Uploaded image for project: 'Distributed Tracing'
  1. Distributed Tracing
  2. TRACING-3091

Tempo operator with TLS does not work on OpenShift

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done-Errata
    • Undefined
    • rhosdt-2.9
    • None
    • Tempo
    • None
    • Tracing Sprint # 236, Tracing Sprint # 237, Tracing Sprint # 238, Tracing Sprint # 239

    Description

      The tempo operator configured for openshift fails to start 

       

      Operator config:

      apiVersion: v1
data:
  controller_manager_config.yaml: |
    apiVersion: config.tempo.grafana.com/v1alpha1
    kind: ProjectConfig
    health:
      healthProbeBindAddress: :8081
    metrics:
      bindAddress: 127.0.0.1:8080
    webhook:
      port: 9443
    leaderElection:
      leaderElect: true
      resourceName: 8b886b0f.grafana.com
    # leaderElectionReleaseOnCancel defines if the leader should step down volume
    # when the Manager ends. This requires the binary to immediately end when the
    # Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
    # speeds up voluntary leader transitions as the new leader don't have to wait
    # LeaseDuration time first.
    # In the default scaffold provided, the program ends immediately after
    # the manager stops, so would be fine to enable this option. However,
    # if you are doing or is intended to do any operation such as perform cleanups
    # after the manager stops then its usage might be unsafe.
    # leaderElectionReleaseOnCancel: true
    images:
      tempo: docker.io/grafana/tempo:2.0.1
      tempoQuery: docker.io/grafana/tempo-query:main-1b50ad3
      tempoGateway: quay.io/observatorium/api:main-2023-02-09-v0.1.2-329-g1ff4f11
      tempoGatewayOpa: quay.io/observatorium/opa-openshift:main-2023-03-13-fd7b736
    featureGates:
      openshift:
        openshiftRoute: true
        gatewayRoute: true
        servingCertsService: true
      httpEncryption: true
      grpcEncryption: true
      tlsProfile: Modern
      builtInCertManagement:
        enabled: true
        # CA certificate validity: 5 years
        caValidity: 43830h
        # CA certificate refresh at 80% of validity
        caRefresh: 35064h
        # Target certificate validity: 90d
        certValidity: 2160h
        # Target certificate refresh at 80% of validity
        certRefresh: 1728h
kind: ConfigMap
metadata:
  name: tempo-operator-manager-config

      Error in all tempo components:

      failed parsing config: failed to parse configFile /conf/tempo.yaml: yaml: unmarshal errors:
  line 52: field internal_server not found in type app.Config

      The operand should start successfully and the jaeger-ui should be accessible e.g.   https://tempo-simplest-gateway-observability.apps-crc.testing/api/traces/v1/dev/search 

      Attachments

        Issue Links

          blocks

          Task - Represents a small unit of work that is not end-user facing. TRACING-3152 Verify that ServiceMonitors are working when TLS is enabled for all components

          • Undefined - Priority not specified.
          • Closed
          is blocked by

          Task - Represents a small unit of work that is not end-user facing. TRACING-3141 Upgrade tempo to v2.1.1

          • Undefined - Priority not specified.
          • Closed
          links to

          Web Link RHSA-2023:117866 Red Hat OpenShift distributed tracing 2.9.0 operator/operand containers

          Activity

            People

              rvargasp@redhat.com Ruben Vargas Palma
              ploffay@redhat.com Pavol Loffay
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: