+
+
+storageSize+ + + +k8s.io/apimachinery/pkg/api/resource.Quantity + + + + |
+
+
+
+(Optional)
+
+ StorageSize for PVCs used by ingester. Defaults to 10Gi. + + |
+
+
+images+ + + + + +Feature Gates.ImagesSpec + + + + + + |
+
+
+
+(Optional)
+
+ Images defines the image for each container. + + |
+
+
+storage+ + + + + +ObjectStorageSpec + + + + + + |
+
+
+
+ Storage defines S3 compatible object storage configuration. +User is required to create secret and supply it. + + |
+
+
+retention+ + + + + +RetentionSpec + + + + + + |
+
+
+
+(Optional)
+
+ NOTE: currently this field is not considered. +Retention period defined by dataset. +User can specify how long data should be stored. + + |
+
+
+serviceAccount+ + + +string + + + + |
+
+
+
+(Optional)
+
+ ServiceAccount defines the service account to use for all tempo components. + + |
+
+
+search+ + + + + +SearchSpec + + + + + + |
+
+
+
+(Optional)
+
+ SearchSpec control the configuration for the search capabilities. + + |
+
+
+template+ + + + + +TempoComponentsSpec + + + + + + |
+
+
+
+(Optional)
+
+ Components defines requirements for a set of tempo components. + + |
+
+
+replicationFactor+ + + +int + + + + |
+
+
+
+(Optional)
+
+ NOTE: currently this field is not considered. +ReplicationFactor is used to define how many component replicas should exist. + + |
+
+
+tenants+ + + + + +TenantsSpec + + + + + + |
+
+
+
+(Optional)
+
+ Tenants defines the per-tenant authentication and authorization spec. + + |
+
+ +(Appears on:TempoStack) + +
+ +
+
+
+
+TempoStackStatus defines the observed state of TempoStack.
+ +| Field | + +Description | + +
|---|---|
+
+tempoVersion+ + + +string + + + + |
+
+
+
+(Optional)
+
+ Version of the managed Tempo instance. + + |
+
+
+tempoQueryVersion+ + + +string + + + + |
+
+
+
+(Optional)
+
+ Version of the Tempo Query component used. + + |
+
+
+components+ + + + + +ComponentStatus + + + + + + |
+
+
+
+(Optional)
+
+ Components provides summary of all Tempo pod status grouped +per component. + + |
+
+
+conditions+ + + + + +[]Kubernetes meta/v1.Condition + + + + + + |
+
+
+
+(Optional)
+
+ Conditions of the Tempo deployment health. + + |
+
+ +(Appears on:OIDCSpec) + +
+ +
+
+
+
+TenantSecretSpec is a secret reference containing name only +for a secret living in the same namespace as the (Tempo) TempoStack custom resource.
+ +| Field | + +Description | + +
|---|---|
+
+name+ + + +string + + + + |
+
+
+
+(Optional)
+
+ Name of a secret in the namespace configured for tenant secrets. + + |
+
+ +(Appears on:TempoStackSpec) + +
+ +
+
+
+
+TenantsSpec defines the mode, authentication and authorization +configuration of the tempo gateway component.
+ +| Field | + +Description | + +
|---|---|
+
+mode+ + + + + +ModeType + + + + + + |
+
+
+
+ Mode defines the multitenancy mode. + + |
+
+
+authentication+ + + + + +[]AuthenticationSpec + + + + + + |
+
+
+
+(Optional)
+
+ Authentication defines the tempo-gateway component authentication configuration spec per tenant. + + |
+
+
+authorization+ + + + + +AuthorizationSpec + + + + + + |
+
+
+
+(Optional)
+
+ Authorization defines the tempo-gateway component authorization configuration spec per tenant. + + |
+
+ + + + diff --git a/docs/operator/compatibility.md b/docs/operator/compatibility.md new file mode 100644 index 000000000..34d4c4555 --- /dev/null +++ b/docs/operator/compatibility.md @@ -0,0 +1,29 @@ +--- +title: "Compatibility" +description: "The Tempo Operator supports a number of Kubernetes and Tempo releases." +lead: "" +date: 2022-06-21T08:48:45+00:00 +lastmod: 2022-06-21T08:48:45+00:00 +draft: false +images: [] +menu: + docs: + parent: "operator" +weight: 100 +toc: true +--- + +The Tempo Operator supports a number of Kubernetes and Tempo releases. + +## Kubernetes + +The Tempo Operator uses client-go to communicate with Kubernetes clusters. The supported Kubernetes cluster version is determined by client-go. The compatibility matrix for client-go and Kubernetes clusters can be found [here](https://github.com/kubernetes/client-go#compatibility-matrix). All additional compatibility is only best effort, or happens to still/already be supported. The currently used client-go version is "v0.25.0". + +This operator was tested on Kubernetes >= v1.21.0, so at least that version is required. + + +## Tempo + +The versions of Tempo compatible to be run with the Tempo Operator are: + +* v2.0.1 diff --git a/docs/operator/feature-gates.md b/docs/operator/feature-gates.md new file mode 100644 index 000000000..3273d1374 --- /dev/null +++ b/docs/operator/feature-gates.md @@ -0,0 +1,963 @@ + +--- +title: "Feature Gates" +description: "Generated API docs for the Tempo Operator" +lead: "" +draft: false +images: [] +menu: + docs: + parent: "operator" +weight: 1000 +toc: true +--- + +This Document contains the types introduced by the Tempo Operator to be consumed by users. + +> This page is automatically generated with `gen-crd-api-reference-docs`. + +# config.tempo.grafana.com/v1alpha1 { #config-tempo-grafana-com-v1alpha1 } + +
+
+
+
+Resource Types:
+
+
+## BuiltInCertManagement { #config-tempo-grafana-com-v1alpha1-BuiltInCertManagement }
+
+Package v1alpha1 contains API Schema definitions for the config.tempo v1alpha1 API group.
+ ++ +(Appears on:FeatureGates) + +
+ +
+
+
+
+BuiltInCertManagement is the configuration for the built-in facility to generate and rotate +TLS client and serving certificates for all Tempo services and internal clients except +for the tempo-gateway.
+ +| Field | + +Description | + +
|---|---|
+
+caValidity+ + + + + +Kubernetes meta/v1.Duration + + + + + + |
+
+
+
+ CACertValidity defines the total duration of the CA certificate validity. + + |
+
+
+caRefresh+ + + + + +Kubernetes meta/v1.Duration + + + + + + |
+
+
+
+ CACertRefresh defines the duration of the CA certificate validity until a rotation +should happen. It can be set up to 80% of CA certificate validity or equal to the +CA certificate validity. Latter should be used only for rotating only when expired. + + |
+
+
+certValidity+ + + + + +Kubernetes meta/v1.Duration + + + + + + |
+
+
+
+ CertValidity defines the total duration of the validity for all Tempo certificates. + + |
+
+
+certRefresh+ + + + + +Kubernetes meta/v1.Duration + + + + + + |
+
+
+
+ CertRefresh defines the duration of the certificate validity until a rotation +should happen. It can be set up to 80% of certificate validity or equal to the +certificate validity. Latter should be used only for rotating only when expired. +The refresh is applied to all Tempo certificates at once. + + |
+
+
+enabled+ + + +bool + + + + |
+
+
+
+ Enabled defines to flag to enable/disable built-in certificate management feature gate. + + |
+
+ +(Appears on:ProjectConfig) + +
+ +
+
+
+
+FeatureGates is the supported set of all operator feature gates.
+ +| Field | + +Description | + +
|---|---|
+
+openshift+ + + + + +OpenShiftFeatureGates + + + + + + |
+
+
+
+ OpenShift contains a set of feature gates supported only on OpenShift. + + |
+
+
+builtInCertManagement+ + + + + +BuiltInCertManagement + + + + + + |
+
+
+
+ BuiltInCertManagement enables the built-in facility for generating and rotating
+TLS client and serving certificates for the communication between ingesters and distributors and also between
+query and queryfrontend, In detail all internal Tempo HTTP and GRPC communication is lifted
+to require mTLS.
+In addition each service requires a configmap named as the MicroService CR with the
+suffix |
+
+
+httpEncryption+ + + +bool + + + + |
+
+
+
+ HTTPEncryption enables TLS encryption for all HTTP TempoStack services.
+Each HTTP service requires a secret named as the service with the following data:
+- |
+
+
+grpcEncryption+ + + +bool + + + + |
+
+
+
+ GRPCEncryption enables TLS encryption for all GRPC TempoStack services.
+Each GRPC service requires a secret named as the service with the following data:
+- |
+
+
+tlsProfile+ + + +string + + + + |
+
+
+
+ TLSProfile allows to chose a TLS security profile. Enforced +when using HTTPEncryption or GRPCEncryption. + + |
+
+ +(Appears on:ProjectConfig) + +
+ +
+
+
+
+ImagesSpec defines the image for each container.
+ +| Field | + +Description | + +
|---|---|
+
+tempo+ + + +string + + + + |
+
+
+
+(Optional)
+
+ Tempo defines the tempo container image. + + |
+
+
+tempoQuery+ + + +string + + + + |
+
+
+
+(Optional)
+
+ TempoQuery defines the tempo-query container image. + + |
+
+
+tempoGateway+ + + +string + + + + |
+
+
+
+(Optional)
+
+ TempoGateway defines the tempo-gateway container image. + + |
+
+ +(Appears on:FeatureGates) + +
+ +
+
+
+
+OpenShiftFeatureGates is the supported set of all operator features gates on OpenShift.
+ +| Field | + +Description | + +
|---|---|
+
+servingCertsService+ + + +bool + + + + |
+
+
+
+ ServingCertsService enables OpenShift service-ca annotations on the TempoStack gateway service only +to use the in-platform CA and generate a TLS cert/key pair per service for +in-cluster data-in-transit encryption. +More details: https://docs.openshift.com/container-platform/latest/security/certificate_types_descriptions/service-ca-certificates.html + + |
+
+
+gatewayRoute+ + + +bool + + + + |
+
+
+
+ GatewayRoute enables creating an OpenShift Route for the TempoStack +gateway to expose the service to public internet access. +More details: https://docs.openshift.com/container-platform/latest/networking/understanding-networking.html + + |
+
+
+openshiftRoute+ + + +bool + + + + |
+
+
+
+ OpenShiftRoute enables creating OpenShift Route objects. +More details: https://docs.openshift.com/container-platform/latest/networking/understanding-networking.html + + |
+
+
+baseDomain+ + + +string + + + + |
+
+
+
+ BaseDomain is used internally for redirect URL in gateway OpenShift auth mode. +If empty the operator automatically derives the domain from the cluster. + + |
+
+
+ClusterTLSPolicy+ + + +bool + + + + |
+
+
+
+ ClusterTLSPolicy enables usage of TLS policies set in the API Server. +More details: https://docs.openshift.com/container-platform/4.11/security/tls-security-profiles.html + + |
+
+
+
+
+ProjectConfig is the Schema for the projectconfigs API.
+ +| Field | + +Description | + +
|---|---|
+
+syncPeriod+ + + + + +Kubernetes meta/v1.Duration + + + + + + |
+
+
+
+(Optional)
+
+ SyncPeriod determines the minimum frequency at which watched resources are +reconciled. A lower period will correct entropy more quickly, but reduce +responsiveness to change if there are many watched resources. Change this +value only if you know what you are doing. Defaults to 10 hours if unset. +there will a 10 percent jitter between the SyncPeriod of all controllers +so that all controllers will not send list requests simultaneously. + + |
+
+
+leaderElection+ + + + + +Kubernetes v1alpha1.LeaderElectionConfiguration + + + + + + |
+
+
+
+(Optional)
+
+ LeaderElection is the LeaderElection config to be used when configuring +the manager.Manager leader election + + |
+
+
+cacheNamespace+ + + +string + + + + |
+
+
+
+(Optional)
+
+ CacheNamespace if specified restricts the manager’s cache to watch objects in +the desired namespace Defaults to all namespaces + +Note: If a namespace is specified, controllers can still Watch for a +cluster-scoped resource (e.g Node). For namespaced resources the cache +will only hold objects from the desired namespace. + + |
+
+
+gracefulShutDown+ + + + + +Kubernetes meta/v1.Duration + + + + + + |
+
+
+
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. +To disable graceful shutdown, set to time.Duration(0) +To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) +The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + + |
+
+
+controller+ + + + + +K8S Controller-runtime v1alpha1.ControllerConfigurationSpec + + + + + + |
+
+
+
+(Optional)
+
+ Controller contains global configuration options for controllers +registered within this manager. + + |
+
+
+metrics+ + + + + +K8S Controller-runtime v1alpha1.ControllerMetrics + + + + + + |
+
+
+
+(Optional)
+
+ Metrics contains thw controller metrics configuration + + |
+
+
+health+ + + + + +K8S Controller-runtime v1alpha1.ControllerHealth + + + + + + |
+
+
+
+(Optional)
+
+ Health contains the controller health configuration + + |
+
+
+webhook+ + + + + +K8S Controller-runtime v1alpha1.ControllerWebhook + + + + + + |
+
+
+
+(Optional)
+
+ Webhook contains the controllers webhook configuration + + |
+
+
+images+ + + + + +ImagesSpec + + + + + + |
+
++ + | +
+
+featureGates+ + + + + +FeatureGates + + + + + + |
+
++ + | +
string alias)
+
+
+
+
+
+TLSProfileType is a TLS security profile based on the Mozilla definitions: +https://wiki.mozilla.org/Security/Server_Side_TLS
+ +| Value | + +Description | + +
|---|---|
"Intermediate" |
+
+TLSProfileIntermediateType is a TLS security profile based on: +https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 + |
+
+
"Modern" |
+
+TLSProfileModernType is a TLS security profile based on: +https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + |
+
+
"Old" |
+
+TLSProfileOldType is a TLS security profile based on: +https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + |
+
+
+ + + + diff --git a/docs/prologue/_index.md b/docs/prologue/_index.md new file mode 100644 index 000000000..930231f89 --- /dev/null +++ b/docs/prologue/_index.md @@ -0,0 +1,9 @@ +--- +title : "Prologue" +description: "Prologue for the Tempo Operator." +lead: "" +date: 2022-06-21T08:48:45+00:00 +lastmod: 2022-06-21T08:48:45+00:00 +draft: false +images: [] +--- diff --git a/docs/prologue/introduction.md b/docs/prologue/introduction.md new file mode 100644 index 000000000..a85f0b5c4 --- /dev/null +++ b/docs/prologue/introduction.md @@ -0,0 +1,27 @@ +--- +title: "Introduction" +description: "The Tempo Operator provides Kubernetes native deployment and management of Tenoi and related tracing components" +lead: "" +date: 2022-06-21T08:48:45+00:00 +lastmod: 2022-06-21T08:48:45+00:00 +draft: false +images: [] +menu: + docs: + parent: "prologue" +weight: 100 +toc: true +--- + +The Tempo Operator provides [Kubernetes](https://kubernetes.io/) native deployment and management of [Tempo](https://github.com/grafana/tempo) and related tracing components. +The purpose of this project is to simplify and automate the configuration of a Tempo based tracing stack for Kubernetes clusters. + +The Tempo operator includes, but is not limited to, the following features: + +* Kubernetes Custom Resources: Use Kubernetes custom resources to deploy and manage Tempo, and related components. +* Simplified Deployment Configuration: Configure the fundamentals of Tempo like tenants, limits, replication factor and storage from a native Kubernetes resource. + +## Get started + +### Quick Start + diff --git a/docs/tempostack/object_storage.md b/docs/tempostack/object_storage.md new file mode 100644 index 000000000..f8e61cd10 --- /dev/null +++ b/docs/tempostack/object_storage.md @@ -0,0 +1,49 @@ +--- +title: "Object Storage" +description: "Setup for storing traces to Object Storage" +lead: "" +date: 2022-06-21T08:48:45+00:00 +lastmod: 2022-06-21T08:48:45+00:00 +draft: false +images: [] +menu: + docs: + parent: "tempostack" +weight: 100 +toc: true +--- + +Tempo Operator supports [Minio](https://min.io/) for TempoStack object storage. + +## Minio + +### Requirements + +* Deploy Minio on your Cluster, e.g. using the [Minio Operator](https://operator.min.io/) + +* Create a [bucket](https://docs.min.io/docs/minio-client-complete-guide.html) on Minio via CLI. + +### Installation + +* Deploy the Tempo Operator to your cluster. + +* Create an Object Storage secret with keys as follows: + + ```console + kubectl create secret generic tempostack-dev-minio \ + --from-literal=bucket="
+
+
+ 
+
+
+ {{ .Title }}
+
+
+ {{ .Params.lead | safeHTML }}
+ Get started + +
+
+
+
+
+
+ TempoStack
+Secure and multi-tenant Tempo instances with built-in authentication/authorization
+
+
+
+
+ Authentication using OIDC/OAuth2/OpenShift
+
+
+
+ {{- .Content -}}
+
+