diff --git a/operators/tempo-operator/0.14.0/bundle.Dockerfile b/operators/tempo-operator/0.14.0/bundle.Dockerfile new file mode 100644 index 00000000000..3b77d3543cd --- /dev/null +++ b/operators/tempo-operator/0.14.0/bundle.Dockerfile @@ -0,0 +1,22 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=tempo-operator +LABEL operators.operatorframework.io.bundle.channels.v1=alpha +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.32.0 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 + +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + +# Copy files to locations specified by labels. +COPY ./manifests /manifests/ +COPY ./metadata /metadata/ +COPY ./tests/scorecard /tests/scorecard/ + +LABEL com.redhat.openshift.versions=v4.12 diff --git a/operators/tempo-operator/0.14.0/manifests/tempo-operator-controller-manager-metrics-service_v1_service.yaml b/operators/tempo-operator/0.14.0/manifests/tempo-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..2194103e9f5 --- /dev/null +++ b/operators/tempo-operator/0.14.0/manifests/tempo-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + control-plane: controller-manager + name: tempo-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/tempo-operator/0.14.0/manifests/tempo-operator-manager-config_v1_configmap.yaml b/operators/tempo-operator/0.14.0/manifests/tempo-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..27ac083643d --- /dev/null +++ b/operators/tempo-operator/0.14.0/manifests/tempo-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,57 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: config.tempo.grafana.com/v1alpha1 + kind: ProjectConfig + distribution: community + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: 8b886b0f.grafana.com + # leaderElectionReleaseOnCancel defines if the leader should step down volume + # when the Manager ends. This requires the binary to immediately end when the + # Manager is stopped, otherwise, this setting is unsafe. Setting this significantly + # speeds up voluntary leader transitions as the new leader don't have to wait + # LeaseDuration time first. + # In the default scaffold provided, the program ends immediately after + # the manager stops, so would be fine to enable this option. However, + # if you are doing or is intended to do any operation such as perform cleanups + # after the manager stops then its usage might be unsafe. + # leaderElectionReleaseOnCancel: true + featureGates: + openshift: + openshiftRoute: false + servingCertsService: false + oAuthProxy: + defaultEnabled: false + prometheusOperator: false + grafanaOperator: false + httpEncryption: true + grpcEncryption: true + tlsProfile: Modern + builtInCertManagement: + enabled: true + # CA certificate validity: 5 years + caValidity: 43830h + # CA certificate refresh at 80% of validity + caRefresh: 35064h + # Target certificate validity: 90d + certValidity: 2160h + # Target certificate refresh at 80% of validity + certRefresh: 1728h + observability: + metrics: + createServiceMonitors: false + createPrometheusRules: false +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + name: tempo-operator-manager-config diff --git a/operators/tempo-operator/0.14.0/manifests/tempo-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/tempo-operator/0.14.0/manifests/tempo-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..cdfdb922582 --- /dev/null +++ b/operators/tempo-operator/0.14.0/manifests/tempo-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + name: tempo-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/tempo-operator/0.14.0/manifests/tempo-operator-webhook-service_v1_service.yaml b/operators/tempo-operator/0.14.0/manifests/tempo-operator-webhook-service_v1_service.yaml new file mode 100644 index 00000000000..f4f01a0be4a --- /dev/null +++ b/operators/tempo-operator/0.14.0/manifests/tempo-operator-webhook-service_v1_service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + name: tempo-operator-webhook-service +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/tempo-operator/0.14.0/manifests/tempo-operator.clusterserviceversion.yaml b/operators/tempo-operator/0.14.0/manifests/tempo-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..ed99cc04219 --- /dev/null +++ b/operators/tempo-operator/0.14.0/manifests/tempo-operator.clusterserviceversion.yaml @@ -0,0 +1,1691 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "tempo.grafana.com/v1alpha1", + "kind": "TempoMonolithic", + "metadata": { + "name": "sample" + }, + "spec": { + "jaegerui": { + "enabled": true, + "ingress": { + "enabled": true + }, + "resources": { + "limits": { + "cpu": "2", + "memory": "2Gi" + } + } + }, + "resources": { + "limits": { + "cpu": "2", + "memory": "2Gi" + } + }, + "storage": { + "traces": { + "backend": "memory" + } + } + } + }, + { + "apiVersion": "tempo.grafana.com/v1alpha1", + "kind": "TempoStack", + "metadata": { + "name": "sample" + }, + "spec": { + "resources": { + "total": { + "limits": { + "cpu": "2000m", + "memory": "2Gi" + } + } + }, + "storage": { + "secret": { + "name": "my-storage-secret", + "type": "s3" + } + }, + "storageSize": "1Gi", + "template": { + "queryFrontend": { + "jaegerQuery": { + "enabled": true, + "ingress": { + "type": "ingress" + } + } + } + } + } + } + ] + capabilities: Deep Insights + categories: Logging & Tracing,Monitoring + containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.14.0 + createdAt: "2024-10-30T12:08:06Z" + description: Create and manage deployments of Tempo, a high-scale distributed + tracing backend. + operatorframework.io/cluster-monitoring: "true" + operatorframework.io/suggested-namespace: tempo-operator-system + operators.operatorframework.io/builder: operator-sdk-v1.32.0 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://github.com/grafana/tempo-operator + support: Grafana Tempo Operator SIG + name: tempo-operator.v0.14.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: TempoMonolithic manages a Tempo deployment in monolithic mode. + displayName: TempoMonolithic + kind: TempoMonolithic + name: tempomonolithics.tempo.grafana.com + resources: + - kind: ConfigMap + name: "" + version: v1 + - kind: Ingress + name: "" + version: v1 + - kind: Route + name: "" + version: v1 + - kind: Secret + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: StatefulSet + name: "" + version: v1 + specDescriptors: + - description: 'Enabled defines if OTLP over gRPC is enabled. Default: enabled.' + displayName: Enabled + path: ingestion.otlp.grpc.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Enabled defines if TLS is enabled. + displayName: Enabled + path: ingestion.otlp.grpc.tls.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Enabled defines if OTLP over HTTP is enabled. Default: enabled.' + displayName: Enabled + path: ingestion.otlp.http.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Enabled defines if TLS is enabled. + displayName: Enabled + path: ingestion.otlp.http.tls.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Defines if the authentication will be enabled for jaeger UI. + displayName: Enabled + path: jaegerui.authentication.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Enabled defines if the Jaeger UI component should be created. + displayName: Enabled + path: jaegerui.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Enabled defines if an Ingress object should be created for Jaeger + UI. + displayName: Enabled + path: jaegerui.ingress.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Enabled defines if a Route object should be created for Jaeger + UI. + displayName: Enabled + path: jaegerui.route.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Enabled defines if a Grafana data source should be created for + this Tempo deployment. + displayName: Enabled + path: observability.grafana.dataSource.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Enabled defines if PrometheusRule objects should be created for + this Tempo deployment. + displayName: Enabled + path: observability.metrics.prometheusRules.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Enabled defines if ServiceMonitor objects should be created for + this Tempo deployment. + displayName: Enabled + path: observability.metrics.serviceMonitors.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Storage defines the storage configuration. + displayName: Storage + path: storage + - description: 'Backend defines the backend for storing traces. Default: memory.' + displayName: Storage Backend + path: storage.traces.backend + - description: Enabled defines if TLS is enabled. + displayName: Enabled + path: storage.traces.s3.tls.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Ingestion defines the trace ingestion configuration. + displayName: Ingestion + path: ingestion + - description: Resources defines the compute resource requirements of the Jaeger + UI container. + displayName: Resources + path: jaegerui.resources + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:resourceRequirements + - description: 'Size defines the size of the volume where traces are stored. + For in-memory storage, this defines the size of the tmpfs volume. For persistent + volume storage, this defines the size of the persistent volume. For object + storage, this defines the size of the persistent volume containing the Write-Ahead + Log (WAL) of Tempo. Default: 2Gi for memory, 10Gi for all other backends.' + displayName: Size + path: storage.traces.size + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: JaegerUI defines the Jaeger UI configuration. + displayName: Jaeger UI + path: jaegerui + - description: Ingress defines the Ingress configuration for the Jaeger UI. + displayName: Ingress + path: jaegerui.ingress + - description: Route defines the OpenShift route configuration for the Jaeger + UI. + displayName: Route + path: jaegerui.route + - description: Observability defines the observability configuration of the + Tempo deployment. + displayName: Observability + path: observability + - description: Authentication defines the options for the oauth proxy used to + protect jaeger UI + displayName: Jaeger UI authentication configuration + path: jaegerui.authentication + - description: Resources defines the compute resource requirements of the Tempo + container. + displayName: Resources + path: resources + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:resourceRequirements + - description: Affinity defines the Affinity rules for scheduling pods. + displayName: Affinity + path: affinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: ExtraConfig defines any extra (overlay) configuration of components. + displayName: Extra Configuration + path: extraConfig + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Tempo defines any extra Tempo configuration, which will be merged + with the operator's generated Tempo configuration + displayName: Tempo Extra Configurations + path: extraConfig.tempo + - description: OTLP defines the ingestion configuration for the OTLP protocol. + displayName: OTLP + path: ingestion.otlp + - description: GRPC defines the OTLP over gRPC configuration. + displayName: gRPC + path: ingestion.otlp.grpc + - description: "TLS defines the TLS configuration for OTLP/gRPC ingestion. \n + On OpenShift when operator config `servingCertsService` and TLS is enabled + \ but no `certName` and `caName` are provided it will use OpenShift serving + certificate service." + displayName: TLS + path: ingestion.otlp.grpc.tls + - description: CA is the name of a ConfigMap containing a CA certificate (service-ca.crt). + It needs to be in the same namespace as the Tempo custom resource. + displayName: CA ConfigMap + path: ingestion.otlp.grpc.tls.caName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:ConfigMap + - description: Cert is the name of a Secret containing a certificate (tls.crt) + and private key (tls.key). It needs to be in the same namespace as the Tempo + custom resource. + displayName: Certificate Secret + path: ingestion.otlp.grpc.tls.certName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: MinVersion defines the minimum acceptable TLS version. + displayName: Min TLS Version + path: ingestion.otlp.grpc.tls.minVersion + - description: HTTP defines the OTLP over HTTP configuration. + displayName: HTTP + path: ingestion.otlp.http + - description: "TLS defines the TLS configuration for OTLP/HTTP ingestion. \n + On OpenShift when operator config `servingCertsService` and TLS is enabled + \ but no `certName` and `caName` are provided it will use OpenShift serving + certificate service." + displayName: TLS + path: ingestion.otlp.http.tls + - description: CA is the name of a ConfigMap containing a CA certificate (service-ca.crt). + It needs to be in the same namespace as the Tempo custom resource. + displayName: CA ConfigMap + path: ingestion.otlp.http.tls.caName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:ConfigMap + - description: Cert is the name of a Secret containing a certificate (tls.crt) + and private key (tls.key). It needs to be in the same namespace as the Tempo + custom resource. + displayName: Certificate Secret + path: ingestion.otlp.http.tls.certName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: MinVersion defines the minimum acceptable TLS version. + displayName: Min TLS Version + path: ingestion.otlp.http.tls.minVersion + - description: Resources defines the compute resource requirements of the OAuth + Proxy container. The OAuth Proxy performs authentication and authorization + of incoming requests to Jaeger UI when multi-tenancy is disabled. + displayName: Resources + path: jaegerui.authentication.resources + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:resourceRequirements + - description: 'SAR defines the SAR to be used in the oauth-proxy default is + "{"namespace": "", "resource": "pods", "verb": "get"}' + displayName: SAR + path: jaegerui.authentication.sar + - description: 'FindTracesConcurrentRequests defines how many concurrent request + a single trace search can submit (defaults 2). The search for traces in + Jaeger submits limit+1 requests. First requests finds trace IDs and then + it fetches entire traces by ID. This property allows Jaeger to fetch traces + in parallel. Note that by default a single Tempo querier can process 20 + concurrent search jobs. Increasing this property might require scaling up + querier instances, especially on error "job queue full" See also Tempo''s + extraConfig: querier.max_concurrent_queries (20 default) query_frontend.max_outstanding_per_tenant: + (2000 default). Increase if the query-frontend returns 429' + displayName: FindTracesConcurrentRequests + path: jaegerui.findTracesConcurrentRequests + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Annotations defines the annotations of the Ingress object. + displayName: Annotations + path: jaegerui.ingress.annotations + - description: Host defines the hostname of the Ingress object. + displayName: Hostname + path: jaegerui.ingress.host + - description: IngressClassName defines the name of an IngressClass cluster + resource. Defines which ingress controller serves this ingress resource. + displayName: Ingress Class Name + path: jaegerui.ingress.ingressClassName + - description: Annotations defines the annotations of the Route object. + displayName: Annotations + path: jaegerui.route.annotations + - description: Host defines the hostname of the Route object. + displayName: Hostname + path: jaegerui.route.host + - description: Termination specifies the termination type. + displayName: TLS Termination + path: jaegerui.route.termination + - description: ServicesQueryDuration defines how long the services will be available + in the services list + displayName: ServicesQueryDuration + path: jaegerui.servicesQueryDuration + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: 'ManagementState defines whether this instance is managed by + the operator or self-managed. Default: Managed.' + displayName: Management State + path: management + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Multitenancy defines the multi-tenancy configuration. + displayName: Multi-Tenancy + path: multitenancy + - description: Authentication defines the tempo-gateway component authentication + configuration spec per tenant. + displayName: Authentication + path: multitenancy.authentication + - description: OIDC defines the spec for the OIDC tenant's authentication. + displayName: OIDC Configuration + path: multitenancy.authentication[0].oidc + - description: IssuerURL defines the URL for issuer. + displayName: Issuer URL + path: multitenancy.authentication[0].oidc.issuerURL + - description: RedirectURL defines the URL for redirect. + displayName: Redirect URL + path: multitenancy.authentication[0].oidc.redirectURL + - description: Secret defines the spec for the clientID, clientSecret and issuerCAPath + for tenant's authentication. + displayName: Tenant Secret + path: multitenancy.authentication[0].oidc.secret + - description: Name of a secret in the namespace configured for tenant secrets. + displayName: Tenant Secret Name + path: multitenancy.authentication[0].oidc.secret.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: TenantID defines a universally unique identifier of the tenant. + Unlike the tenantName, which must be unique at a given time, the tenantId + must be unique over the entire lifetime of the Tempo deployment. Tempo uses + this ID to prefix objects in the object storage. + displayName: Tenant ID + path: multitenancy.authentication[0].tenantId + - description: TenantName defines a human readable, unique name of the tenant. + The value of this field must be specified in the X-Scope-OrgID header and + in the resources field of a ClusterRole to identify the tenant. + displayName: Tenant Name + path: multitenancy.authentication[0].tenantName + - description: Authorization defines the tempo-gateway component authorization + configuration spec per tenant. + displayName: Authorization + path: multitenancy.authorization + - description: RoleBindings defines configuration to bind a set of roles to + a set of subjects. + displayName: Static Role Bindings + path: multitenancy.authorization.roleBindings + - description: Roles defines a set of permissions to interact with a tenant. + displayName: Static Roles + path: multitenancy.authorization.roles + - description: Enabled defines if multi-tenancy is enabled. + displayName: Enabled + path: multitenancy.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Mode defines the multitenancy mode. + displayName: Mode + path: multitenancy.mode + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:static + - urn:alm:descriptor:com.tectonic.ui:select:openshift + - description: Resources defines the compute resource requirements of the gateway + container. The gateway performs authentication and authorization of incoming + requests when multi-tenancy is enabled. + displayName: Resources + path: multitenancy.resources + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:resourceRequirements + - description: NodeSelector defines which labels are required by a node to schedule + the pod onto it. + displayName: Node Selector + path: nodeSelector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Grafana defines the Grafana configuration of the Tempo deployment. + displayName: Grafana + path: observability.grafana + - description: DataSource defines the Grafana data source configuration. + displayName: Grafana data source + path: observability.grafana.dataSource + - description: InstanceSelector defines the Grafana instance where the data + source should be created. + displayName: Instance Selector + path: observability.grafana.dataSource.instanceSelector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:grafana.integreatly.org:v1beta1:Grafana + - description: Metrics defines the metric configuration of the Tempo deployment. + displayName: Metrics + path: observability.metrics + - description: ServiceMonitors defines the PrometheusRule configuration. + displayName: Prometheus Rules + path: observability.metrics.prometheusRules + - description: ServiceMonitors defines the ServiceMonitor configuration. + displayName: Service Monitors + path: observability.metrics.serviceMonitors + - description: ServiceAccount defines the Service Account to use for all Tempo + components. + displayName: Service Account + path: serviceAccount + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Traces defines the storage configuration for traces. + displayName: Traces + path: storage.traces + - description: Azure defines the configuration for Azure Storage. + displayName: Azure Storage + path: storage.traces.azure + - description: Secret is the name of a Secret containing credentials for accessing + object storage. It needs to be in the same namespace as the TempoMonolithic + custom resource. + displayName: Storage Secret + path: storage.traces.azure.secret + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: GCP defines the configuration for Google Cloud Storage. + displayName: Google Cloud Storage + path: storage.traces.gcs + - description: Secret is the name of a Secret containing credentials for accessing + object storage. It needs to be in the same namespace as the TempoMonolithic + custom resource. + displayName: Storage Secret + path: storage.traces.gcs.secret + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: S3 defines the configuration for Amazon S3. + displayName: Amazon S3 + path: storage.traces.s3 + - description: Secret is the name of a Secret containing credentials for accessing + object storage. It needs to be in the same namespace as the TempoMonolithic + custom resource. + displayName: Storage Secret + path: storage.traces.s3.secret + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: TLS defines the TLS configuration for Amazon S3. + displayName: TLS + path: storage.traces.s3.tls + - description: CA is the name of a ConfigMap containing a CA certificate (service-ca.crt). + It needs to be in the same namespace as the Tempo custom resource. + displayName: CA ConfigMap + path: storage.traces.s3.tls.caName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:ConfigMap + - description: Cert is the name of a Secret containing a certificate (tls.crt) + and private key (tls.key). It needs to be in the same namespace as the Tempo + custom resource. + displayName: Certificate Secret + path: storage.traces.s3.tls.certName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: MinVersion defines the minimum acceptable TLS version. + displayName: Min TLS Version + path: storage.traces.s3.tls.minVersion + - description: Tolerations defines the tolerations of a node to schedule the + pod onto it. + displayName: Tolerations + path: tolerations + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + statusDescriptors: + - description: Tempo is a map of the pod status of the Tempo pods. + displayName: Tempo + path: components.tempo + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: Conditions of the Tempo deployment health. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + version: v1alpha1 + - description: TempoStack manages a Tempo deployment in microservices mode. + displayName: TempoStack + kind: TempoStack + name: tempostacks.tempo.grafana.com + resources: + - kind: ConfigMap + name: "" + version: v1 + - kind: Deployment + name: "" + version: v1 + - kind: Ingress + name: "" + version: v1 + - kind: Route + name: "" + version: v1 + - kind: Secret + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: StatefulSet + name: "" + version: v1 + specDescriptors: + - description: Enabled defines if TLS is enabled. + displayName: Enabled + path: storage.tls.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Enabled defines if TLS is enabled. + displayName: Enabled + path: template.distributor.tls.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Defines if the authentication will be enabled for jaeger UI. + displayName: Enabled + path: template.queryFrontend.jaegerQuery.authentication.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - displayName: Extra Configurations + path: extraConfig + - description: Tempo defines any extra Tempo configuration, which will be merged + with the operator's generated Tempo configuration + displayName: Tempo Extra Configurations + path: extraConfig.tempo + - description: HashRing defines the spec for the distributed hash ring configuration. + displayName: Hash Ring + path: hashRing + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: MemberList configuration spec + displayName: Memberlist Config + path: hashRing.memberlist + - description: EnableIPv6 enables IPv6 support for the memberlist based hash + ring. + displayName: Enable IPv6 + path: hashRing.memberlist.enableIPv6 + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: InstanceAddrType defines the type of address to use to advertise + to the ring. Defaults to the first address from any private network interfaces + of the current pod. Alternatively the public pod IP can be used in case + private networks (RFC 1918 and RFC 6598) are not available. + displayName: Instance Address + path: hashRing.memberlist.instanceAddrType + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:default + - urn:alm:descriptor:com.tectonic.ui:select:podIP + - description: Images defines the image for each container. + displayName: Container Images + path: images + - description: LimitSpec is used to limit ingestion and querying rates. + displayName: Ingestion and Querying Ratelimiting + path: limits + - description: Global is used to define global rate limits. + displayName: Global Limit + path: limits.global + - description: Ingestion is used to define ingestion rate limits. + displayName: Ingestion Limit + path: limits.global.ingestion + - description: IngestionBurstSizeBytes defines the burst size (bytes) used in + ingestion. + displayName: Ingestion Burst Size in Bytes + path: limits.global.ingestion.ingestionBurstSizeBytes + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: IngestionRateLimitBytes defines the Per-user ingestion rate limit + (bytes) used in ingestion. + displayName: Ingestion Rate Limit in Bytes + path: limits.global.ingestion.ingestionRateLimitBytes + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxBytesPerTrace defines the maximum number of bytes of an acceptable + trace. + displayName: Max Bytes per Trace + path: limits.global.ingestion.maxBytesPerTrace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxTracesPerUser defines the maximum number of traces a user + can send. + displayName: Max Traces per User + path: limits.global.ingestion.maxTracesPerUser + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Query is used to define query rate limits. + displayName: Query Limit + path: limits.global.query + - description: MaxBytesPerTagValues defines the maximum size in bytes of a tag-values + query. + displayName: Max Tags per User + path: limits.global.query.maxBytesPerTagValues + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: 'DEPRECATED. MaxSearchBytesPerTrace defines the maximum size + of search data for a single trace in bytes. default: `0` to disable.' + displayName: Max Traces per User + path: limits.global.query.maxSearchBytesPerTrace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxSearchDuration defines the maximum allowed time range for + a search. If this value is not set, then spec.search.maxDuration is used. + displayName: Max Search Duration per User + path: limits.global.query.maxSearchDuration + - description: PerTenant is used to define rate limits per tenant. + displayName: Tenant Limits + path: limits.perTenant + - description: Ingestion is used to define ingestion rate limits. + displayName: Ingestion Limit + path: limits.perTenant.ingestion + - description: IngestionBurstSizeBytes defines the burst size (bytes) used in + ingestion. + displayName: Ingestion Burst Size in Bytes + path: limits.perTenant.ingestion.ingestionBurstSizeBytes + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: IngestionRateLimitBytes defines the Per-user ingestion rate limit + (bytes) used in ingestion. + displayName: Ingestion Rate Limit in Bytes + path: limits.perTenant.ingestion.ingestionRateLimitBytes + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxBytesPerTrace defines the maximum number of bytes of an acceptable + trace. + displayName: Max Bytes per Trace + path: limits.perTenant.ingestion.maxBytesPerTrace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxTracesPerUser defines the maximum number of traces a user + can send. + displayName: Max Traces per User + path: limits.perTenant.ingestion.maxTracesPerUser + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Query is used to define query rate limits. + displayName: Query Limit + path: limits.perTenant.query + - description: MaxBytesPerTagValues defines the maximum size in bytes of a tag-values + query. + displayName: Max Tags per User + path: limits.perTenant.query.maxBytesPerTagValues + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: 'DEPRECATED. MaxSearchBytesPerTrace defines the maximum size + of search data for a single trace in bytes. default: `0` to disable.' + displayName: Max Traces per User + path: limits.perTenant.query.maxSearchBytesPerTrace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxSearchDuration defines the maximum allowed time range for + a search. If this value is not set, then spec.search.maxDuration is used. + displayName: Max Search Duration per User + path: limits.perTenant.query.maxSearchDuration + - description: ManagementState defines if the CR should be managed by the operator + or not. Default is managed. + displayName: Management State + path: managementState + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:Managed + - urn:alm:descriptor:com.tectonic.ui:select:Unmanaged + - description: ObservabilitySpec defines how telemetry data gets handled. + displayName: Observability + path: observability + - description: Grafana defines the Grafana configuration for operands. + displayName: Grafana Config + path: observability.grafana + - description: CreateDatasource specifies if a Grafana Datasource should be + created for Tempo. + displayName: Create Datasource for Tempo + path: observability.grafana.createDatasource + - description: InstanceSelector specifies the Grafana instance where the datasource + should be created. + displayName: Create CreateDatasource for Tempo + path: observability.grafana.instanceSelector + - description: Metrics defines the metrics configuration for operands. + displayName: Metrics Config + path: observability.metrics + - description: CreatePrometheusRules specifies if Prometheus rules for alerts + should be created for Tempo components. + displayName: Create PrometheusRules for Tempo components + path: observability.metrics.createPrometheusRules + - description: CreateServiceMonitors specifies if ServiceMonitors should be + created for Tempo components. + displayName: Create ServiceMonitors for Tempo components + path: observability.metrics.createServiceMonitors + - description: Tracing defines a config for operands. + displayName: Tracing Config + path: observability.tracing + - description: JaegerAgentEndpoint defines the jaeger endpoint data gets send + to. + displayName: Jaeger-Agent-Endpoint + path: observability.tracing.jaeger_agent_endpoint + - description: SamplingFraction defines the sampling ratio. Valid values are + 0 to 1. + displayName: Sampling Fraction + path: observability.tracing.sampling_fraction + - description: The replication factor is a configuration setting that determines + how many ingesters need to acknowledge the data from the distributors before + accepting a span. + displayName: Replication Factor + path: replicationFactor + - description: Resources defines resources configuration. + displayName: Resources + path: resources + - description: The total amount of resources for Tempo instance. The operator + autonomously splits resources between deployed Tempo components. Only limits + are supported, the operator calculates requests automatically. See http://github.com/grafana/tempo/issues/1540. + displayName: Resource Requirements + path: resources.total + - description: Retention period defined by dataset. User can specify how long + data should be stored. + displayName: Retention Period + path: retention + - description: Global is used to configure global retention. + displayName: Global Retention + path: retention.global + - description: 'Traces defines retention period. Supported parameter suffixes + are "s", "m" and "h". example: 336h default: value is 48h.' + displayName: Trace Retention Period + path: retention.global.traces + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: PerTenant is used to configure retention per tenant. + displayName: PerTenant Retention + path: retention.perTenant + - description: 'Traces defines retention period. Supported parameter suffixes + are "s", "m" and "h". example: 336h default: value is 48h.' + displayName: Trace Retention Period + path: retention.perTenant.traces + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: SearchSpec control the configuration for the search capabilities. + displayName: Search configuration options + path: search + - description: 'Limit used for search requests if none is set by the caller + (default: 20)' + displayName: Limit used for search requests if none is set by the caller, + this limit the number of traces returned by the query + path: search.defaultResultLimit + - description: 'The maximum allowed time range for a search, default: 0s which + means unlimited.' + displayName: Max search time range allowed + path: search.maxDuration + - description: The maximum allowed value of the limit parameter on search requests. + If the search request limit parameter exceeds the value configured here + it will be set to the value configured here. The default value of 0 disables + this limit. + displayName: The maximum allowed value of the limit parameter on search requests, + this determine the max number of traces allowed to be returned + path: search.maxResultLimit + - description: ServiceAccount defines the service account to use for all tempo + components. + displayName: Service Account + path: serviceAccount + - description: Storage defines the spec for the object storage endpoint to store + traces. User is required to create secret and supply it. + displayName: Object Storage + path: storage + - description: Secret for object storage authentication. Name of a secret in + the same namespace as the TempoStack custom resource. + displayName: Object Storage Secret + path: storage.secret + - description: Name of a secret in the namespace configured for object storage + secrets. + displayName: Object Storage Secret Name + path: storage.secret.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Type of object storage that should be used + displayName: Object Storage Secret Type + path: storage.secret.type + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:azure + - urn:alm:descriptor:com.tectonic.ui:select:gcs + - urn:alm:descriptor:com.tectonic.ui:select:s3 + - description: TLS configuration for reaching the object storage endpoint. + displayName: TLS Config + path: storage.tls + - description: CA is the name of a ConfigMap containing a CA certificate (service-ca.crt). + It needs to be in the same namespace as the Tempo custom resource. + displayName: CA ConfigMap + path: storage.tls.caName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:ConfigMap + - description: Cert is the name of a Secret containing a certificate (tls.crt) + and private key (tls.key). It needs to be in the same namespace as the Tempo + custom resource. + displayName: Certificate Secret + path: storage.tls.certName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: MinVersion defines the minimum acceptable TLS version. + displayName: Min TLS Version + path: storage.tls.minVersion + - description: StorageClassName for PVCs used by ingester. Defaults to nil (default + storage class in the cluster). + displayName: StorageClassName for PVCs + path: storageClassName + - description: StorageSize for PVCs used by ingester. Defaults to 10Gi. + displayName: Storage size for PVCs + path: storageSize + - description: Template defines requirements for a set of tempo components. + displayName: Tempo Component Templates + path: template + - description: Compactor defines the tempo compactor component spec. + displayName: Compactor pods + path: template.compactor + - description: NodeSelector defines the simple form of the node-selection constraint. + displayName: Node Selector + path: template.compactor.nodeSelector + - description: PodSecurityContext defines security context will be applied to + all pods of this component. + displayName: PodSecurityContext + path: template.compactor.podSecurityContext + - description: Replicas defines the number of replicas to be created for this + component. + displayName: Component Replicas + path: template.compactor.replicas + - description: Resources defines resources for this component, this will override + the calculated resources derived from total + displayName: Resources + path: template.compactor.resources + - description: Tolerations defines component-specific pod tolerations. + displayName: Tolerations + path: template.compactor.tolerations + - description: Distributor defines the distributor component spec. + displayName: Distributor pods + path: template.distributor + - description: NodeSelector defines the simple form of the node-selection constraint. + displayName: Node Selector + path: template.distributor.nodeSelector + - description: PodSecurityContext defines security context will be applied to + all pods of this component. + displayName: PodSecurityContext + path: template.distributor.podSecurityContext + - description: Replicas defines the number of replicas to be created for this + component. + displayName: Component Replicas + path: template.distributor.replicas + - description: Resources defines resources for this component, this will override + the calculated resources derived from total + displayName: Resources + path: template.distributor.resources + - description: "TLS defines TLS configuration for distributor receivers \n If + openshift feature flag `servingCertsService` is enabled and TLS is enabled + but no certName or caName is specified, OpenShift service serving certificates + will be used." + displayName: TLS + path: template.distributor.tls + - description: CA is the name of a ConfigMap containing a CA certificate (service-ca.crt). + It needs to be in the same namespace as the Tempo custom resource. + displayName: CA ConfigMap + path: template.distributor.tls.caName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:ConfigMap + - description: Cert is the name of a Secret containing a certificate (tls.crt) + and private key (tls.key). It needs to be in the same namespace as the Tempo + custom resource. + displayName: Certificate Secret + path: template.distributor.tls.certName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: MinVersion defines the minimum acceptable TLS version. + displayName: Min TLS Version + path: template.distributor.tls.minVersion + - description: Tolerations defines component-specific pod tolerations. + displayName: Tolerations + path: template.distributor.tolerations + - description: Gateway defines the tempo gateway spec. + displayName: Gateway pods + path: template.gateway + - displayName: Enabled + path: template.gateway.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Ingress defines gateway Ingress options. + displayName: Jaeger gateway Ingress Settings + path: template.gateway.ingress + - description: Annotations defines the annotations of the Ingress object. + displayName: Annotations + path: template.gateway.ingress.annotations + - description: Host defines the hostname of the Ingress object. + displayName: Host + path: template.gateway.ingress.host + - description: Route defines the options for the OpenShift route. + displayName: Route Configuration + path: template.gateway.ingress.route + - description: Termination defines the termination type. The default is "edge". + displayName: TLS Termination Policy + path: template.gateway.ingress.route.termination + - description: Type defines the type of Ingress for the Jaeger Query UI. Currently + ingress, route and none are supported. + displayName: Type + path: template.gateway.ingress.type + - description: NodeSelector defines the simple form of the node-selection constraint. + displayName: Node Selector + path: template.gateway.nodeSelector + - description: PodSecurityContext defines security context will be applied to + all pods of this component. + displayName: PodSecurityContext + path: template.gateway.podSecurityContext + - description: Replicas defines the number of replicas to be created for this + component. + displayName: Component Replicas + path: template.gateway.replicas + - description: Resources defines resources for this component, this will override + the calculated resources derived from total + displayName: Resources + path: template.gateway.resources + - description: Tolerations defines component-specific pod tolerations. + displayName: Tolerations + path: template.gateway.tolerations + - description: Ingester defines the ingester component spec. + displayName: Ingester pods + path: template.ingester + - description: NodeSelector defines the simple form of the node-selection constraint. + displayName: Node Selector + path: template.ingester.nodeSelector + - description: PodSecurityContext defines security context will be applied to + all pods of this component. + displayName: PodSecurityContext + path: template.ingester.podSecurityContext + - description: Replicas defines the number of replicas to be created for this + component. + displayName: Component Replicas + path: template.ingester.replicas + - description: Resources defines resources for this component, this will override + the calculated resources derived from total + displayName: Resources + path: template.ingester.resources + - description: Tolerations defines component-specific pod tolerations. + displayName: Tolerations + path: template.ingester.tolerations + - description: Querier defines the querier component spec. + displayName: Querier pods + path: template.querier + - description: NodeSelector defines the simple form of the node-selection constraint. + displayName: Node Selector + path: template.querier.nodeSelector + - description: PodSecurityContext defines security context will be applied to + all pods of this component. + displayName: PodSecurityContext + path: template.querier.podSecurityContext + - description: Replicas defines the number of replicas to be created for this + component. + displayName: Component Replicas + path: template.querier.replicas + - description: Resources defines resources for this component, this will override + the calculated resources derived from total + displayName: Resources + path: template.querier.resources + - description: Tolerations defines component-specific pod tolerations. + displayName: Tolerations + path: template.querier.tolerations + - description: TempoQueryFrontendSpec defines the query frontend spec. + displayName: Query Frontend pods + path: template.queryFrontend + - description: JaegerQuery defines options specific to the Jaeger Query component. + displayName: Jaeger Query Settings + path: template.queryFrontend.jaegerQuery + - description: Authentication defines the options for the oauth proxy used to + protect jaeger UI + displayName: Jaeger UI authentication configuration + path: template.queryFrontend.jaegerQuery.authentication + - description: Resources defines the compute resource requirements of the OAuth + Proxy container. The OAuth Proxy performs authentication and authorization + of incoming requests to Jaeger UI when multi-tenancy is disabled. + displayName: Resources + path: template.queryFrontend.jaegerQuery.authentication.resources + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:resourceRequirements + - description: 'SAR defines the SAR to be used in the oauth-proxy default is + "{"namespace": "", "resource": "pods", "verb": "get"}' + displayName: SAR + path: template.queryFrontend.jaegerQuery.authentication.sar + - description: Enabled defines if the Jaeger Query component should be created. + displayName: Enable Jaeger Query UI + path: template.queryFrontend.jaegerQuery.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'FindTracesConcurrentRequests defines how many concurrent request + a single trace search can submit (defaults querier.replicas*2). The search + for traces in Jaeger submits limit+1 requests. First requests finds trace + IDs and then it fetches entire traces by ID. This property allows Jaeger + to fetch traces in parallel. Note that by default a single Tempo querier + can process 20 concurrent search jobs. Increasing this property might require + scaling up querier instances, especially on error "job queue full" See also + Tempo''s extraConfig: querier.max_concurrent_queries (20 default) query_frontend.max_outstanding_per_tenant: + (2000 default). Increase if the query-frontend returns 429' + displayName: FindTracesConcurrentRequests + path: template.queryFrontend.jaegerQuery.findTracesConcurrentRequests + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Ingress defines the options for the Jaeger Query ingress. + displayName: Jaeger Query UI Ingress Settings + path: template.queryFrontend.jaegerQuery.ingress + - description: Annotations defines the annotations of the Ingress object. + displayName: Annotations + path: template.queryFrontend.jaegerQuery.ingress.annotations + - description: Host defines the hostname of the Ingress object. + displayName: Host + path: template.queryFrontend.jaegerQuery.ingress.host + - description: Route defines the options for the OpenShift route. + displayName: Route Configuration + path: template.queryFrontend.jaegerQuery.ingress.route + - description: Termination defines the termination type. The default is "edge". + displayName: TLS Termination Policy + path: template.queryFrontend.jaegerQuery.ingress.route.termination + - description: Type defines the type of Ingress for the Jaeger Query UI. Currently + ingress, route and none are supported. + displayName: Type + path: template.queryFrontend.jaegerQuery.ingress.type + - description: MonitorTab defines the monitor tab configuration. + displayName: Jaeger Query UI Monitor Tab Settings + path: template.queryFrontend.jaegerQuery.monitorTab + - description: Enabled enables the monitor tab in the Jaeger console. The PrometheusEndpoint + must be configured to enable this feature. + displayName: Enabled + path: template.queryFrontend.jaegerQuery.monitorTab.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: PrometheusEndpoint defines the endpoint to the Prometheus instance + that contains the span rate, error, and duration (RED) metrics. For instance + on OpenShift this is set to https://thanos-querier.openshift-monitoring.svc.cluster.local:9091 + displayName: Prometheus endpoint + path: template.queryFrontend.jaegerQuery.monitorTab.prometheusEndpoint + - description: REDMetricsNamespace defines the a prefix used retrieve span rate, + error, and duration (RED) metrics. By default it is set to `traces.span.metrics` + following the default namespace of the OpenTelemetry Collector since Version + 0.109.0. + displayName: RED Metric Namespace + path: template.queryFrontend.jaegerQuery.monitorTab.redMetricsNamespace + - description: Resources defines resources for this component, this will override + the calculated resources derived from total + displayName: Resources + path: template.queryFrontend.jaegerQuery.resources + - description: ServicesQueryDuration defines how long the services will be available + in the services list + displayName: ServicesQueryDuration + path: template.queryFrontend.jaegerQuery.servicesQueryDuration + - description: TempoQuery defines options specific to the Tempoo Query component. + displayName: Tempo Query Settings + path: template.queryFrontend.jaegerQuery.tempoQuery + - description: Resources defines resources for this component, this will override + the calculated resources derived from total + displayName: Resources + path: template.queryFrontend.jaegerQuery.tempoQuery.resources + - description: NodeSelector defines the simple form of the node-selection constraint. + displayName: Node Selector + path: template.queryFrontend.nodeSelector + - description: PodSecurityContext defines security context will be applied to + all pods of this component. + displayName: PodSecurityContext + path: template.queryFrontend.podSecurityContext + - description: Replicas defines the number of replicas to be created for this + component. + displayName: Component Replicas + path: template.queryFrontend.replicas + - description: Resources defines resources for this component, this will override + the calculated resources derived from total + displayName: Resources + path: template.queryFrontend.resources + - description: Tolerations defines component-specific pod tolerations. + displayName: Tolerations + path: template.queryFrontend.tolerations + - description: Tenants defines the per-tenant authentication and authorization + spec. + displayName: Tenants Configuration + path: tenants + - description: Authentication defines the tempo-gateway component authentication + configuration spec per tenant. + displayName: Authentication + path: tenants.authentication + - description: OIDC defines the spec for the OIDC tenant's authentication. + displayName: OIDC Configuration + path: tenants.authentication[0].oidc + - description: IssuerURL defines the URL for issuer. + displayName: Issuer URL + path: tenants.authentication[0].oidc.issuerURL + - description: RedirectURL defines the URL for redirect. + displayName: Redirect URL + path: tenants.authentication[0].oidc.redirectURL + - description: Secret defines the spec for the clientID, clientSecret and issuerCAPath + for tenant's authentication. + displayName: Tenant Secret + path: tenants.authentication[0].oidc.secret + - description: Name of a secret in the namespace configured for tenant secrets. + displayName: Tenant Secret Name + path: tenants.authentication[0].oidc.secret.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: TenantID defines a universally unique identifier of the tenant. + Unlike the tenantName, which must be unique at a given time, the tenantId + must be unique over the entire lifetime of the Tempo deployment. Tempo uses + this ID to prefix objects in the object storage. + displayName: Tenant ID + path: tenants.authentication[0].tenantId + - description: TenantName defines a human readable, unique name of the tenant. + The value of this field must be specified in the X-Scope-OrgID header and + in the resources field of a ClusterRole to identify the tenant. + displayName: Tenant Name + path: tenants.authentication[0].tenantName + - description: Authorization defines the tempo-gateway component authorization + configuration spec per tenant. + displayName: Authorization + path: tenants.authorization + - description: RoleBindings defines configuration to bind a set of roles to + a set of subjects. + displayName: Static Role Bindings + path: tenants.authorization.roleBindings + - description: Roles defines a set of permissions to interact with a tenant. + displayName: Static Roles + path: tenants.authorization.roles + - description: Mode defines the multitenancy mode. + displayName: Mode + path: tenants.mode + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:static + - urn:alm:descriptor:com.tectonic.ui:select:openshift + statusDescriptors: + - description: Distributor is a map to the per pod status of the distributor + deployment + displayName: Distributor + path: components.distributor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: Ingester is a map to the per pod status of the ingester statefulset + displayName: Ingester + path: components.ingester + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: Querier is a map to the per pod status of the querier deployment + displayName: Querier + path: components.querier + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: QueryFrontend is a map to the per pod status of the query frontend + deployment + displayName: Query Frontend + path: components.queryFrontend + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: Compactor is a map to the pod status of the compactor pod. + displayName: Compactor + path: components.compactor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: Gateway is a map to the per pod status of the query frontend + deployment + displayName: Gateway + path: components.gateway + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: Conditions of the Tempo deployment health. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + version: v1alpha1 + description: |- + Tempo is an open source, easy-to-use, and high-scale distributed tracing backend. + It can ingest common open source tracing protocols including Jaeger, Zipkin, and OpenTelemetry and requires only object storage to operate. + Please refer to the [Tempo documentation](https://grafana.com/docs/tempo/latest/) for more information about Tempo. + + The Community Tempo Operator supports Tempo deployments in Microservices mode (`TempoStack` CR) and Monolithic mode (`TempoMonolithic` CR). + + ### Operator features + * **Resource Limits** - Specify overall resource requests and limits in the `TempoStack` CR; the operator assigns fractions of it to each component + * **AuthN and AuthZ** - Supports OpenID Control (OIDC) and role-based access control (RBAC) + * **Managed upgrades** - Updating the operator will automatically update all managed Tempo clusters + * **Multitenancy** - Multiple tenants can send traces to the same Tempo cluster + * **mTLS** - Communication between the Tempo components can be secured via mTLS + * **Jaeger UI** - Traces can be visualized in Jaeger UI and exposed via Ingress or OpenShift Route + * **Observability** - The operator and `TempoStack` operands expose telemetry (metrics, traces) and integrate with Prometheus `ServiceMonitor` and `PrometheusRule` + + ### Prerequisites + `TempoStack` requires object storage to store its traces. `TempoMonolithic` can store traces in-memory, in a Persistent Volume and in object storage. + Please ensure that an object storage solution is available and configured. + displayName: Community Tempo Operator + icon: + - base64data: PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB3aWR0aD0iMTIxLjg1cHgiIGhlaWdodD0iOTkuMTdweCIgdmlld0JveD0iMCAwIDEyMS44NSA5OS4xNyI+PGRlZnM+PHN0eWxlPi5jbHMtMXtmaWxsOnVybCgjbGluZWFyLWdyYWRpZW50KTt9PC9zdHlsZT48bGluZWFyR3JhZGllbnQgaWQ9ImxpbmVhci1ncmFkaWVudCIgeDE9IjE2OC41NSIgeTE9IjEzLjQiIHgyPSIyNy4yIiB5Mj0iNTciIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj48c3RvcCBvZmZzZXQ9IjAiIHN0b3AtY29sb3I9IiNmZmYxMDAiLz48c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiNmMDVhMjgiLz48L2xpbmVhckdyYWRpZW50PjwvZGVmcz48ZyBpZD0iTGF5ZXJfNiIgZGF0YS1uYW1lPSJMYXllciA2Ij48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik00LjY2LDI1SDIuMzdhMi4zNywyLjM3LDAsMCwwLDAsNC43NEg0LjY2YTIuMzcsMi4zNywwLDEsMCwwLTQuNzRaTTQ4LjQ4LDU5LjU3SDQ2LjE5YTIuMzcsMi4zNywwLDEsMCwwLDQuNzRoMi4yOWEyLjM3LDIuMzcsMCwxLDAsMC00Ljc0Wk00Ni41NiwzN2EyLjM3LDIuMzcsMCwwLDAtMi4zNy0yLjM3SDM2LjI3YTIuMzcsMi4zNywwLDAsMCwwLDQuNzRoNy45MkEyLjM3LDIuMzcsMCwwLDAsNDYuNTYsMzdaTTEyMS43MywyMi4xLDExOS4zMiw4LjU2QTkuODgsOS44OCwwLDAsMCwxMDkuMDcsMEgxNi4yNEE2LjI4LDYuMjgsMCwwLDAsOS45LDcuN2wyLjU0LDE0LjRhMy4zOCwzLjM4LDAsMCwwLC4wOC4zNHYwYy4zLDEuNzYtLjU5LDIuNDctMS4zOSwyLjczaDBhMi4zNywyLjM3LDAsMCwwLC43OSw0LjZIMTE1LjM5QTYuMjgsNi4yOCwwLDAsMCwxMjEuNzMsMjIuMVpNOTAuMTUsNzYuNDJjLTEtNS4yNS00LTcuMi03LjM5LTcuMkg1OC4yNGEyLjM5LDIuMzksMCwwLDAtMi4zNywyLjRBMi4zNywyLjM3LDAsMCwwLDU4LDc0aDBjLjc4LjE0LDEuNjIsMS4xNiwyLjE1LDMuNjhsMi41MiwxNGE5LjU5LDkuNTksMCwwLDAsOS4xOSw3LjU0bDE0LjYzLS4wN2E2LjI4LDYuMjgsMCwwLDAsNi40NC03LjYxWk01Ny43Myw2NC40OEg4NC4zNGEyLjI3LDIuMjcsMCwwLDAsLjU5LS4wOWMyLjQ2LS41MiwyLjU4LTIuNTIsMi4yNi00LjUxTDgzLjgsNDEuMjdjLS45My00Ljg0LTMuNzQtNi43NS03LjQzLTYuNzVINTJhMi4zNywyLjM3LDAsMCwwLS4yOCw0LjcyaDBjLjgxLjE1LDEuNywxLjI0LDIuMjIsNGwyLjU3LDE0LjI0djBBMS45MiwxLjkyLDAsMCwxLDU1LDU5Ljg3aDBhMi4zNiwyLjM2LDAsMCwwLC43OSw0LjU5aDEuOVoiLz48L2c+PC9zdmc+Cg== + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - get + - list + - watch + - apiGroups: + - config.openshift.io + resources: + - dnses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - list + - watch + - apiGroups: + - grafana.integreatly.org + resources: + - grafanadatasources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - prometheusrules + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - operator.openshift.io + resources: + - ingresscontrollers + verbs: + - get + - list + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - tempo.grafana.com + resources: + - tempomonolithics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - tempo.grafana.com + resources: + - tempomonolithics/finalizers + verbs: + - update + - apiGroups: + - tempo.grafana.com + resources: + - tempomonolithics/status + verbs: + - get + - patch + - update + - apiGroups: + - tempo.grafana.com + resources: + - tempostacks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - tempo.grafana.com + resources: + - tempostacks/finalizers + verbs: + - update + - apiGroups: + - tempo.grafana.com + resources: + - tempostacks/status + verbs: + - get + - patch + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: tempo-operator-controller-manager + deployments: + - label: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + control-plane: controller-manager + name: tempo-operator-controller + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + control-plane: controller-manager + spec: + containers: + - args: + - --zap-log-level=info + - start + - --config=controller_manager_config.yaml + env: + - name: RELATED_IMAGE_TEMPO + value: docker.io/grafana/tempo:2.6.1 + - name: RELATED_IMAGE_JAEGER_QUERY + value: docker.io/jaegertracing/jaeger-query:1.62.0 + - name: RELATED_IMAGE_TEMPO_QUERY + value: docker.io/grafana/tempo-query:2.6.1 + - name: RELATED_IMAGE_TEMPO_GATEWAY + value: quay.io/observatorium/api:main-2024-10-16-43b97ec + - name: RELATED_IMAGE_TEMPO_GATEWAY_OPA + value: quay.io/observatorium/opa-openshift:main-2024-10-09-7237863 + - name: RELATED_IMAGE_OAUTH_PROXY + value: quay.io/openshift/origin-oauth-proxy:4.14 + image: ghcr.io/grafana/tempo-operator/tempo-operator:v0.14.0 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - mountPath: /controller_manager_config.yaml + name: manager-config + subPath: controller_manager_config.yaml + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: tempo-operator-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + - configMap: + name: tempo-operator-manager-config + name: manager-config + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: tempo-operator-controller-manager + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - tempo + - tracing + - observability + - monitoring + - database + links: + - name: Tempo Operator + url: https://github.com/grafana/tempo-operator + maintainers: + - email: ruben.vp8510@gmail.com + name: Ruben Vargas + - email: p.loffay@gmail.com + name: Pavol Loffay + - email: bongartz@klimlive.de + name: Benedikt Bongartz + - email: andreas@gerstmayr.me + name: Andreas Gerstmayr + - email: iblancas@redhat.com + name: Israel Blancas Alvarez + maturity: alpha + minKubeVersion: 1.25.0 + provider: + name: Grafana Tempo Operator SIG + relatedImages: + - image: docker.io/grafana/tempo:2.6.1 + name: tempo + - image: docker.io/jaegertracing/jaeger-query:1.62.0 + name: jaeger-query + - image: docker.io/grafana/tempo-query:2.6.1 + name: tempo-query + - image: quay.io/observatorium/api:main-2024-10-16-43b97ec + name: tempo-gateway + - image: quay.io/observatorium/opa-openshift:main-2024-10-09-7237863 + name: tempo-gateway-opa + - image: quay.io/openshift/origin-oauth-proxy:4.14 + name: oauth-proxy + version: 0.14.0 + webhookdefinitions: + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: tempo-operator-controller + failurePolicy: Fail + generateName: mtempostack.tempo.grafana.com + rules: + - apiGroups: + - tempo.grafana.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - tempostacks + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-tempo-grafana-com-v1alpha1-tempostack + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: tempo-operator-controller + failurePolicy: Fail + generateName: vtempomonolithic.kb.io + rules: + - apiGroups: + - tempo.grafana.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - tempomonolithics + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-tempo-grafana-com-v1alpha1-tempomonolithic + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: tempo-operator-controller + failurePolicy: Fail + generateName: vtempostack.tempo.grafana.com + rules: + - apiGroups: + - tempo.grafana.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - tempostacks + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-tempo-grafana-com-v1alpha1-tempostack diff --git a/operators/tempo-operator/0.14.0/manifests/tempo.grafana.com_tempomonolithics.yaml b/operators/tempo-operator/0.14.0/manifests/tempo.grafana.com_tempomonolithics.yaml new file mode 100644 index 00000000000..6d285729c3f --- /dev/null +++ b/operators/tempo-operator/0.14.0/manifests/tempo.grafana.com_tempomonolithics.yaml @@ -0,0 +1,1846 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + labels: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + name: tempomonolithics.tempo.grafana.com +spec: + group: tempo.grafana.com + names: + kind: TempoMonolithic + listKind: TempoMonolithicList + plural: tempomonolithics + singular: tempomonolithic + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Tempo Version + jsonPath: .status.tempoVersion + name: Tempo Version + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: TempoMonolithic manages a Tempo deployment in monolithic mode. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TempoMonolithicSpec defines the desired state of TempoMonolithic. + properties: + affinity: + description: Affinity defines the Affinity rules for scheduling pods. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + extraConfig: + description: ExtraConfig defines any extra (overlay) configuration + of components. + properties: + tempo: + description: Tempo defines any extra Tempo configuration, which + will be merged with the operator's generated Tempo configuration + x-kubernetes-preserve-unknown-fields: true + type: object + ingestion: + description: Ingestion defines the trace ingestion configuration. + properties: + otlp: + description: OTLP defines the ingestion configuration for the + OTLP protocol. + properties: + grpc: + description: GRPC defines the OTLP over gRPC configuration. + properties: + enabled: + default: true + description: |- + Enabled defines if OTLP over gRPC is enabled. + Default: enabled. + type: boolean + tls: + description: |- + TLS defines the TLS configuration for OTLP/gRPC ingestion. + + + On OpenShift when operator config `servingCertsService` and TLS is enabled but no `certName` and `caName` + are provided it will use OpenShift serving certificate service. + properties: + caName: + description: |- + CA is the name of a ConfigMap containing a CA certificate (service-ca.crt). + It needs to be in the same namespace as the Tempo custom resource. + type: string + certName: + description: |- + Cert is the name of a Secret containing a certificate (tls.crt) and private key (tls.key). + It needs to be in the same namespace as the Tempo custom resource. + type: string + enabled: + description: Enabled defines if TLS is enabled. + type: boolean + minVersion: + description: MinVersion defines the minimum acceptable + TLS version. + type: string + type: object + required: + - enabled + type: object + http: + description: HTTP defines the OTLP over HTTP configuration. + properties: + enabled: + default: true + description: |- + Enabled defines if OTLP over HTTP is enabled. + Default: enabled. + type: boolean + tls: + description: |- + TLS defines the TLS configuration for OTLP/HTTP ingestion. + + + On OpenShift when operator config `servingCertsService` and TLS is enabled but no `certName` and `caName` + are provided it will use OpenShift serving certificate service. + properties: + caName: + description: |- + CA is the name of a ConfigMap containing a CA certificate (service-ca.crt). + It needs to be in the same namespace as the Tempo custom resource. + type: string + certName: + description: |- + Cert is the name of a Secret containing a certificate (tls.crt) and private key (tls.key). + It needs to be in the same namespace as the Tempo custom resource. + type: string + enabled: + description: Enabled defines if TLS is enabled. + type: boolean + minVersion: + description: MinVersion defines the minimum acceptable + TLS version. + type: string + type: object + required: + - enabled + type: object + type: object + type: object + jaegerui: + description: JaegerUI defines the Jaeger UI configuration. + properties: + authentication: + description: Authentication defines the options for the oauth + proxy used to protect jaeger UI + properties: + enabled: + description: Defines if the authentication will be enabled + for jaeger UI. + type: boolean + resources: + description: |- + Resources defines the compute resource requirements of the OAuth Proxy container. + The OAuth Proxy performs authentication and authorization of incoming requests to Jaeger UI when multi-tenancy is disabled. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + sar: + description: |- + SAR defines the SAR to be used in the oauth-proxy + default is "{"namespace": "", "resource": "pods", "verb": "get"} + type: string + type: object + enabled: + description: Enabled defines if the Jaeger UI component should + be created. + type: boolean + findTracesConcurrentRequests: + description: |- + FindTracesConcurrentRequests defines how many concurrent request a single trace search can submit (defaults 2). + The search for traces in Jaeger submits limit+1 requests. First requests finds trace IDs and then it fetches + entire traces by ID. This property allows Jaeger to fetch traces in parallel. + Note that by default a single Tempo querier can process 20 concurrent search jobs. + Increasing this property might require scaling up querier instances, especially on error "job queue full" + See also Tempo's extraConfig: + querier.max_concurrent_queries (20 default) + query_frontend.max_outstanding_per_tenant: (2000 default). Increase if the query-frontend returns 429 + type: integer + ingress: + description: Ingress defines the Ingress configuration for the + Jaeger UI. + properties: + annotations: + additionalProperties: + type: string + description: Annotations defines the annotations of the Ingress + object. + type: object + enabled: + description: Enabled defines if an Ingress object should be + created for Jaeger UI. + type: boolean + host: + description: Host defines the hostname of the Ingress object. + type: string + ingressClassName: + description: |- + IngressClassName defines the name of an IngressClass cluster resource. + Defines which ingress controller serves this ingress resource. + type: string + required: + - enabled + type: object + resources: + description: Resources defines the compute resource requirements + of the Jaeger UI container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + route: + description: Route defines the OpenShift route configuration for + the Jaeger UI. + properties: + annotations: + additionalProperties: + type: string + description: Annotations defines the annotations of the Route + object. + type: object + enabled: + description: Enabled defines if a Route object should be created + for Jaeger UI. + type: boolean + host: + description: Host defines the hostname of the Route object. + type: string + termination: + description: Termination specifies the termination type. + enum: + - insecure + - edge + - passthrough + - reencrypt + type: string + required: + - enabled + type: object + servicesQueryDuration: + description: ServicesQueryDuration defines how long the services + will be available in the services list + type: string + required: + - enabled + type: object + management: + description: |- + ManagementState defines whether this instance is managed by the operator or self-managed. + Default: Managed. + enum: + - Managed + - Unmanaged + type: string + multitenancy: + description: Multitenancy defines the multi-tenancy configuration. + properties: + authentication: + description: Authentication defines the tempo-gateway component + authentication configuration spec per tenant. + items: + description: AuthenticationSpec defines the oidc configuration + per tenant for tempo Gateway component. + properties: + oidc: + description: OIDC defines the spec for the OIDC tenant's + authentication. + properties: + groupClaim: + description: Group claim field from ID Token + type: string + issuerURL: + description: IssuerURL defines the URL for issuer. + type: string + redirectURL: + description: RedirectURL defines the URL for redirect. + type: string + secret: + description: Secret defines the spec for the clientID, + clientSecret and issuerCAPath for tenant's authentication. + properties: + name: + description: Name of a secret in the namespace configured + for tenant secrets. + type: string + type: object + usernameClaim: + description: User claim field from ID Token + type: string + type: object + tenantId: + description: |- + TenantID defines a universally unique identifier of the tenant. + Unlike the tenantName, which must be unique at a given time, the tenantId must be unique over the entire lifetime of the Tempo deployment. + Tempo uses this ID to prefix objects in the object storage. + type: string + tenantName: + description: |- + TenantName defines a human readable, unique name of the tenant. + The value of this field must be specified in the X-Scope-OrgID header and in the resources field of a ClusterRole to identify the tenant. + type: string + required: + - tenantId + - tenantName + type: object + type: array + authorization: + description: Authorization defines the tempo-gateway component + authorization configuration spec per tenant. + properties: + roleBindings: + description: RoleBindings defines configuration to bind a + set of roles to a set of subjects. + items: + description: RoleBindingsSpec binds a set of roles to a + set of subjects. + properties: + name: + type: string + roles: + items: + type: string + type: array + subjects: + items: + description: Subject represents a subject that has + been bound to a role. + properties: + kind: + description: SubjectKind is a kind of Tempo Gateway + RBAC subject. + enum: + - user + - group + type: string + name: + type: string + required: + - kind + - name + type: object + type: array + required: + - name + - roles + - subjects + type: object + type: array + roles: + description: Roles defines a set of permissions to interact + with a tenant. + items: + description: RoleSpec describes a set of permissions to + interact with a tenant. + properties: + name: + type: string + permissions: + items: + description: PermissionType is a Tempo Gateway RBAC + permission. + enum: + - read + - write + type: string + type: array + resources: + items: + type: string + type: array + tenants: + items: + type: string + type: array + required: + - name + - permissions + - resources + - tenants + type: object + type: array + type: object + enabled: + description: Enabled defines if multi-tenancy is enabled. + type: boolean + mode: + default: static + description: Mode defines the multitenancy mode. + enum: + - static + - openshift + type: string + resources: + description: |- + Resources defines the compute resource requirements of the gateway container. + The gateway performs authentication and authorization of incoming requests when multi-tenancy is enabled. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - enabled + - mode + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector defines which labels are required by a node + to schedule the pod onto it. + type: object + observability: + description: Observability defines the observability configuration + of the Tempo deployment. + properties: + grafana: + description: Grafana defines the Grafana configuration of the + Tempo deployment. + properties: + dataSource: + description: DataSource defines the Grafana data source configuration. + properties: + enabled: + description: Enabled defines if a Grafana data source + should be created for this Tempo deployment. + type: boolean + instanceSelector: + description: InstanceSelector defines the Grafana instance + where the data source should be created. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - enabled + type: object + type: object + metrics: + description: Metrics defines the metric configuration of the Tempo + deployment. + properties: + prometheusRules: + description: ServiceMonitors defines the PrometheusRule configuration. + properties: + enabled: + description: Enabled defines if PrometheusRule objects + should be created for this Tempo deployment. + type: boolean + required: + - enabled + type: object + serviceMonitors: + description: ServiceMonitors defines the ServiceMonitor configuration. + properties: + enabled: + description: Enabled defines if ServiceMonitor objects + should be created for this Tempo deployment. + type: boolean + required: + - enabled + type: object + type: object + type: object + resources: + description: Resources defines the compute resource requirements of + the Tempo container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + serviceAccount: + description: ServiceAccount defines the Service Account to use for + all Tempo components. + type: string + storage: + description: Storage defines the storage configuration. + properties: + traces: + description: Traces defines the storage configuration for traces. + properties: + azure: + description: Azure defines the configuration for Azure Storage. + properties: + secret: + description: |- + Secret is the name of a Secret containing credentials for accessing object storage. + It needs to be in the same namespace as the TempoMonolithic custom resource. + minLength: 1 + type: string + required: + - secret + type: object + backend: + default: memory + description: |- + Backend defines the backend for storing traces. + Default: memory. + enum: + - memory + - pv + - azure + - gcs + - s3 + type: string + gcs: + description: GCP defines the configuration for Google Cloud + Storage. + properties: + secret: + description: |- + Secret is the name of a Secret containing credentials for accessing object storage. + It needs to be in the same namespace as the TempoMonolithic custom resource. + minLength: 1 + type: string + required: + - secret + type: object + s3: + description: S3 defines the configuration for Amazon S3. + properties: + secret: + description: |- + Secret is the name of a Secret containing credentials for accessing object storage. + It needs to be in the same namespace as the TempoMonolithic custom resource. + minLength: 1 + type: string + tls: + description: TLS defines the TLS configuration for Amazon + S3. + properties: + caName: + description: |- + CA is the name of a ConfigMap containing a CA certificate (service-ca.crt). + It needs to be in the same namespace as the Tempo custom resource. + type: string + certName: + description: |- + Cert is the name of a Secret containing a certificate (tls.crt) and private key (tls.key). + It needs to be in the same namespace as the Tempo custom resource. + type: string + enabled: + description: Enabled defines if TLS is enabled. + type: boolean + minVersion: + description: MinVersion defines the minimum acceptable + TLS version. + type: string + type: object + required: + - secret + type: object + size: + anyOf: + - type: integer + - type: string + description: |- + Size defines the size of the volume where traces are stored. + For in-memory storage, this defines the size of the tmpfs volume. + For persistent volume storage, this defines the size of the persistent volume. + For object storage, this defines the size of the persistent volume containing the Write-Ahead Log (WAL) of Tempo. + Default: 2Gi for memory, 10Gi for all other backends. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - backend + type: object + required: + - traces + type: object + timeout: + description: |- + Timeout configures the same timeout on all components starting at ingress down to the ingestor/querier. + Timeout configuration on a specific component has a higher precedence. + Default is 30 seconds. + type: string + tolerations: + description: Tolerations defines the tolerations of a node to schedule + the pod onto it. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + status: + description: TempoMonolithicStatus defines the observed state of TempoMonolithic. + properties: + components: + description: Components provides summary of all Tempo pod status, + grouped per component. + properties: + tempo: + additionalProperties: + items: + type: string + type: array + description: Tempo is a map of the pod status of the Tempo pods. + type: object + type: object + conditions: + description: Conditions of the Tempo deployment health. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + operatorVersion: + description: Version of the Tempo Operator. + type: string + tempoVersion: + description: Version of the managed Tempo instance. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/tempo-operator/0.14.0/manifests/tempo.grafana.com_tempostacks.yaml b/operators/tempo-operator/0.14.0/manifests/tempo.grafana.com_tempostacks.yaml new file mode 100644 index 00000000000..68eb5046faa --- /dev/null +++ b/operators/tempo-operator/0.14.0/manifests/tempo.grafana.com_tempostacks.yaml @@ -0,0 +1,2903 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + labels: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: tempo-operator + app.kubernetes.io/part-of: tempo-operator + name: tempostacks.tempo.grafana.com +spec: + group: tempo.grafana.com + names: + kind: TempoStack + listKind: TempoStackList + plural: tempostacks + shortNames: + - tempo + - tempos + singular: tempostack + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Tempo Version + jsonPath: .status.tempoVersion + name: Tempo Version + type: string + - description: Management State + jsonPath: .spec.managementState + name: Management + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: TempoStack manages a Tempo deployment in microservices mode. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TempoStackSpec defines the desired state of TempoStack. + properties: + extraConfig: + description: |- + ExtraConfigSpec defines extra configurations for tempo that will be merged with the operator generated, configurations defined here + has precedence and could override generated config. + properties: + tempo: + description: Tempo defines any extra Tempo configuration, which + will be merged with the operator's generated Tempo configuration + x-kubernetes-preserve-unknown-fields: true + type: object + hashRing: + description: HashRing defines the spec for the distributed hash ring + configuration. + properties: + memberlist: + description: MemberList configuration spec + properties: + enableIPv6: + description: EnableIPv6 enables IPv6 support for the memberlist + based hash ring. + type: boolean + instanceAddrType: + description: |- + InstanceAddrType defines the type of address to use to advertise to the ring. + Defaults to the first address from any private network interfaces of the current pod. + Alternatively the public pod IP can be used in case private networks (RFC 1918 and RFC 6598) + are not available. + enum: + - default + - podIP + type: string + type: object + type: object + images: + description: Images defines the image for each container. + properties: + jaegerQuery: + description: JaegerQuery defines the tempo-query container image. + type: string + oauthProxy: + description: OauthProxy defines the oauth proxy image used to + protect the jaegerUI on single tenant. + type: string + tempo: + description: Tempo defines the tempo container image. + type: string + tempoGateway: + description: TempoGateway defines the tempo-gateway container + image. + type: string + tempoGatewayOpa: + description: TempoGatewayOpa defines the OPA sidecar container + for TempoGateway. + type: string + tempoQuery: + description: TempoQuery defines the tempo-query container image. + type: string + type: object + limits: + description: LimitSpec is used to limit ingestion and querying rates. + properties: + global: + description: Global is used to define global rate limits. + properties: + ingestion: + description: Ingestion is used to define ingestion rate limits. + properties: + ingestionBurstSizeBytes: + description: IngestionBurstSizeBytes defines the burst + size (bytes) used in ingestion. + type: integer + ingestionRateLimitBytes: + description: IngestionRateLimitBytes defines the Per-user + ingestion rate limit (bytes) used in ingestion. + type: integer + maxBytesPerTrace: + description: MaxBytesPerTrace defines the maximum number + of bytes of an acceptable trace. + type: integer + maxTracesPerUser: + description: MaxTracesPerUser defines the maximum number + of traces a user can send. + type: integer + type: object + query: + description: Query is used to define query rate limits. + properties: + maxBytesPerTagValues: + description: MaxBytesPerTagValues defines the maximum + size in bytes of a tag-values query. + type: integer + maxSearchBytesPerTrace: + description: |- + DEPRECATED. MaxSearchBytesPerTrace defines the maximum size of search data for a single + trace in bytes. + default: `0` to disable. + type: integer + maxSearchDuration: + description: |- + MaxSearchDuration defines the maximum allowed time range for a search. + If this value is not set, then spec.search.maxDuration is used. + type: string + type: object + type: object + perTenant: + additionalProperties: + description: RateLimitSpec defines rate limits for Ingestion + and Query components. + properties: + ingestion: + description: Ingestion is used to define ingestion rate + limits. + properties: + ingestionBurstSizeBytes: + description: IngestionBurstSizeBytes defines the burst + size (bytes) used in ingestion. + type: integer + ingestionRateLimitBytes: + description: IngestionRateLimitBytes defines the Per-user + ingestion rate limit (bytes) used in ingestion. + type: integer + maxBytesPerTrace: + description: MaxBytesPerTrace defines the maximum number + of bytes of an acceptable trace. + type: integer + maxTracesPerUser: + description: MaxTracesPerUser defines the maximum number + of traces a user can send. + type: integer + type: object + query: + description: Query is used to define query rate limits. + properties: + maxBytesPerTagValues: + description: MaxBytesPerTagValues defines the maximum + size in bytes of a tag-values query. + type: integer + maxSearchBytesPerTrace: + description: |- + DEPRECATED. MaxSearchBytesPerTrace defines the maximum size of search data for a single + trace in bytes. + default: `0` to disable. + type: integer + maxSearchDuration: + description: |- + MaxSearchDuration defines the maximum allowed time range for a search. + If this value is not set, then spec.search.maxDuration is used. + type: string + type: object + type: object + description: PerTenant is used to define rate limits per tenant. + type: object + type: object + managementState: + default: Managed + description: |- + ManagementState defines if the CR should be managed by the operator or not. + Default is managed. + enum: + - Managed + - Unmanaged + type: string + observability: + description: ObservabilitySpec defines how telemetry data gets handled. + properties: + grafana: + description: Grafana defines the Grafana configuration for operands. + properties: + createDatasource: + description: CreateDatasource specifies if a Grafana Datasource + should be created for Tempo. + type: boolean + instanceSelector: + description: InstanceSelector specifies the Grafana instance + where the datasource should be created. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + metrics: + description: Metrics defines the metrics configuration for operands. + properties: + createPrometheusRules: + description: CreatePrometheusRules specifies if Prometheus + rules for alerts should be created for Tempo components. + type: boolean + createServiceMonitors: + description: CreateServiceMonitors specifies if ServiceMonitors + should be created for Tempo components. + type: boolean + type: object + tracing: + description: Tracing defines a config for operands. + properties: + jaeger_agent_endpoint: + default: localhost:6831 + description: JaegerAgentEndpoint defines the jaeger endpoint + data gets send to. + type: string + sampling_fraction: + description: SamplingFraction defines the sampling ratio. + Valid values are 0 to 1. + type: string + type: object + type: object + replicationFactor: + description: The replication factor is a configuration setting that + determines how many ingesters need to acknowledge the data from + the distributors before accepting a span. + type: integer + resources: + description: Resources defines resources configuration. + properties: + total: + description: |- + The total amount of resources for Tempo instance. + The operator autonomously splits resources between deployed Tempo components. + Only limits are supported, the operator calculates requests automatically. + See http://github.com/grafana/tempo/issues/1540. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + retention: + description: |- + Retention period defined by dataset. + User can specify how long data should be stored. + properties: + global: + description: Global is used to configure global retention. + properties: + traces: + description: |- + Traces defines retention period. Supported parameter suffixes are "s", "m" and "h". + example: 336h + default: value is 48h. + type: string + type: object + perTenant: + additionalProperties: + description: RetentionConfig defines how long data should be + provided. + properties: + traces: + description: |- + Traces defines retention period. Supported parameter suffixes are "s", "m" and "h". + example: 336h + default: value is 48h. + type: string + type: object + description: PerTenant is used to configure retention per tenant. + type: object + type: object + search: + description: SearchSpec control the configuration for the search capabilities. + properties: + defaultResultLimit: + description: 'Limit used for search requests if none is set by + the caller (default: 20)' + type: integer + maxDuration: + description: 'The maximum allowed time range for a search, default: + 0s which means unlimited.' + type: string + maxResultLimit: + description: |- + The maximum allowed value of the limit parameter on search requests. If the search request limit parameter + exceeds the value configured here it will be set to the value configured here. + The default value of 0 disables this limit. + type: integer + type: object + serviceAccount: + description: ServiceAccount defines the service account to use for + all tempo components. + type: string + storage: + description: |- + Storage defines the spec for the object storage endpoint to store traces. + User is required to create secret and supply it. + properties: + secret: + description: |- + Secret for object storage authentication. + Name of a secret in the same namespace as the TempoStack custom resource. + properties: + name: + description: Name of a secret in the namespace configured + for object storage secrets. + minLength: 1 + type: string + type: + description: Type of object storage that should be used + enum: + - azure + - gcs + - s3 + type: string + required: + - name + - type + type: object + tls: + description: TLS configuration for reaching the object storage + endpoint. + properties: + caName: + description: |- + CA is the name of a ConfigMap containing a CA certificate (service-ca.crt). + It needs to be in the same namespace as the Tempo custom resource. + type: string + certName: + description: |- + Cert is the name of a Secret containing a certificate (tls.crt) and private key (tls.key). + It needs to be in the same namespace as the Tempo custom resource. + type: string + enabled: + description: Enabled defines if TLS is enabled. + type: boolean + minVersion: + description: MinVersion defines the minimum acceptable TLS + version. + type: string + type: object + required: + - secret + type: object + storageClassName: + description: StorageClassName for PVCs used by ingester. Defaults + to nil (default storage class in the cluster). + type: string + storageSize: + anyOf: + - type: integer + - type: string + default: 10Gi + description: StorageSize for PVCs used by ingester. Defaults to 10Gi. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + template: + description: Template defines requirements for a set of tempo components. + properties: + compactor: + description: Compactor defines the tempo compactor component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: NodeSelector defines the simple form of the node-selection + constraint. + type: object + podSecurityContext: + description: PodSecurityContext defines security context will + be applied to all pods of this component. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be + set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + replicas: + description: Replicas defines the number of replicas to be + created for this component. + format: int32 + type: integer + resources: + description: Resources defines resources for this component, + this will override the calculated resources derived from + total + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tolerations: + description: Tolerations defines component-specific pod tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + distributor: + description: Distributor defines the distributor component spec. + properties: + component: + description: |- + TempoComponentSpec is embedded to extend this definition with further options. + + + Currently, there is no way to inline this field. + See: https://github.com/golang/go/issues/6213 + properties: + nodeSelector: + additionalProperties: + type: string + description: NodeSelector defines the simple form of the + node-selection constraint. + type: object + podSecurityContext: + description: PodSecurityContext defines security context + will be applied to all pods of this component. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to + be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + replicas: + description: Replicas defines the number of replicas to + be created for this component. + format: int32 + type: integer + resources: + description: Resources defines resources for this component, + this will override the calculated resources derived + from total + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tolerations: + description: Tolerations defines component-specific pod + tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + tls: + description: |- + TLS defines TLS configuration for distributor receivers + + + If openshift feature flag `servingCertsService` is enabled and TLS is enabled but no + certName or caName is specified, OpenShift service serving certificates will be used. + properties: + caName: + description: |- + CA is the name of a ConfigMap containing a CA certificate (service-ca.crt). + It needs to be in the same namespace as the Tempo custom resource. + type: string + certName: + description: |- + Cert is the name of a Secret containing a certificate (tls.crt) and private key (tls.key). + It needs to be in the same namespace as the Tempo custom resource. + type: string + enabled: + description: Enabled defines if TLS is enabled. + type: boolean + minVersion: + description: MinVersion defines the minimum acceptable + TLS version. + type: string + type: object + type: object + gateway: + description: Gateway defines the tempo gateway spec. + properties: + component: + description: |- + TempoComponentSpec is embedded to extend this definition with further options. + + + Currently there is no way to inline this field. + See: https://github.com/golang/go/issues/6213 + properties: + nodeSelector: + additionalProperties: + type: string + description: NodeSelector defines the simple form of the + node-selection constraint. + type: object + podSecurityContext: + description: PodSecurityContext defines security context + will be applied to all pods of this component. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to + be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + replicas: + description: Replicas defines the number of replicas to + be created for this component. + format: int32 + type: integer + resources: + description: Resources defines resources for this component, + this will override the calculated resources derived + from total + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tolerations: + description: Tolerations defines component-specific pod + tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + enabled: + type: boolean + ingress: + description: Ingress defines gateway Ingress options. + properties: + annotations: + additionalProperties: + type: string + description: Annotations defines the annotations of the + Ingress object. + type: object + host: + description: Host defines the hostname of the Ingress + object. + type: string + ingressClassName: + description: |- + IngressClassName defines the name of an IngressClass cluster resource. + Defines which ingress controller serves this ingress resource. + type: string + route: + description: Route defines the options for the OpenShift + route. + properties: + termination: + description: |- + Termination defines the termination type. + The default is "edge". + enum: + - insecure + - edge + - passthrough + - reencrypt + type: string + type: object + type: + description: |- + Type defines the type of Ingress for the Jaeger Query UI. + Currently ingress, route and none are supported. + enum: + - ingress + - route + - "" + type: string + type: object + required: + - enabled + type: object + ingester: + description: Ingester defines the ingester component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: NodeSelector defines the simple form of the node-selection + constraint. + type: object + podSecurityContext: + description: PodSecurityContext defines security context will + be applied to all pods of this component. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be + set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + replicas: + description: Replicas defines the number of replicas to be + created for this component. + format: int32 + type: integer + resources: + description: Resources defines resources for this component, + this will override the calculated resources derived from + total + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tolerations: + description: Tolerations defines component-specific pod tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + querier: + description: Querier defines the querier component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: NodeSelector defines the simple form of the node-selection + constraint. + type: object + podSecurityContext: + description: PodSecurityContext defines security context will + be applied to all pods of this component. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be + set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + replicas: + description: Replicas defines the number of replicas to be + created for this component. + format: int32 + type: integer + resources: + description: Resources defines resources for this component, + this will override the calculated resources derived from + total + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tolerations: + description: Tolerations defines component-specific pod tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + queryFrontend: + description: TempoQueryFrontendSpec defines the query frontend + spec. + properties: + component: + description: |- + TempoComponentSpec is embedded to extend this definition with further options. + + + Currently there is no way to inline this field. + See: https://github.com/golang/go/issues/6213 + properties: + nodeSelector: + additionalProperties: + type: string + description: NodeSelector defines the simple form of the + node-selection constraint. + type: object + podSecurityContext: + description: PodSecurityContext defines security context + will be applied to all pods of this component. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to + be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + replicas: + description: Replicas defines the number of replicas to + be created for this component. + format: int32 + type: integer + resources: + description: Resources defines resources for this component, + this will override the calculated resources derived + from total + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tolerations: + description: Tolerations defines component-specific pod + tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + jaegerQuery: + description: JaegerQuery defines options specific to the Jaeger + Query component. + properties: + authentication: + description: Authentication defines the options for the + oauth proxy used to protect jaeger UI + properties: + enabled: + description: Defines if the authentication will be + enabled for jaeger UI. + type: boolean + resources: + description: |- + Resources defines the compute resource requirements of the OAuth Proxy container. + The OAuth Proxy performs authentication and authorization of incoming requests to Jaeger UI when multi-tenancy is disabled. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + sar: + description: |- + SAR defines the SAR to be used in the oauth-proxy + default is "{"namespace": "", "resource": "pods", "verb": "get"} + type: string + type: object + enabled: + description: Enabled defines if the Jaeger Query component + should be created. + type: boolean + findTracesConcurrentRequests: + description: |- + FindTracesConcurrentRequests defines how many concurrent request a single trace search can submit (defaults querier.replicas*2). + The search for traces in Jaeger submits limit+1 requests. First requests finds trace IDs and then it fetches + entire traces by ID. This property allows Jaeger to fetch traces in parallel. + Note that by default a single Tempo querier can process 20 concurrent search jobs. + Increasing this property might require scaling up querier instances, especially on error "job queue full" + See also Tempo's extraConfig: + querier.max_concurrent_queries (20 default) + query_frontend.max_outstanding_per_tenant: (2000 default). Increase if the query-frontend returns 429 + type: integer + ingress: + description: Ingress defines the options for the Jaeger + Query ingress. + properties: + annotations: + additionalProperties: + type: string + description: Annotations defines the annotations of + the Ingress object. + type: object + host: + description: Host defines the hostname of the Ingress + object. + type: string + ingressClassName: + description: |- + IngressClassName defines the name of an IngressClass cluster resource. + Defines which ingress controller serves this ingress resource. + type: string + route: + description: Route defines the options for the OpenShift + route. + properties: + termination: + description: |- + Termination defines the termination type. + The default is "edge". + enum: + - insecure + - edge + - passthrough + - reencrypt + type: string + type: object + type: + description: |- + Type defines the type of Ingress for the Jaeger Query UI. + Currently ingress, route and none are supported. + enum: + - ingress + - route + - "" + type: string + type: object + monitorTab: + description: MonitorTab defines the monitor tab configuration. + properties: + enabled: + description: |- + Enabled enables the monitor tab in the Jaeger console. + The PrometheusEndpoint must be configured to enable this feature. + type: boolean + prometheusEndpoint: + description: |- + PrometheusEndpoint defines the endpoint to the Prometheus instance that contains the span rate, error, and duration (RED) metrics. + For instance on OpenShift this is set to https://thanos-querier.openshift-monitoring.svc.cluster.local:9091 + type: string + redMetricsNamespace: + default: traces.span.metrics + description: |- + REDMetricsNamespace defines the a prefix used retrieve span rate, error, and duration (RED) metrics. + By default it is set to `traces.span.metrics` following the default namespace of the OpenTelemetry Collector since Version 0.109.0. + type: string + type: object + resources: + description: Resources defines resources for this component, + this will override the calculated resources derived + from total + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + servicesQueryDuration: + description: ServicesQueryDuration defines how long the + services will be available in the services list + type: string + tempoQuery: + description: TempoQuery defines options specific to the + Tempoo Query component. + properties: + resources: + description: Resources defines resources for this + component, this will override the calculated resources + derived from total + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + type: object + type: object + type: object + tenants: + description: Tenants defines the per-tenant authentication and authorization + spec. + properties: + authentication: + description: Authentication defines the tempo-gateway component + authentication configuration spec per tenant. + items: + description: AuthenticationSpec defines the oidc configuration + per tenant for tempo Gateway component. + properties: + oidc: + description: OIDC defines the spec for the OIDC tenant's + authentication. + properties: + groupClaim: + description: Group claim field from ID Token + type: string + issuerURL: + description: IssuerURL defines the URL for issuer. + type: string + redirectURL: + description: RedirectURL defines the URL for redirect. + type: string + secret: + description: Secret defines the spec for the clientID, + clientSecret and issuerCAPath for tenant's authentication. + properties: + name: + description: Name of a secret in the namespace configured + for tenant secrets. + type: string + type: object + usernameClaim: + description: User claim field from ID Token + type: string + type: object + tenantId: + description: |- + TenantID defines a universally unique identifier of the tenant. + Unlike the tenantName, which must be unique at a given time, the tenantId must be unique over the entire lifetime of the Tempo deployment. + Tempo uses this ID to prefix objects in the object storage. + type: string + tenantName: + description: |- + TenantName defines a human readable, unique name of the tenant. + The value of this field must be specified in the X-Scope-OrgID header and in the resources field of a ClusterRole to identify the tenant. + type: string + required: + - tenantId + - tenantName + type: object + type: array + authorization: + description: Authorization defines the tempo-gateway component + authorization configuration spec per tenant. + properties: + roleBindings: + description: RoleBindings defines configuration to bind a + set of roles to a set of subjects. + items: + description: RoleBindingsSpec binds a set of roles to a + set of subjects. + properties: + name: + type: string + roles: + items: + type: string + type: array + subjects: + items: + description: Subject represents a subject that has + been bound to a role. + properties: + kind: + description: SubjectKind is a kind of Tempo Gateway + RBAC subject. + enum: + - user + - group + type: string + name: + type: string + required: + - kind + - name + type: object + type: array + required: + - name + - roles + - subjects + type: object + type: array + roles: + description: Roles defines a set of permissions to interact + with a tenant. + items: + description: RoleSpec describes a set of permissions to + interact with a tenant. + properties: + name: + type: string + permissions: + items: + description: PermissionType is a Tempo Gateway RBAC + permission. + enum: + - read + - write + type: string + type: array + resources: + items: + type: string + type: array + tenants: + items: + type: string + type: array + required: + - name + - permissions + - resources + - tenants + type: object + type: array + type: object + mode: + default: static + description: Mode defines the multitenancy mode. + enum: + - static + - openshift + type: string + required: + - mode + type: object + timeout: + description: |- + Timeout configures the same timeout on all components starting at ingress down to the ingestor/querier. + Timeout configuration on a specific component has a higher precedence. + Defaults to 30 seconds. + type: string + required: + - storage + type: object + status: + description: TempoStackStatus defines the observed state of TempoStack. + properties: + components: + description: |- + Components provides summary of all Tempo pod status grouped + per component. + properties: + compactor: + additionalProperties: + items: + type: string + type: array + description: Compactor is a map to the pod status of the compactor + pod. + type: object + distributor: + additionalProperties: + items: + type: string + type: array + description: Distributor is a map to the per pod status of the + distributor deployment + type: object + gateway: + additionalProperties: + items: + type: string + type: array + description: Gateway is a map to the per pod status of the query + frontend deployment + type: object + ingester: + additionalProperties: + items: + type: string + type: array + description: Ingester is a map to the per pod status of the ingester + statefulset + type: object + querier: + additionalProperties: + items: + type: string + type: array + description: Querier is a map to the per pod status of the querier + deployment + type: object + queryFrontend: + additionalProperties: + items: + type: string + type: array + description: QueryFrontend is a map to the per pod status of the + query frontend deployment + type: object + type: object + conditions: + description: Conditions of the Tempo deployment health. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + operatorVersion: + description: Version of the Tempo Operator. + type: string + tempoQueryVersion: + description: DEPRECATED. Version of the Tempo Query component used. + type: string + tempoVersion: + description: Version of the managed Tempo instance. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/tempo-operator/0.14.0/metadata/annotations.yaml b/operators/tempo-operator/0.14.0/metadata/annotations.yaml new file mode 100644 index 00000000000..6ee5fdc49e9 --- /dev/null +++ b/operators/tempo-operator/0.14.0/metadata/annotations.yaml @@ -0,0 +1,16 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: tempo-operator + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.32.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + + com.redhat.openshift.versions: v4.12 diff --git a/operators/tempo-operator/0.14.0/tests/scorecard/config.yaml b/operators/tempo-operator/0.14.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..024997b692f --- /dev/null +++ b/operators/tempo-operator/0.14.0/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}