Currently when defining the object storage for a TempoStack resource, only mode of authentication that is supported is a combination of bucket name & service account key.
Being able to use Workload Identity Federation (in GKE, not sure what this is in AWS/Azure) for authentication, would make life easier and safer as it would remove the need to manage a specific service account key.
Deploying Tempo with Helm charts supports this feature.
Currently when defining the object storage for a TempoStack resource, only mode of authentication that is supported is a combination of bucket name & service account key.
Being able to use Workload Identity Federation (in GKE, not sure what this is in AWS/Azure) for authentication, would make life easier and safer as it would remove the need to manage a specific service account key.
Deploying Tempo with Helm charts supports this feature.