[Feature]: The rest of multi-tenancy

[esnible]

Requirement

Multi tenancy

Problem

This issue discusses state of multi tenancy and the remaining work to complete multitenancy.

With the work that has been done I can run Jaeger using memory storage behind a reverse proxy that adds a tenant header and Jaeger functions correctly as a multitenant system.

The work that has merged:

• https://github.com/jaegertracing/jaeger/pull/3827 Tenancy for memory storage

• https://github.com/jaegertracing/jaeger/pull/3791 Tenancy for queries

• https://github.com/jaegertracing/jaeger/pull/3787 Ignore self-reported spans w/o tenant info

• https://github.com/jaegertracing/jaeger/pull/3718 Refactor tenancy checking from gRPC to gRPC batch consumer

• https://github.com/jaegertracing/jaeger/pull/3688 Allow Jaeger's GRPC handler to flow the tenant from an HTTP header

• The main piece of outstanding work is multitenant support for at least one persistent storage. Ideally all of the popular storages will support tenancy.

  • https://github.com/jaegertracing/jaeger/issues/3427 Tenant Aware Storage
  • (no work item) Factory.getFactoryOfType() should know if Jaeger is configured multi-tenant, and fail if the storage does not support tenancy.

• Jaeger should report self-spans with tenancy

  • I created two failed PRs with the invalid idea of Jaeger's self spans forwarding the current tenant. I now believe that approach is invalid (see https://github.com/jaegertracing/jaeger/pull/3750 and https://github.com/jaegertracing/jaeger/pull/3742 )
  • Jaeger should take an environment variable or command line parameter for the tenant to report for self-spans. The gRPC span reporter should use that.

• Integration test for tenancy, each storage claiming to be multitenant must pass

  • no work item

• Per-tenant metrics reporting.

  • (no work item) Add the tenant as a dimension to metrics reporting.

• The UI doesn't support tenancy unless there is a proxy adding it between the UI and Jaeger.

  • Adding security to the UI introduces to much. Instead document a security UI solution such as using https://github.com/observatorium/api/ as a reverse requiring OIDC and supplying tenant

• More protocols. The tenant arrives via a gRPC or HTTP header. We should document this; and decide if it is possible and worthwhile to supply the tenant with other protocols.

See also the closed issue https://github.com/jaegertracing/jaeger/issues/819 Umbrella Issue.

Proposal

No response

Open questions

No response

[flodetan]

watching on this

[BlueBlue-Lee]

Is there any progress for this feature?