search

grafana / tempo-operator

Grafana Tempo Kubernetes operator
https://grafana.com/docs/tempo/latest/setup/operator/
GNU Affero General Public License v3.0
61 stars 30 forks source link

Add OTLP HTTP to gateway #948

Closed pavolloffay closed 5 months ago

pavolloffay commented 5 months ago

Notable changes

codecov-commenter commented 5 months ago

Codecov Report

Attention: Patch coverage is 89.47368% with 2 lines in your changes are missing coverage. Please review.

Project coverage is 76.51%. Comparing base (26b93e5) to head (7fed685). Report is 1 commits behind head on main.

Files Patch % Lines
internal/manifests/monolithic/configmap.go 0.00% 1 Missing and 1 partial :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #948 +/- ## ========================================== - Coverage 76.55% 76.51% -0.05% ========================================== Files 94 94 Lines 6074 6071 -3 ========================================== - Hits 4650 4645 -5 - Misses 1152 1153 +1 - Partials 272 273 +1 ``` | [Flag](https://app.codecov.io/gh/grafana/tempo-operator/pull/948/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=grafana) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/grafana/tempo-operator/pull/948/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=grafana) | `76.51% <89.47%> (-0.05%)` | :arrow_down: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=grafana#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

pavolloffay commented 5 months ago

My test manifests

kubectl apply -f - <<EOF
apiVersion: tempo.grafana.com/v1alpha1
kind: TempoMonolithic
metadata:
  name: sample
spec:
  multitenancy:
    enabled: true
    mode: openshift 
    authentication: 
      - tenantName: dev 
        tenantId: "1610b0c3-c509-4592-a256-a1871353dbfa" 
      - tenantName: prod
        tenantId: "1610b0c3-c509-4592-a256-a1871353dbfb"
  storage:
    traces:
      backend: memory
  resources:
    limits:
      cpu: "500m"
      memory: "2Gi"
  jaegerui:
    enabled: true
    route:
      enabled: true
    resources:
      limits:
        cpu: "500m"
        memory: "1Gi"
EOF

kubectl apply -f - <<EOF
apiVersion: tempo.grafana.com/v1alpha1
kind:  TempoStack
metadata:
  name: simplest
spec:
  managementState: Managed
  storage:
    secret:
      name: minio-test
      type: s3
  storageSize: 1Gi
  resources:
    total:
      limits:
        memory: 2Gi
        cpu: 2000m
  tenants:
    mode: openshift 
    authentication: 
      - tenantName: dev 
        tenantId: "1610b0c3-c509-4592-a256-a1871353dbfa" 
      - tenantName: prod
        tenantId: "1610b0c3-c509-4592-a256-a1871353dbfb"
  template:
    gateway:
      enabled: true 
    queryFrontend:
      jaegerQuery:
        enabled: true
EOF

kubectl apply -f - <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: tempostack-traces-reader
rules:
  - apiGroups:
      - 'tempo.grafana.com'
    resources: 
      - dev
      - prod
    resourceNames:
      - traces
    verbs:
      - 'get' 
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: tempostack-traces-reader
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: tempostack-traces-reader
subjects:
  - kind: Group
    apiGroup: rbac.authorization.k8s.io
    name: system:authenticated
EOF

kubectl apply -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: otel-collector 
  namespace: ploffay
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: tempostack-traces-write
rules:
  - apiGroups:
      - 'tempo.grafana.com'
    resources: 
      - dev
    resourceNames:
      - traces
    verbs:
      - 'create' 
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: tempostack-traces
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: tempostack-traces-write
subjects:
  - kind: ServiceAccount
    name: otel-collector
    namespace: ploffay
EOF

kubectl apply -f - <<EOF
apiVersion: opentelemetry.io/v1alpha1
kind: OpenTelemetryCollector
metadata:
  name: cluster-collector
  namespace: ploffay
spec:
  image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.101.0
  mode: deployment
  serviceAccount: otel-collector
  config: |
      extensions:
        bearertokenauth:
          filename: "/var/run/secrets/kubernetes.io/serviceaccount/token"
      receivers:
        otlp:
          protocols:
            http: {}
            grpc: {}
      processors:
        batch: {}
      exporters:
        debug: {}
        otlp/dev:
          endpoint: tempo-simplest-gateway.ploffay.svc.cluster.local:8090
          tls:
            insecure: false
            ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
          auth:
            authenticator: bearertokenauth
          headers:
            X-Scope-OrgID: "dev"
        otlphttp/dev:
          endpoint: https://tempo-sample-gateway.ploffay.svc.cluster.local:8080/api/traces/v1/dev
          tls:
            insecure: false
            ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
          auth:
            authenticator: bearertokenauth
          headers:
            X-Scope-OrgID: "dev"
      service:
        extensions: [bearertokenauth]
        pipelines:
          traces:
            receivers: [otlp]
            processors: [batch]
            exporters: [debug,otlphttp/dev]
EOF
IshwarKanse commented 5 months ago

@pavolloffay We need to update the tests/e2e/gateway tests/e2e-openshift/multitenancy/ cases for the change.

--- a/tests/e2e-openshift/multitenancy/01-assert.yaml
+++ b/tests/e2e-openshift/multitenancy/01-assert.yaml
@@ -155,6 +155,7 @@ spec:
         - --web.listen=0.0.0.0:8080
         - --web.internal.listen=0.0.0.0:8081
         - --traces.write.otlpgrpc.endpoint=tempo-simplest-distributor.chainsaw-multitenancy.svc.cluster.local:4317
+        - --traces.write.otlphttp.endpoint=https://tempo-simplest-distributor.chainsaw-multitenancy.svc.cluster.local:4318

I tested the PR and the changes LGTM, I'm working on adding some additional steps to the tests and will submit the PR after this gets merged.