Use case

Currently, it's validated and forced when setting in the secret provided to the TempoStack that the endpoint has the protocol http or https in front.

If an OpenShift Admin sets the protocol (http or https) in front of the endpoint, and this is validated, it should be expected that by default the communication would happen through SSL/TLS and this doesn't happen until it's set "spec.storage.tls.enabled: true"

Then, if it's set the endpoint in the secret used for TempoStack like "https://s3.example.com", but it's not set "spec.storage.tls.enabled: true", it will be receive the error under these lines where not able to connect as the connection goes through http instead of https as set in the endpoint:

    level=error ts=2025-07-15T08:09:06.42393708Z caller=main.go:124 msg="error running Tempo" err="failed to init module services: error initialising module: store: failed to create store: unexpected error from ListObjects on <BucketName>: Get \"http://s3xxxxxxxxxx/?location=\": dial tcp xxxxxxx:80: i/o timeout"

This error in the best of the cases, in the worst, if it was enabled also to receive http connections in the object storage, as it goes by plain, all the communication should be in clear.

Proposal

The operator detects if HTTP or HTTPS is in set in the endpoint and considering this, enable or not "spec.storage.tls.enabled: true"