Service monitor scrap tempo metrics for monolithic

Signed-off-by: Ruben Vargas <[email protected]>

Author: rubenvp8510

.chloggen/fix_monolithic_metrics.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: bug_fix
+
+# The name of the component, or a single word describing the area of concern, (e.g. tempostack, tempomonolithic, github action)
+component: tempomonolithic
+
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Scrap tempo metrics for monolithic.
+
+# One or more tracking issues related to the change
+issues: [1275]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

internal/manifests/monolithic/configmap.go

@@ -177,8 +177,9 @@ func buildTempoConfig(opts Options) ([]byte, error) {
 	config.Server.HttpServerReadTimeout = opts.Tempo.Spec.Timeout.Duration
 	config.Server.HttpServerWriteTimeout = opts.Tempo.Spec.Timeout.Duration
 	if tempo.Spec.Multitenancy.IsGatewayEnabled() {
+		// We need this to scrap metrics.
+		config.Server.HTTPListenAddress = "0.0.0.0"
 		// all connections to tempo must go via gateway
-		config.Server.HTTPListenAddress = "localhost"
 		config.Server.GRPCListenAddress = "localhost"
 	}
 

internal/manifests/monolithic/servicemonitor.go

@@ -12,9 +12,14 @@ func BuildServiceMonitor(opts Options) *monitoringv1.ServiceMonitor {
 	tempo := opts.Tempo
 	if tempo.Spec.Multitenancy.IsGatewayEnabled() {
 		labels := ComponentLabels(manifestutils.GatewayComponentName, tempo.Name)
-		return servicemonitor.NewServiceMonitor(tempo.Namespace, tempo.Name, labels, false, manifestutils.GatewayComponentName, manifestutils.GatewayInternalHttpPortName)
+		return servicemonitor.NewServiceMonitor(tempo.Namespace, tempo.Name, labels, false, manifestutils.GatewayComponentName,
+			[]string{
+				manifestutils.GatewayInternalHttpPortName,
+				manifestutils.HttpPortName,
+			})
 	} else {
 		labels := ComponentLabels(manifestutils.TempoMonolithComponentName, tempo.Name)
-		return servicemonitor.NewServiceMonitor(tempo.Namespace, tempo.Name, labels, false, manifestutils.TempoMonolithComponentName, manifestutils.HttpPortName)
+		return servicemonitor.NewServiceMonitor(
+			tempo.Namespace, tempo.Name, labels, false, manifestutils.TempoMonolithComponentName, []string{manifestutils.HttpPortName})
 	}
 }

internal/manifests/monolithic/servicemonitor_test.go

@@ -120,7 +120,23 @@ func TestBuildServiceMonitorGateway(t *testing.T) {
 						TargetLabel:  "job",
 					},
 				},
-			}},
+			}, {
+				Scheme: "http",
+				Port:   "http",
+				Path:   "/metrics",
+				RelabelConfigs: []*monitoringv1.RelabelConfig{
+					{
+						SourceLabels: []monitoringv1.LabelName{"__meta_kubernetes_service_label_app_kubernetes_io_instance"},
+						TargetLabel:  "cluster",
+					},
+					{
+						SourceLabels: []monitoringv1.LabelName{"__meta_kubernetes_namespace", "__meta_kubernetes_service_label_app_kubernetes_io_component"},
+						Separator:    ptr.To("/"),
+						TargetLabel:  "job",
+					},
+				},
+			},
+			},
 			NamespaceSelector: monitoringv1.NamespaceSelector{
 				MatchNames: []string{"default"},
 			},

internal/manifests/monolithic/services.go

@@ -146,6 +146,12 @@ func buildGatewayService(opts Options) *corev1.Service {
 			Port:       manifestutils.GatewayPortInternalHTTPServer,
 			TargetPort: intstr.FromString(manifestutils.GatewayInternalHttpPortName),
 		},
+		{
+			Name:       manifestutils.HttpPortName,
+			Protocol:   corev1.ProtocolTCP,
+			Port:       manifestutils.PortHTTPServer,
+			TargetPort: intstr.FromString(manifestutils.HttpPortName),
+		},
 	}
 
 	if tempo.Spec.Ingestion != nil && tempo.Spec.Ingestion.OTLP != nil &&

internal/manifests/monolithic/services_test.go

@@ -269,6 +269,12 @@ func TestBuildServices(t *testing.T) {
 								Port:       8081,
 								TargetPort: intstr.FromString("internal"),
 							},
+							{
+								Name:       "http",
+								Protocol:   corev1.ProtocolTCP,
+								Port:       3200,
+								TargetPort: intstr.FromString("http"),
+							},
 							{
 								Name:       "otlp-grpc",
 								Protocol:   corev1.ProtocolTCP,

internal/manifests/servicemonitor/servicemonitor.go

@@ -35,14 +35,14 @@ func BuildServiceMonitors(params manifestutils.Params) []client.Object {
 
 func buildServiceMonitor(params manifestutils.Params, component string, port string) *monitoringv1.ServiceMonitor {
 	labels := manifestutils.ComponentLabels(component, params.Tempo.Name)
-	return NewServiceMonitor(params.Tempo.Namespace, params.Tempo.Name, labels, params.CtrlConfig.Gates.HTTPEncryption, component, port)
+	return NewServiceMonitor(params.Tempo.Namespace, params.Tempo.Name, labels, params.CtrlConfig.Gates.HTTPEncryption, component, []string{port})
 }
 
 func buildFrontEndServiceMonitor(params manifestutils.Params, port string) *monitoringv1.ServiceMonitor {
 	labels := manifestutils.ComponentLabels(manifestutils.QueryFrontendComponentName, params.Tempo.Name)
 	tls := params.CtrlConfig.Gates.HTTPEncryption && params.Tempo.Spec.Template.Gateway.Enabled
 	return NewServiceMonitor(params.Tempo.Namespace, params.Tempo.Name, labels, tls,
-		manifestutils.QueryFrontendComponentName, port)
+		manifestutils.QueryFrontendComponentName, []string{port})
 }
 
 // NewServiceMonitor creates a ServiceMonitor.
@@ -52,7 +52,7 @@ func NewServiceMonitor(
 	labels labels.Set,
 	tls bool,
 	component string,
-	port string,
+	ports []string,
 ) *monitoringv1.ServiceMonitor {
 	scheme := "http"
 	var tlsConfig *monitoringv1.TLSConfig
@@ -91,6 +91,30 @@ func NewServiceMonitor(
 		}
 	}
 
+	var endpoints []monitoringv1.Endpoint
+
+	for _, port := range ports {
+		endpoints = append(endpoints, monitoringv1.Endpoint{
+			Scheme:    scheme,
+			Port:      port,
+			Path:      "/metrics",
+			TLSConfig: tlsConfig,
+			// Custom relabel configs to be compatible with predefined Tempo dashboards:
+			// https://grafana.com/docs/tempo/latest/operations/monitoring/#dashboards
+			RelabelConfigs: []*monitoringv1.RelabelConfig{
+				{
+					SourceLabels: []monitoringv1.LabelName{"__meta_kubernetes_service_label_app_kubernetes_io_instance"},
+					TargetLabel:  "cluster",
+				},
+				{
+					SourceLabels: []monitoringv1.LabelName{"__meta_kubernetes_namespace", "__meta_kubernetes_service_label_app_kubernetes_io_component"},
+					Separator:    ptr.To("/"),
+					TargetLabel:  "job",
+				},
+			},
+		})
+	}
+
 	return &monitoringv1.ServiceMonitor{
 		TypeMeta: metav1.TypeMeta{
 			APIVersion: monitoringv1.SchemeGroupVersion.String(),
@@ -102,25 +126,7 @@ func NewServiceMonitor(
 			Labels:    labels,
 		},
 		Spec: monitoringv1.ServiceMonitorSpec{
-			Endpoints: []monitoringv1.Endpoint{{
-				Scheme:    scheme,
-				Port:      port,
-				Path:      "/metrics",
-				TLSConfig: tlsConfig,
-				// Custom relabel configs to be compatible with predefined Tempo dashboards:
-				// https://grafana.com/docs/tempo/latest/operations/monitoring/#dashboards
-				RelabelConfigs: []*monitoringv1.RelabelConfig{
-					{
-						SourceLabels: []monitoringv1.LabelName{"__meta_kubernetes_service_label_app_kubernetes_io_instance"},
-						TargetLabel:  "cluster",
-					},
-					{
-						SourceLabels: []monitoringv1.LabelName{"__meta_kubernetes_namespace", "__meta_kubernetes_service_label_app_kubernetes_io_component"},
-						Separator:    ptr.To("/"),
-						TargetLabel:  "job",
-					},
-				},
-			}},
+			Endpoints: endpoints,
 			NamespaceSelector: monitoringv1.NamespaceSelector{
 				MatchNames: []string{namespace},
 			},

tests/e2e-openshift-object-stores/aws-sts-monolithic/out.txt

@@ -0,0 +1,173 @@
+Name:         tempo-tmmono-0
+Namespace:    tempo
+Priority:     0
+Node:         crc/192.168.126.11
+Start Time:   Wed, 14 May 2025 22:00:36 -0600
+Labels:       app.kubernetes.io/component=tempo
+              app.kubernetes.io/instance=tmmono
+              app.kubernetes.io/managed-by=tempo-operator
+              app.kubernetes.io/name=tempo-monolithic
+              apps.kubernetes.io/pod-index=0
+              controller-revision-hash=tempo-tmmono-587bb7976b
+              statefulset.kubernetes.io/pod-name=tempo-tmmono-0
+Annotations:  k8s.ovn.org/pod-networks:
+                {"default":{"ip_addresses":["10.217.0.120/23"],"mac_address":"0a:58:0a:d9:00:78","gateway_ips":["10.217.0.1"],"routes":[{"dest":"10.217.0....
+              k8s.v1.cni.cncf.io/network-status:
+                [{
+                    "name": "ovn-kubernetes",
+                    "interface": "eth0",
+                    "ips": [
+                        "10.217.0.120"
+                    ],
+                    "mac": "0a:58:0a:d9:00:78",
+                    "default": true,
+                    "dns": {}
+                }]
+              openshift.io/scc: restricted-v2
+              seccomp.security.alpha.kubernetes.io/pod: runtime/default
+              tempo.grafana.com/tempoConfig.hash: f7f667dd55f49777f17305255e46f2241e6728d95c531cc77170f54e032244be
+Status:       Pending
+IP:           10.217.0.120
+IPs:
+  IP:           10.217.0.120
+Controlled By:  StatefulSet/tempo-tmmono
+Containers:
+  tempo:
+    Container ID:  
+    Image:         docker.io/grafana/tempo:2.7.2
+    Image ID:      
+    Ports:         3200/TCP, 3101/TCP, 4317/TCP, 4318/TCP
+    Host Ports:    0/TCP, 0/TCP, 0/TCP, 0/TCP
+    Args:
+      -config.file=/conf/tempo.yaml
+      -mem-ballast-size-mbs=1024
+      -log.level=info
+      --storage.trace.s3.secret_key=$(S3_SECRET_KEY)
+      --storage.trace.s3.access_key=$(S3_ACCESS_KEY)
+    State:          Waiting
+      Reason:       CreateContainerConfigError
+    Ready:          False
+    Restart Count:  0
+    Readiness:      http-get http://:tempo-internal/ready delay=15s timeout=1s period=10s #success=1 #failure=3
+    Environment:
+      S3_SECRET_KEY:  <set to the key 'access_key_secret' in secret 'aws-sts'>  Optional: false
+      S3_ACCESS_KEY:  <set to the key 'access_key_id' in secret 'aws-sts'>      Optional: false
+    Mounts:
+      /conf from tempo-conf (ro)
+      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-wpk74 (ro)
+      /var/tempo from tempo-storage (rw)
+  jaeger-query:
+    Container ID:  cri-o://de0274c3fd0d76c0c54b493c822c79c42cbe35d67d20dd0d6af2a4fd29dceedf
+    Image:         docker.io/jaegertracing/jaeger-query:1.68.0
+    Image ID:      docker.io/jaegertracing/jaeger-query@sha256:51d85a53cb9a1bba8b016537b03023be02ae666f18af406fd98904b78a5df5f4
+    Ports:         16685/TCP, 16686/TCP, 16687/TCP
+    Host Ports:    0/TCP, 0/TCP, 0/TCP
+    Args:
+      --query.base-path=/
+      --span-storage.type=grpc
+      --grpc-storage.server=localhost:7777
+      --query.bearer-token-propagation=true
+    State:          Running
+      Started:      Wed, 14 May 2025 22:00:41 -0600
+    Ready:          True
+    Restart Count:  0
+    Environment:    <none>
+    Mounts:
+      /tmp from tempo-query-tmp (rw)
+      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-wpk74 (ro)
+  tempo-query:
+    Container ID:  cri-o://c32026ba2f28bb23dd09ebbe82e8e3ae1f01b56fa2be21d7c708642fc199bc19
+    Image:         docker.io/grafana/tempo-query:2.7.2
+    Image ID:      docker.io/grafana/tempo-query@sha256:284a83d6d2b3430d7b80d66657377812f73ceaaa9c9939cb79f08bf8e9e2a88d
+    Port:          7777/TCP
+    Host Port:     0/TCP
+    Args:
+      -config=/conf/tempo-query.yaml
+    State:          Running
+      Started:      Wed, 14 May 2025 22:00:47 -0600
+    Ready:          True
+    Restart Count:  0
+    Environment:    <none>
+    Mounts:
+      /conf from tempo-conf (ro)
+      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-wpk74 (ro)
+  oauth-proxy:
+    Container ID:  cri-o://4ad516e99e04b4f8051b5e47c73acd0fe5b9ca5ce12d1f821cb6f4b1c6605673
+    Image:         quay.io/openshift/origin-oauth-proxy:4.14
+    Image ID:      quay.io/openshift/origin-oauth-proxy@sha256:1ece77d14a685ef2397c3a327844eea45ded00c95471e9e333e35ef3860b1895
+    Port:          8443/TCP
+    Host Port:     0/TCP
+    Args:
+      --cookie-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
+      --https-address=:8443
+      --openshift-service-account=tempo-tmmono
+      --provider=openshift
+      --tls-cert=/etc/tls/private/tls.crt
+      --tls-key=/etc/tls/private/tls.key
+      --upstream=http://localhost:16686
+      --upstream-timeout=30s
+      --openshift-sar={"namespace": "tempo", "resource": "pods", "verb": "get"}
+    State:          Running
+      Started:      Wed, 14 May 2025 22:01:01 -0600
+    Ready:          True
+    Restart Count:  0
+    Readiness:      http-get https://:oauth-proxy/oauth/healthz delay=10s timeout=5s period=10s #success=1 #failure=3
+    Environment:    <none>
+    Mounts:
+      /etc/tls/private from tmmono-ui-oauth-proxy-tls (rw)
+      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-wpk74 (ro)
+Conditions:
+  Type                        Status
+  PodReadyToStartContainers   True 
+  Initialized                 True 
+  Ready                       False 
+  ContainersReady             False 
+  PodScheduled                True 
+Volumes:
+  tempo-storage:
+    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
+    ClaimName:  tempo-storage-tempo-tmmono-0
+    ReadOnly:   false
+  tempo-conf:
+    Type:      ConfigMap (a volume populated by a ConfigMap)
+    Name:      tempo-tmmono-config
+    Optional:  false
+  tempo-query-tmp:
+    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
+    Medium:     
+    SizeLimit:  <unset>
+  tmmono-ui-oauth-proxy-tls:
+    Type:        Secret (a volume populated by a Secret)
+    SecretName:  tmmono-ui-oauth-proxy-tls
+    Optional:    false
+  kube-api-access-wpk74:
+    Type:                    Projected (a volume that contains injected data from multiple sources)
+    TokenExpirationSeconds:  3607
+    ConfigMapName:           kube-root-ca.crt
+    ConfigMapOptional:       <nil>
+    DownwardAPI:             true
+    ConfigMapName:           openshift-service-ca.crt
+    ConfigMapOptional:       <nil>
+QoS Class:                   BestEffort
+Node-Selectors:              <none>
+Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
+                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
+Events:
+  Type     Reason          Age                  From               Message
+  ----     ------          ----                 ----               -------
+  Normal   Scheduled       2m32s                default-scheduler  Successfully assigned tempo/tempo-tmmono-0 to crc
+  Normal   AddedInterface  2m31s                multus             Add eth0 [10.217.0.120/23] from ovn-kubernetes
+  Normal   Pulling         2m31s                kubelet            Pulling image "docker.io/jaegertracing/jaeger-query:1.68.0"
+  Normal   Created         2m27s                kubelet            Created container jaeger-query
+  Normal   Started         2m27s                kubelet            Started container jaeger-query
+  Normal   Pulled          2m27s                kubelet            Successfully pulled image "docker.io/jaegertracing/jaeger-query:1.68.0" in 4.165s (4.165s including waiting). Image size: 86423646 bytes.
+  Normal   Pulling         2m27s                kubelet            Pulling image "docker.io/grafana/tempo-query:2.7.2"
+  Normal   Pulled          2m21s                kubelet            Successfully pulled image "docker.io/grafana/tempo-query:2.7.2" in 6.238s (6.238s including waiting). Image size: 64575333 bytes.
+  Normal   Created         2m21s                kubelet            Created container tempo-query
+  Normal   Started         2m21s                kubelet            Started container tempo-query
+  Normal   Pulling         2m21s                kubelet            Pulling image "quay.io/openshift/origin-oauth-proxy:4.14"
+  Normal   Pulled          2m7s                 kubelet            Successfully pulled image "quay.io/openshift/origin-oauth-proxy:4.14" in 13.309s (13.309s including waiting). Image size: 514675129 bytes.
+  Normal   Created         2m7s                 kubelet            Created container oauth-proxy
+  Normal   Started         2m7s                 kubelet            Started container oauth-proxy
+  Warning  Failed          85s (x6 over 2m31s)  kubelet            Error: couldn't find key access_key_secret in Secret tempo/aws-sts
+  Normal   Pulled          70s (x7 over 2m31s)  kubelet            Container image "docker.io/grafana/tempo:2.7.2" already present on machine