-
Bug
-
Resolution: Done-Errata
-
Critical
-
None
-
None
-
1
-
False
-
None
-
False
-
-
-
Tracing Sprint # 256
-
Important
Description of problem:
The spec.storage.tls.caName field in the TempoStack CRD directly reflects the ConfigMap name in the Pod, so ConfigMaps with names containing dots cannot be specified. In TempoOperator versions prior to 0.7.0 the name was fixed as "storage-ca", so this issue did not occur. https://github.com/grafana/tempo-operator/blob/v0.7.0/internal/manifests/manifestutils/storage.go#L14
Version-Release number of selected component (if applicable):
Tempo Operator 0.10.0-6
How reproducible:
Create TempoStack CRD with a storage which is signed by a custom CA
Steps to Reproduce:
1. Create TempoStack CRD by configuring a storage CA - e.g. openshift-service-ca.crt
~~~
storage:
secret:
name: tempo-odf
type: s3
tls:
caName: openshift-service-ca.crt
enabled: true
~~~
2. pods will fail with below error
~~~
failed to create objects for tracing-tempo: Deployment.apps "tempo-tracing-tempo-query-frontend" is invalid: [spec.template.spec.volumes[3].name: Invalid value: "service-ca.crt": must not contain dots, spec.template.spec.containers[0].volumeMounts[2].name: Not found: "service-ca.crt"]Deployment.apps "tempo-tracing-tempo-querier" is invalid: [spec.template.spec.volumes[2].name: Invalid value: "service-ca.crt": must not contain dots, spec.template.spec.containers[0].volumeMounts[2].name: Not found: "service-ca.crt"]Deployment.apps "tempo-tracing-tempo-compactor" is invalid: [spec.template.spec.volumes[2].name: Invalid value: "service-ca.crt": must not contain dots, spec.template.spec.containers[0].volumeMounts[2].name: Not found: "service-ca.crt"]
~~~
Actual results:
Expected results:
Additional info:
- links to
-
RHSA-2024:137276
Red Hat OpenShift distributed tracing 3.3.0 operator/operand containers
