diff --git a/operators/tempo-operator/0.5.0/bundle.Dockerfile b/operators/tempo-operator/0.5.0/bundle.Dockerfile new file mode 100644 index 00000000000..771be6b36bb --- /dev/null +++ b/operators/tempo-operator/0.5.0/bundle.Dockerfile @@ -0,0 +1,20 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=tempo-operator +LABEL operators.operatorframework.io.bundle.channels.v1=alpha +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.27.0 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 + +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + +# Copy files to locations specified by labels. +COPY ./manifests /manifests/ +COPY ./metadata /metadata/ +COPY ./tests/scorecard /tests/scorecard/ diff --git a/operators/tempo-operator/0.5.0/manifests/tempo-operator-controller-manager-metrics-service_v1_service.yaml b/operators/tempo-operator/0.5.0/manifests/tempo-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..2194103e9f5 --- /dev/null +++ b/operators/tempo-operator/0.5.0/manifests/tempo-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + control-plane: controller-manager + name: tempo-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/tempo-operator/0.5.0/manifests/tempo-operator-manager-config_v1_configmap.yaml b/operators/tempo-operator/0.5.0/manifests/tempo-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..22d3115b441 --- /dev/null +++ b/operators/tempo-operator/0.5.0/manifests/tempo-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: config.tempo.grafana.com/v1alpha1 + kind: ProjectConfig + distribution: community + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: 8b886b0f.grafana.com + # leaderElectionReleaseOnCancel defines if the leader should step down volume + # when the Manager ends. This requires the binary to immediately end when the + # Manager is stopped, otherwise, this setting is unsafe. Setting this significantly + # speeds up voluntary leader transitions as the new leader don't have to wait + # LeaseDuration time first. + # In the default scaffold provided, the program ends immediately after + # the manager stops, so would be fine to enable this option. However, + # if you are doing or is intended to do any operation such as perform cleanups + # after the manager stops then its usage might be unsafe. + # leaderElectionReleaseOnCancel: true + images: + tempo: docker.io/grafana/tempo:2.2.3 + tempoQuery: docker.io/grafana/tempo-query:main-2e5e27a + tempoGateway: quay.io/observatorium/api:main-2023-10-13-a92611b + tempoGatewayOpa: quay.io/observatorium/opa-openshift:main-2023-10-13-13d8960 + featureGates: + openshift: + openshiftRoute: false + servingCertsService: false + prometheusOperator: false + httpEncryption: true + grpcEncryption: true + tlsProfile: Modern + builtInCertManagement: + enabled: true + # CA certificate validity: 5 years + caValidity: 43830h + # CA certificate refresh at 80% of validity + caRefresh: 35064h + # Target certificate validity: 90d + certValidity: 2160h + # Target certificate refresh at 80% of validity + certRefresh: 1728h + observability: + metrics: + createServiceMonitors: false + createPrometheusRules: false +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + name: tempo-operator-manager-config diff --git a/operators/tempo-operator/0.5.0/manifests/tempo-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/tempo-operator/0.5.0/manifests/tempo-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..cdfdb922582 --- /dev/null +++ b/operators/tempo-operator/0.5.0/manifests/tempo-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + name: tempo-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/tempo-operator/0.5.0/manifests/tempo-operator-webhook-service_v1_service.yaml b/operators/tempo-operator/0.5.0/manifests/tempo-operator-webhook-service_v1_service.yaml new file mode 100644 index 00000000000..f4f01a0be4a --- /dev/null +++ b/operators/tempo-operator/0.5.0/manifests/tempo-operator-webhook-service_v1_service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + name: tempo-operator-webhook-service +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/tempo-operator/0.5.0/manifests/tempo-operator.clusterserviceversion.yaml b/operators/tempo-operator/0.5.0/manifests/tempo-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..9254f2180d9 --- /dev/null +++ b/operators/tempo-operator/0.5.0/manifests/tempo-operator.clusterserviceversion.yaml @@ -0,0 +1,931 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "tempo.grafana.com/v1alpha1", + "kind": "TempoStack", + "metadata": { + "name": "sample" + }, + "spec": { + "resources": { + "total": { + "limits": { + "cpu": "2000m", + "memory": "2Gi" + } + } + }, + "storage": { + "secret": { + "name": "my-storage-secret", + "type": "s3" + } + }, + "storageSize": "1Gi", + "template": { + "queryFrontend": { + "jaegerQuery": { + "enabled": true, + "ingress": { + "type": "ingress" + } + } + } + } + } + } + ] + capabilities: Deep Insights + categories: Logging & Tracing,Monitoring + containerImage: ghcr.io/grafana/tempo-operator/tempo-operator + createdAt: "2023-10-26T04:49:42Z" + description: Create and manage deployments of Tempo, a high-scale distributed + tracing backend. + operatorframework.io/cluster-monitoring: "true" + operatorframework.io/suggested-namespace: tempo-operator-system + operators.operatorframework.io/builder: operator-sdk-v1.27.0 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://github.com/grafana/tempo-operator + support: Grafana Tempo Operator SIG + name: tempo-operator.v0.5.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: TempoStack is the spec for Tempo deployments. + displayName: TempoStack + kind: TempoStack + name: tempostacks.tempo.grafana.com + resources: + - kind: ConfigMap + name: "" + version: v1 + - kind: Deployment + name: "" + version: v1 + - kind: Ingress + name: "" + version: v1 + - kind: Route + name: "" + version: v1 + - kind: Secret + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: StatefulSet + name: "" + version: v1 + specDescriptors: + - description: Images defines the image for each container. + displayName: Container Images + path: images + - description: LimitSpec is used to limit ingestion and querying rates. + displayName: Ingestion and Querying Ratelimiting + path: limits + - description: Global is used to define global rate limits. + displayName: Global Limit + path: limits.global + - description: Ingestion is used to define ingestion rate limits. + displayName: Ingestion Limit + path: limits.global.ingestion + - description: IngestionBurstSizeBytes defines the burst size (bytes) used in + ingestion. + displayName: Ingestion Burst Size in Bytes + path: limits.global.ingestion.ingestionBurstSizeBytes + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: IngestionRateLimitBytes defines the Per-user ingestion rate limit + (bytes) used in ingestion. + displayName: Ingestion Rate Limit in Bytes + path: limits.global.ingestion.ingestionRateLimitBytes + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxBytesPerTrace defines the maximum number of bytes of an acceptable + trace. + displayName: Max Bytes per Trace + path: limits.global.ingestion.maxBytesPerTrace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxTracesPerUser defines the maximum number of traces a user + can send. + displayName: Max Traces per User + path: limits.global.ingestion.maxTracesPerUser + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Query is used to define query rate limits. + displayName: Query Limit + path: limits.global.query + - description: MaxBytesPerTagValues defines the maximum size in bytes of a tag-values + query. + displayName: Max Tags per User + path: limits.global.query.maxBytesPerTagValues + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: 'DEPRECATED. MaxSearchBytesPerTrace defines the maximum size + of search data for a single trace in bytes. default: `0` to disable.' + displayName: Max Traces per User + path: limits.global.query.maxSearchBytesPerTrace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxSearchDuration defines the maximum allowed time range for + a search. If this value is not set, then spec.search.maxDuration is used. + displayName: Max Search Duration per User + path: limits.global.query.maxSearchDuration + - description: PerTenant is used to define rate limits per tenant. + displayName: Tenant Limits + path: limits.perTenant + - description: Ingestion is used to define ingestion rate limits. + displayName: Ingestion Limit + path: limits.perTenant.ingestion + - description: IngestionBurstSizeBytes defines the burst size (bytes) used in + ingestion. + displayName: Ingestion Burst Size in Bytes + path: limits.perTenant.ingestion.ingestionBurstSizeBytes + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: IngestionRateLimitBytes defines the Per-user ingestion rate limit + (bytes) used in ingestion. + displayName: Ingestion Rate Limit in Bytes + path: limits.perTenant.ingestion.ingestionRateLimitBytes + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxBytesPerTrace defines the maximum number of bytes of an acceptable + trace. + displayName: Max Bytes per Trace + path: limits.perTenant.ingestion.maxBytesPerTrace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxTracesPerUser defines the maximum number of traces a user + can send. + displayName: Max Traces per User + path: limits.perTenant.ingestion.maxTracesPerUser + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Query is used to define query rate limits. + displayName: Query Limit + path: limits.perTenant.query + - description: MaxBytesPerTagValues defines the maximum size in bytes of a tag-values + query. + displayName: Max Tags per User + path: limits.perTenant.query.maxBytesPerTagValues + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: 'DEPRECATED. MaxSearchBytesPerTrace defines the maximum size + of search data for a single trace in bytes. default: `0` to disable.' + displayName: Max Traces per User + path: limits.perTenant.query.maxSearchBytesPerTrace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxSearchDuration defines the maximum allowed time range for + a search. If this value is not set, then spec.search.maxDuration is used. + displayName: Max Search Duration per User + path: limits.perTenant.query.maxSearchDuration + - description: ManagementState defines if the CR should be managed by the operator + or not. Default is managed. + displayName: Management State + path: managementState + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:Managed + - urn:alm:descriptor:com.tectonic.ui:select:Unmanaged + - description: ObservabilitySpec defines how telemetry data gets handled. + displayName: Observability + path: observability + - description: Metrics defines the metrics configuration for operands. + displayName: Metrics Config + path: observability.metrics + - description: CreatePrometheusRules specifies if Prometheus rules for alerts + should be created for Tempo components. + displayName: Create PrometheusRules for Tempo components + path: observability.metrics.createPrometheusRules + - description: CreateServiceMonitors specifies if ServiceMonitors should be + created for Tempo components. + displayName: Create ServiceMonitors for Tempo components + path: observability.metrics.createServiceMonitors + - description: Tracing defines a config for operands. + displayName: Tracing Config + path: observability.tracing + - description: JaegerAgentEndpoint defines the jaeger endpoint data gets send + to. + displayName: Jaeger-Agent-Endpoint + path: observability.tracing.jaeger_agent_endpoint + - description: SamplingFraction defines the sampling ratio. Valid values are + 0 to 1. + displayName: Sampling Fraction + path: observability.tracing.sampling_fraction + - description: 'NOTE: currently this field is not considered. ReplicationFactor + is used to define how many component replicas should exist.' + displayName: Replication Factor + path: replicationFactor + - description: Resources defines resources configuration. + displayName: Resources + path: resources + - description: The total amount of resources for Tempo instance. The operator + autonomously splits resources between deployed Tempo components. Only limits + are supported, the operator calculates requests automatically. See http://github.com/grafana/tempo/issues/1540. + displayName: Resource Requirements + path: resources.total + - description: 'NOTE: currently this field is not considered. Retention period + defined by dataset. User can specify how long data should be stored.' + displayName: Retention Period + path: retention + - description: Global is used to configure global retention. + displayName: Global Retention + path: retention.global + - description: 'Traces defines retention period. Supported parameter suffixes + are "s", "m" and "h". example: 336h default: value is 48h.' + displayName: Trace Retention Period + path: retention.global.traces + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: PerTenant is used to configure retention per tenant. + displayName: PerTenant Retention + path: retention.perTenant + - description: 'Traces defines retention period. Supported parameter suffixes + are "s", "m" and "h". example: 336h default: value is 48h.' + displayName: Trace Retention Period + path: retention.perTenant.traces + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: SearchSpec control the configuration for the search capabilities. + displayName: Search configuration options + path: search + - description: 'Limit used for search requests if none is set by the caller + (default: 20)' + displayName: Limit used for search requests if none is set by the caller, + this limit the number of traces returned by the query + path: search.defaultResultLimit + - description: 'The maximum allowed time range for a search, default: 0s which + means unlimited.' + displayName: Max search time range allowed + path: search.maxDuration + - description: The maximum allowed value of the limit parameter on search requests. + If the search request limit parameter exceeds the value configured here + it will be set to the value configured here. The default value of 0 disables + this limit. + displayName: The maximum allowed value of the limit parameter on search requests, + this determine the max number of traces allowed to be returned + path: search.maxResultLimit + - description: ServiceAccount defines the service account to use for all tempo + components. + displayName: Service Account + path: serviceAccount + - description: Storage defines the spec for the object storage endpoint to store + traces. User is required to create secret and supply it. + displayName: Object Storage + path: storage + - description: Secret for object storage authentication. Name of a secret in + the same namespace as the TempoStack custom resource. + displayName: Object Storage Secret + path: storage.secret + - description: Name of a secret in the namespace configured for object storage + secrets. + displayName: Object Storage Secret Name + path: storage.secret.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Type of object storage that should be used + displayName: Object Storage Secret Type + path: storage.secret.type + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:azure + - urn:alm:descriptor:com.tectonic.ui:select:gcs + - urn:alm:descriptor:com.tectonic.ui:select:s3 + - description: TLS configuration for reaching the object storage endpoint. + displayName: TLS Config + path: storage.tls + - description: CA is the name of a ConfigMap containing a `ca.crt` key with + a CA certificate. It needs to be in the same namespace as the TempoStack + custom resource. + displayName: CA ConfigMap Name + path: storage.tls.caName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:ConfigMap + - description: StorageClassName for PVCs used by ingester. Defaults to nil (default + storage class in the cluster). + displayName: StorageClassName for PVCs + path: storageClassName + - description: StorageSize for PVCs used by ingester. Defaults to 10Gi. + displayName: Storage size for PVCs + path: storageSize + - description: Template defines requirements for a set of tempo components. + displayName: Tempo Component Templates + path: template + - description: Compactor defines the tempo compactor component spec. + displayName: Compactor pods + path: template.compactor + - description: NodeSelector is the simplest recommended form of node selection + constraint. + displayName: Node Selector + path: template.compactor.nodeSelector + - description: Replicas represents the number of replicas to create for this + component. + displayName: Component Replicas + path: template.compactor.replicas + - description: Tolerations defines component specific pod tolerations. + displayName: Tolerations + path: template.compactor.tolerations + - description: Distributor defines the distributor component spec. + displayName: Distributor pods + path: template.distributor + - description: NodeSelector is the simplest recommended form of node selection + constraint. + displayName: Node Selector + path: template.distributor.nodeSelector + - description: Replicas represents the number of replicas to create for this + component. + displayName: Component Replicas + path: template.distributor.replicas + - description: Tolerations defines component specific pod tolerations. + displayName: Tolerations + path: template.distributor.tolerations + - description: Gateway defines the tempo gateway spec. + displayName: Gateway pods + path: template.gateway + - description: Ingress defines gateway Ingress options. + displayName: Jaeger gateway Ingress Settings + path: template.gateway.ingress + - description: Annotations defines the annotations of the Ingress object. + displayName: Annotations + path: template.gateway.ingress.annotations + - description: Host defines the hostname of the Ingress object. + displayName: Host + path: template.gateway.ingress.host + - description: Route defines OpenShift Route specific options. + displayName: Route Configuration + path: template.gateway.ingress.route + - description: Termination specifies the termination type. By default "edge" + is used. + displayName: TLS Termination Policy + path: template.gateway.ingress.route.termination + - description: Type defines the type of Ingress for the Jaeger Query UI. Currently + ingress, route and none are supported. + displayName: Type + path: template.gateway.ingress.type + - description: NodeSelector is the simplest recommended form of node selection + constraint. + displayName: Node Selector + path: template.gateway.nodeSelector + - description: Replicas represents the number of replicas to create for this + component. + displayName: Component Replicas + path: template.gateway.replicas + - description: Tolerations defines component specific pod tolerations. + displayName: Tolerations + path: template.gateway.tolerations + - description: Ingester defines the ingester component spec. + displayName: Ingester pods + path: template.ingester + - description: NodeSelector is the simplest recommended form of node selection + constraint. + displayName: Node Selector + path: template.ingester.nodeSelector + - description: Replicas represents the number of replicas to create for this + component. + displayName: Component Replicas + path: template.ingester.replicas + - description: Tolerations defines component specific pod tolerations. + displayName: Tolerations + path: template.ingester.tolerations + - description: Querier defines the querier component spec. + displayName: Querier pods + path: template.querier + - description: NodeSelector is the simplest recommended form of node selection + constraint. + displayName: Node Selector + path: template.querier.nodeSelector + - description: Replicas represents the number of replicas to create for this + component. + displayName: Component Replicas + path: template.querier.replicas + - description: Tolerations defines component specific pod tolerations. + displayName: Tolerations + path: template.querier.tolerations + - description: TempoQueryFrontendSpec defines the query frontend spec. + displayName: Query Frontend pods + path: template.queryFrontend + - description: JaegerQuerySpec defines Jaeger Query specific options. + displayName: Jaeger Query Settings + path: template.queryFrontend.jaegerQuery + - description: Enabled is used to define if Jaeger Query component should be + created. + displayName: Enable Jaeger Query UI + path: template.queryFrontend.jaegerQuery.enabled + - description: Ingress defines Jaeger Query Ingress options. + displayName: Jaeger Query UI Ingress Settings + path: template.queryFrontend.jaegerQuery.ingress + - description: Annotations defines the annotations of the Ingress object. + displayName: Annotations + path: template.queryFrontend.jaegerQuery.ingress.annotations + - description: Host defines the hostname of the Ingress object. + displayName: Host + path: template.queryFrontend.jaegerQuery.ingress.host + - description: Route defines OpenShift Route specific options. + displayName: Route Configuration + path: template.queryFrontend.jaegerQuery.ingress.route + - description: Termination specifies the termination type. By default "edge" + is used. + displayName: TLS Termination Policy + path: template.queryFrontend.jaegerQuery.ingress.route.termination + - description: Type defines the type of Ingress for the Jaeger Query UI. Currently + ingress, route and none are supported. + displayName: Type + path: template.queryFrontend.jaegerQuery.ingress.type + - description: MonitorTab defines monitor tab configuration. + displayName: Jaeger Query UI Monitor Tab Settings + path: template.queryFrontend.jaegerQuery.monitorTab + - description: Enabled enables monitoring tab in Jaeger console. PrometheusEndpoint + needs to be set to enable the feature. + displayName: Enabled + path: template.queryFrontend.jaegerQuery.monitorTab.enabled + - description: PrometheusEndpoint configures endpoint to the Prometheus that + contains span RED metrics. For instance on OpenShift this is set to https://thanos-querier.openshift-monitoring.svc.cluster.local:9091 + displayName: Prometheus endpoint + path: template.queryFrontend.jaegerQuery.monitorTab.prometheusEndpoint + - description: NodeSelector is the simplest recommended form of node selection + constraint. + displayName: Node Selector + path: template.queryFrontend.nodeSelector + - description: Replicas represents the number of replicas to create for this + component. + displayName: Component Replicas + path: template.queryFrontend.replicas + - description: Tolerations defines component specific pod tolerations. + displayName: Tolerations + path: template.queryFrontend.tolerations + - description: Tenants defines the per-tenant authentication and authorization + spec. + displayName: Tenants Configuration + path: tenants + - description: Authentication defines the tempo-gateway component authentication + configuration spec per tenant. + displayName: Authentication + path: tenants.authentication + - description: OIDC defines the spec for the OIDC tenant's authentication. + displayName: OIDC Configuration + path: tenants.authentication[0].oidc + - description: IssuerURL defines the URL for issuer. + displayName: Issuer URL + path: tenants.authentication[0].oidc.issuerURL + - description: RedirectURL defines the URL for redirect. + displayName: Redirect URL + path: tenants.authentication[0].oidc.redirectURL + - description: Secret defines the spec for the clientID, clientSecret and issuerCAPath + for tenant's authentication. + displayName: Tenant Secret + path: tenants.authentication[0].oidc.secret + - description: Name of a secret in the namespace configured for tenant secrets. + displayName: Tenant Secret Name + path: tenants.authentication[0].oidc.secret.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: TenantID defines the id of the tenant. + displayName: Tenant ID + path: tenants.authentication[0].tenantId + - description: TenantName defines the name of the tenant. The value of this + field should be sent in X-Scope-OrgID header to identify the tenant. + displayName: Tenant Name + path: tenants.authentication[0].tenantName + - description: Authorization defines the tempo-gateway component authorization + configuration spec per tenant. + displayName: Authorization + path: tenants.authorization + - description: RoleBindings defines configuration to bind a set of roles to + a set of subjects. + displayName: Static Role Bindings + path: tenants.authorization.roleBindings + - description: Roles defines a set of permissions to interact with a tenant. + displayName: Static Roles + path: tenants.authorization.roles + - description: Mode defines the multitenancy mode. + displayName: Mode + path: tenants.mode + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:static + - urn:alm:descriptor:com.tectonic.ui:select:openshift + statusDescriptors: + - description: Distributor is a map to the per pod status of the distributor + deployment + displayName: Distributor + path: components.distributor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: Ingester is a map to the per pod status of the ingester statefulset + displayName: Ingester + path: components.ingester + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: Querier is a map to the per pod status of the querier deployment + displayName: Querier + path: components.querier + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: Gateway is a map to the per pod status of the query frontend + deployment + displayName: Query Frontend + path: components.gateway + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: QueryFrontend is a map to the per pod status of the query frontend + deployment + displayName: Query Frontend + path: components.queryFrontend + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: Compactor is a map to the pod status of the compactor pod. + displayName: Compactor + path: components.compactor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: Conditions of the Tempo deployment health. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + version: v1alpha1 + description: |- + Tempo is an open source, easy-to-use, and high-scale distributed tracing backend. + It can ingest common open source tracing protocols including Jaeger, Zipkin, and OpenTelemetry and requires only object storage to operate. + Please refer to the [Tempo documentation](https://grafana.com/docs/tempo/latest/) for more information about Tempo. + + The Community Tempo Operator manages Tempo deployments in Microservices mode. + + ### Operator features + * **Resource Limits** - Specify overall resource requests and limits in the `TempoStack` CR; the operator assigns fractions of it to each component + * **AuthN and AuthZ** - Supports OpenID Control (OIDC) and role-based access control (RBAC) + * **Managed upgrades** - Updating the operator will automatically update all managed Tempo clusters + * **Multitenancy** - Multiple tenants can send traces to the same Tempo cluster + * **mTLS** - Communication between the Tempo components can be secured via mTLS + * **Jaeger UI** - Traces can be visualized in Jaeger UI and exposed via Ingress or OpenShift Route + * **Observability** - The operator and `TempoStack` operands expose telemetry (metrics, traces) and integrate with Prometheus `ServiceMonitor` and `PrometheusRule` + + ### Prerequisites + Tempo requires object storage to store its traces. + Please ensure that an object storage solution is available and configured. + displayName: Community Tempo Operator + icon: + - base64data: PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB3aWR0aD0iMTIxLjg1cHgiIGhlaWdodD0iOTkuMTdweCIgdmlld0JveD0iMCAwIDEyMS44NSA5OS4xNyI+PGRlZnM+PHN0eWxlPi5jbHMtMXtmaWxsOnVybCgjbGluZWFyLWdyYWRpZW50KTt9PC9zdHlsZT48bGluZWFyR3JhZGllbnQgaWQ9ImxpbmVhci1ncmFkaWVudCIgeDE9IjE2OC41NSIgeTE9IjEzLjQiIHgyPSIyNy4yIiB5Mj0iNTciIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj48c3RvcCBvZmZzZXQ9IjAiIHN0b3AtY29sb3I9IiNmZmYxMDAiLz48c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiNmMDVhMjgiLz48L2xpbmVhckdyYWRpZW50PjwvZGVmcz48ZyBpZD0iTGF5ZXJfNiIgZGF0YS1uYW1lPSJMYXllciA2Ij48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik00LjY2LDI1SDIuMzdhMi4zNywyLjM3LDAsMCwwLDAsNC43NEg0LjY2YTIuMzcsMi4zNywwLDEsMCwwLTQuNzRaTTQ4LjQ4LDU5LjU3SDQ2LjE5YTIuMzcsMi4zNywwLDEsMCwwLDQuNzRoMi4yOWEyLjM3LDIuMzcsMCwxLDAsMC00Ljc0Wk00Ni41NiwzN2EyLjM3LDIuMzcsMCwwLDAtMi4zNy0yLjM3SDM2LjI3YTIuMzcsMi4zNywwLDAsMCwwLDQuNzRoNy45MkEyLjM3LDIuMzcsMCwwLDAsNDYuNTYsMzdaTTEyMS43MywyMi4xLDExOS4zMiw4LjU2QTkuODgsOS44OCwwLDAsMCwxMDkuMDcsMEgxNi4yNEE2LjI4LDYuMjgsMCwwLDAsOS45LDcuN2wyLjU0LDE0LjRhMy4zOCwzLjM4LDAsMCwwLC4wOC4zNHYwYy4zLDEuNzYtLjU5LDIuNDctMS4zOSwyLjczaDBhMi4zNywyLjM3LDAsMCwwLC43OSw0LjZIMTE1LjM5QTYuMjgsNi4yOCwwLDAsMCwxMjEuNzMsMjIuMVpNOTAuMTUsNzYuNDJjLTEtNS4yNS00LTcuMi03LjM5LTcuMkg1OC4yNGEyLjM5LDIuMzksMCwwLDAtMi4zNywyLjRBMi4zNywyLjM3LDAsMCwwLDU4LDc0aDBjLjc4LjE0LDEuNjIsMS4xNiwyLjE1LDMuNjhsMi41MiwxNGE5LjU5LDkuNTksMCwwLDAsOS4xOSw3LjU0bDE0LjYzLS4wN2E2LjI4LDYuMjgsMCwwLDAsNi40NC03LjYxWk01Ny43Myw2NC40OEg4NC4zNGEyLjI3LDIuMjcsMCwwLDAsLjU5LS4wOWMyLjQ2LS41MiwyLjU4LTIuNTIsMi4yNi00LjUxTDgzLjgsNDEuMjdjLS45My00Ljg0LTMuNzQtNi43NS03LjQzLTYuNzVINTJhMi4zNywyLjM3LDAsMCwwLS4yOCw0LjcyaDBjLjgxLjE1LDEuNywxLjI0LDIuMjIsNGwyLjU3LDE0LjI0djBBMS45MiwxLjkyLDAsMCwxLDU1LDU5Ljg3aDBhMi4zNiwyLjM2LDAsMCwwLC43OSw0LjU5aDEuOVoiLz48L2c+PC9zdmc+Cg== + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - config.openshift.io + resources: + - dnses + verbs: + - get + - list + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - prometheusrules + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - operator.openshift.io + resources: + - ingresscontrollers + verbs: + - get + - list + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - tempo.grafana.com + resources: + - tempostacks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - tempo.grafana.com + resources: + - tempostacks/finalizers + verbs: + - update + - apiGroups: + - tempo.grafana.com + resources: + - tempostacks/status + verbs: + - get + - patch + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: tempo-operator-controller-manager + deployments: + - label: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + control-plane: controller-manager + name: tempo-operator-controller + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + control-plane: controller-manager + spec: + containers: + - args: + - --zap-log-level=info + - start + - --config=controller_manager_config.yaml + image: ghcr.io/grafana/tempo-operator/tempo-operator:v0.5.0 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - mountPath: /controller_manager_config.yaml + name: manager-config + subPath: controller_manager_config.yaml + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: tempo-operator-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + - configMap: + name: tempo-operator-manager-config + name: manager-config + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: tempo-operator-controller-manager + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - tempo + - tracing + - observability + - monitoring + - database + links: + - name: Tempo Operator + url: https://github.com/grafana/tempo-operator + maintainers: + - email: ruben.vp8510@gmail.com + name: Ruben Vargas + - email: p.loffay@gmail.com + name: Pavol Loffay + - email: bongartz@klimlive.de + name: Benedikt Bongartz + - email: andreas@gerstmayr.me + name: Andreas Gerstmayr + - email: iblancas@redhat.com + name: Israel Blancas Alvarez + maturity: alpha + provider: + name: Grafana Tempo Operator SIG + version: 0.5.0 + webhookdefinitions: + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: tempo-operator-controller + failurePolicy: Fail + generateName: mtempostack.tempo.grafana.com + rules: + - apiGroups: + - tempo.grafana.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - tempostacks + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-tempo-grafana-com-v1alpha1-tempostack + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: tempo-operator-controller + failurePolicy: Fail + generateName: vtempostack.tempo.grafana.com + rules: + - apiGroups: + - tempo.grafana.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - tempostacks + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-tempo-grafana-com-v1alpha1-tempostack diff --git a/operators/tempo-operator/0.5.0/manifests/tempo.grafana.com_tempostacks.yaml b/operators/tempo-operator/0.5.0/manifests/tempo.grafana.com_tempostacks.yaml new file mode 100644 index 00000000000..818fe017f60 --- /dev/null +++ b/operators/tempo-operator/0.5.0/manifests/tempo.grafana.com_tempostacks.yaml @@ -0,0 +1,1127 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + labels: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + name: tempostacks.tempo.grafana.com +spec: + group: tempo.grafana.com + names: + kind: TempoStack + listKind: TempoStackList + plural: tempostacks + shortNames: + - tempo + - tempos + singular: tempostack + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Tempo Version + jsonPath: .status.tempoVersion + name: Tempo Version + type: string + - description: Management State + jsonPath: .spec.managementState + name: Management + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: TempoStack is the spec for Tempo deployments. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TempoStackSpec defines the desired state of TempoStack. + properties: + images: + description: Images defines the image for each container. + properties: + tempo: + description: Tempo defines the tempo container image. + type: string + tempoGateway: + description: TempoGateway defines the tempo-gateway container + image. + type: string + tempoGatewayOpa: + description: TempoGatewayOpa defines the OPA sidecar container + for TempoGateway. + type: string + tempoQuery: + description: TempoQuery defines the tempo-query container image. + type: string + type: object + limits: + description: LimitSpec is used to limit ingestion and querying rates. + properties: + global: + description: Global is used to define global rate limits. + properties: + ingestion: + description: Ingestion is used to define ingestion rate limits. + properties: + ingestionBurstSizeBytes: + description: IngestionBurstSizeBytes defines the burst + size (bytes) used in ingestion. + type: integer + ingestionRateLimitBytes: + description: IngestionRateLimitBytes defines the Per-user + ingestion rate limit (bytes) used in ingestion. + type: integer + maxBytesPerTrace: + description: MaxBytesPerTrace defines the maximum number + of bytes of an acceptable trace. + type: integer + maxTracesPerUser: + description: MaxTracesPerUser defines the maximum number + of traces a user can send. + type: integer + type: object + query: + description: Query is used to define query rate limits. + properties: + maxBytesPerTagValues: + description: MaxBytesPerTagValues defines the maximum + size in bytes of a tag-values query. + type: integer + maxSearchBytesPerTrace: + description: 'DEPRECATED. MaxSearchBytesPerTrace defines + the maximum size of search data for a single trace in + bytes. default: `0` to disable.' + type: integer + maxSearchDuration: + description: MaxSearchDuration defines the maximum allowed + time range for a search. If this value is not set, then + spec.search.maxDuration is used. + type: string + type: object + type: object + perTenant: + additionalProperties: + description: RateLimitSpec defines rate limits for Ingestion + and Query components. + properties: + ingestion: + description: Ingestion is used to define ingestion rate + limits. + properties: + ingestionBurstSizeBytes: + description: IngestionBurstSizeBytes defines the burst + size (bytes) used in ingestion. + type: integer + ingestionRateLimitBytes: + description: IngestionRateLimitBytes defines the Per-user + ingestion rate limit (bytes) used in ingestion. + type: integer + maxBytesPerTrace: + description: MaxBytesPerTrace defines the maximum number + of bytes of an acceptable trace. + type: integer + maxTracesPerUser: + description: MaxTracesPerUser defines the maximum number + of traces a user can send. + type: integer + type: object + query: + description: Query is used to define query rate limits. + properties: + maxBytesPerTagValues: + description: MaxBytesPerTagValues defines the maximum + size in bytes of a tag-values query. + type: integer + maxSearchBytesPerTrace: + description: 'DEPRECATED. MaxSearchBytesPerTrace defines + the maximum size of search data for a single trace + in bytes. default: `0` to disable.' + type: integer + maxSearchDuration: + description: MaxSearchDuration defines the maximum allowed + time range for a search. If this value is not set, + then spec.search.maxDuration is used. + type: string + type: object + type: object + description: PerTenant is used to define rate limits per tenant. + type: object + type: object + managementState: + default: Managed + description: ManagementState defines if the CR should be managed by + the operator or not. Default is managed. + enum: + - Managed + - Unmanaged + type: string + observability: + description: ObservabilitySpec defines how telemetry data gets handled. + properties: + metrics: + description: Metrics defines the metrics configuration for operands. + properties: + createPrometheusRules: + description: CreatePrometheusRules specifies if Prometheus + rules for alerts should be created for Tempo components. + type: boolean + createServiceMonitors: + description: CreateServiceMonitors specifies if ServiceMonitors + should be created for Tempo components. + type: boolean + type: object + tracing: + description: Tracing defines a config for operands. + properties: + jaeger_agent_endpoint: + default: localhost:6831 + description: JaegerAgentEndpoint defines the jaeger endpoint + data gets send to. + type: string + sampling_fraction: + description: SamplingFraction defines the sampling ratio. + Valid values are 0 to 1. + type: string + type: object + type: object + replicationFactor: + description: 'NOTE: currently this field is not considered. ReplicationFactor + is used to define how many component replicas should exist.' + type: integer + resources: + description: Resources defines resources configuration. + properties: + total: + description: The total amount of resources for Tempo instance. + The operator autonomously splits resources between deployed + Tempo components. Only limits are supported, the operator calculates + requests automatically. See http://github.com/grafana/tempo/issues/1540. + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be + set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a + container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + retention: + description: 'NOTE: currently this field is not considered. Retention + period defined by dataset. User can specify how long data should + be stored.' + properties: + global: + description: Global is used to configure global retention. + properties: + traces: + description: 'Traces defines retention period. Supported parameter + suffixes are "s", "m" and "h". example: 336h default: value + is 48h.' + type: string + type: object + perTenant: + additionalProperties: + description: RetentionConfig defines how long data should be + provided. + properties: + traces: + description: 'Traces defines retention period. Supported + parameter suffixes are "s", "m" and "h". example: 336h + default: value is 48h.' + type: string + type: object + description: PerTenant is used to configure retention per tenant. + type: object + type: object + search: + description: SearchSpec control the configuration for the search capabilities. + properties: + defaultResultLimit: + description: 'Limit used for search requests if none is set by + the caller (default: 20)' + type: integer + maxDuration: + description: 'The maximum allowed time range for a search, default: + 0s which means unlimited.' + type: string + maxResultLimit: + description: The maximum allowed value of the limit parameter + on search requests. If the search request limit parameter exceeds + the value configured here it will be set to the value configured + here. The default value of 0 disables this limit. + type: integer + type: object + serviceAccount: + description: ServiceAccount defines the service account to use for + all tempo components. + type: string + storage: + description: Storage defines the spec for the object storage endpoint + to store traces. User is required to create secret and supply it. + properties: + secret: + description: Secret for object storage authentication. Name of + a secret in the same namespace as the TempoStack custom resource. + properties: + name: + description: Name of a secret in the namespace configured + for object storage secrets. + minLength: 1 + type: string + type: + description: Type of object storage that should be used + enum: + - azure + - gcs + - s3 + type: string + required: + - name + - type + type: object + tls: + description: TLS configuration for reaching the object storage + endpoint. + properties: + caName: + description: CA is the name of a ConfigMap containing a `ca.crt` + key with a CA certificate. It needs to be in the same namespace + as the TempoStack custom resource. + type: string + type: object + required: + - secret + type: object + storageClassName: + description: StorageClassName for PVCs used by ingester. Defaults + to nil (default storage class in the cluster). + type: string + storageSize: + anyOf: + - type: integer + - type: string + description: StorageSize for PVCs used by ingester. Defaults to 10Gi. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + template: + description: Template defines requirements for a set of tempo components. + properties: + compactor: + description: Compactor defines the tempo compactor component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is the simplest recommended form + of node selection constraint. + type: object + replicas: + description: Replicas represents the number of replicas to + create for this component. + format: int32 + type: integer + tolerations: + description: Tolerations defines component specific pod tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + distributor: + description: Distributor defines the distributor component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is the simplest recommended form + of node selection constraint. + type: object + replicas: + description: Replicas represents the number of replicas to + create for this component. + format: int32 + type: integer + tolerations: + description: Tolerations defines component specific pod tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + gateway: + description: Gateway defines the tempo gateway spec. + properties: + component: + description: "TempoComponentSpec is embedded to extend this + definition with further options. \n Currently there is no + way to inline this field. See: https://github.com/golang/go/issues/6213" + properties: + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is the simplest recommended + form of node selection constraint. + type: object + replicas: + description: Replicas represents the number of replicas + to create for this component. + format: int32 + type: integer + tolerations: + description: Tolerations defines component specific pod + tolerations. + items: + description: The pod this Toleration is attached to + tolerates any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to + match. Empty means match all taint effects. When + specified, allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect + NoExecute, otherwise this field is ignored) tolerates + the taint. By default, it is not set, which means + tolerate the taint forever (do not evict). Zero + and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + enabled: + type: boolean + ingress: + description: Ingress defines gateway Ingress options. + properties: + annotations: + additionalProperties: + type: string + description: Annotations defines the annotations of the + Ingress object. + type: object + host: + description: Host defines the hostname of the Ingress + object. + type: string + ingressClassName: + description: IngressClassName is the name of an IngressClass + cluster resource. Ingress controller implementations + use this field to know whether they should be serving + this Ingress resource. + type: string + route: + description: Route defines OpenShift Route specific options. + properties: + termination: + description: Termination specifies the termination + type. By default "edge" is used. + enum: + - insecure + - edge + - passthrough + - reencrypt + type: string + type: object + type: + description: Type defines the type of Ingress for the + Jaeger Query UI. Currently ingress, route and none are + supported. + enum: + - ingress + - route + type: string + type: object + required: + - enabled + type: object + ingester: + description: Ingester defines the ingester component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is the simplest recommended form + of node selection constraint. + type: object + replicas: + description: Replicas represents the number of replicas to + create for this component. + format: int32 + type: integer + tolerations: + description: Tolerations defines component specific pod tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + querier: + description: Querier defines the querier component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is the simplest recommended form + of node selection constraint. + type: object + replicas: + description: Replicas represents the number of replicas to + create for this component. + format: int32 + type: integer + tolerations: + description: Tolerations defines component specific pod tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + queryFrontend: + description: TempoQueryFrontendSpec defines the query frontend + spec. + properties: + component: + description: "TempoComponentSpec is embedded to extend this + definition with further options. \n Currently there is no + way to inline this field. See: https://github.com/golang/go/issues/6213" + properties: + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is the simplest recommended + form of node selection constraint. + type: object + replicas: + description: Replicas represents the number of replicas + to create for this component. + format: int32 + type: integer + tolerations: + description: Tolerations defines component specific pod + tolerations. + items: + description: The pod this Toleration is attached to + tolerates any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to + match. Empty means match all taint effects. When + specified, allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect + NoExecute, otherwise this field is ignored) tolerates + the taint. By default, it is not set, which means + tolerate the taint forever (do not evict). Zero + and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + jaegerQuery: + description: JaegerQuerySpec defines Jaeger Query specific + options. + properties: + enabled: + description: Enabled is used to define if Jaeger Query + component should be created. + type: boolean + ingress: + description: Ingress defines Jaeger Query Ingress options. + properties: + annotations: + additionalProperties: + type: string + description: Annotations defines the annotations of + the Ingress object. + type: object + host: + description: Host defines the hostname of the Ingress + object. + type: string + ingressClassName: + description: IngressClassName is the name of an IngressClass + cluster resource. Ingress controller implementations + use this field to know whether they should be serving + this Ingress resource. + type: string + route: + description: Route defines OpenShift Route specific + options. + properties: + termination: + description: Termination specifies the termination + type. By default "edge" is used. + enum: + - insecure + - edge + - passthrough + - reencrypt + type: string + type: object + type: + description: Type defines the type of Ingress for + the Jaeger Query UI. Currently ingress, route and + none are supported. + enum: + - ingress + - route + type: string + type: object + monitorTab: + description: MonitorTab defines monitor tab configuration. + properties: + enabled: + description: Enabled enables monitoring tab in Jaeger + console. PrometheusEndpoint needs to be set to enable + the feature. + type: boolean + prometheusEndpoint: + description: PrometheusEndpoint configures endpoint + to the Prometheus that contains span RED metrics. + For instance on OpenShift this is set to https://thanos-querier.openshift-monitoring.svc.cluster.local:9091 + type: string + type: object + type: object + type: object + type: object + tenants: + description: Tenants defines the per-tenant authentication and authorization + spec. + properties: + authentication: + description: Authentication defines the tempo-gateway component + authentication configuration spec per tenant. + items: + description: AuthenticationSpec defines the oidc configuration + per tenant for tempo Gateway component. + properties: + oidc: + description: OIDC defines the spec for the OIDC tenant's + authentication. + properties: + groupClaim: + description: Group claim field from ID Token + type: string + issuerURL: + description: IssuerURL defines the URL for issuer. + type: string + redirectURL: + description: RedirectURL defines the URL for redirect. + type: string + secret: + description: Secret defines the spec for the clientID, + clientSecret and issuerCAPath for tenant's authentication. + properties: + name: + description: Name of a secret in the namespace configured + for tenant secrets. + type: string + type: object + usernameClaim: + description: User claim field from ID Token + type: string + type: object + tenantId: + description: TenantID defines the id of the tenant. + type: string + tenantName: + description: TenantName defines the name of the tenant. + The value of this field should be sent in X-Scope-OrgID + header to identify the tenant. + type: string + required: + - tenantId + - tenantName + type: object + type: array + authorization: + description: Authorization defines the tempo-gateway component + authorization configuration spec per tenant. + properties: + roleBindings: + description: RoleBindings defines configuration to bind a + set of roles to a set of subjects. + items: + description: RoleBindingsSpec binds a set of roles to a + set of subjects. + properties: + name: + type: string + roles: + items: + type: string + type: array + subjects: + items: + description: Subject represents a subject that has + been bound to a role. + properties: + kind: + description: SubjectKind is a kind of Tempo Gateway + RBAC subject. + enum: + - user + - group + type: string + name: + type: string + required: + - kind + - name + type: object + type: array + required: + - name + - roles + - subjects + type: object + type: array + roles: + description: Roles defines a set of permissions to interact + with a tenant. + items: + description: RoleSpec describes a set of permissions to + interact with a tenant. + properties: + name: + type: string + permissions: + items: + description: PermissionType is a Tempo Gateway RBAC + permission. + enum: + - read + - write + type: string + type: array + resources: + items: + type: string + type: array + tenants: + items: + type: string + type: array + required: + - name + - permissions + - resources + - tenants + type: object + type: array + type: object + mode: + default: static + description: Mode defines the multitenancy mode. + enum: + - static + - openshift + type: string + required: + - mode + type: object + required: + - storage + type: object + status: + description: TempoStackStatus defines the observed state of TempoStack. + properties: + components: + description: Components provides summary of all Tempo pod status grouped + per component. + properties: + compactor: + additionalProperties: + items: + type: string + type: array + description: Compactor is a map to the pod status of the compactor + pod. + type: object + distributor: + additionalProperties: + items: + type: string + type: array + description: Distributor is a map to the per pod status of the + distributor deployment + type: object + gateway: + additionalProperties: + items: + type: string + type: array + description: Gateway is a map to the per pod status of the query + frontend deployment + type: object + ingester: + additionalProperties: + items: + type: string + type: array + description: Ingester is a map to the per pod status of the ingester + statefulset + type: object + querier: + additionalProperties: + items: + type: string + type: array + description: Querier is a map to the per pod status of the querier + deployment + type: object + queryFrontend: + additionalProperties: + items: + type: string + type: array + description: QueryFrontend is a map to the per pod status of the + query frontend deployment + type: object + type: object + conditions: + description: Conditions of the Tempo deployment health. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + operatorVersion: + description: Version of the Tempo Operator. + type: string + tempoQueryVersion: + description: DEPRECATED. Version of the Tempo Query component used. + type: string + tempoVersion: + description: Version of the managed Tempo instance. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/tempo-operator/0.5.0/metadata/annotations.yaml b/operators/tempo-operator/0.5.0/metadata/annotations.yaml new file mode 100644 index 00000000000..13c9941e06a --- /dev/null +++ b/operators/tempo-operator/0.5.0/metadata/annotations.yaml @@ -0,0 +1,14 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: tempo-operator + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.27.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/tempo-operator/0.5.0/tests/scorecard/config.yaml b/operators/tempo-operator/0.5.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..024997b692f --- /dev/null +++ b/operators/tempo-operator/0.5.0/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}