Refactor Tempo Multitenancy section #88120
Conversation
Signed-off-by: Ruben Vargas <[email protected]>
Signed-off-by: Ruben Vargas <[email protected]>
openshift-ci
bot
added
the
size/L
rubenvp8510
changed the title
|
@max-cx This is for https://issues.redhat.com/browse/TRACING-4847 |
Signed-off-by: Ruben Vargas <[email protected]>
Signed-off-by: Ruben Vargas <[email protected]>
rubenvp8510
force-pushed
the
only_support_multitenancy
branch
from
d9931dd to
5794c86
Compare
| // * observability/distr_tracing/distr_tracing_tempo/distr-tracing-tempo-installing.adoc | ||
|
|
||
| :_mod-docs-content-type: PROCEDURE | ||
| [id="distr-tracing-tempo-install-gateway-permissions{context}"] |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.IdHasContextVariable: ID is missing the '_{context}' variable at the end of the ID.
| [id="distr-tracing-tempo-install-gateway-permissions{context}"] | ||
| = Configure tenants and permissions | ||
|
|
||
| Authentication and authorization is provided in the Tempo Gateway service. The authentication uses OpenShift OAuth and the Kubernetes `TokenReview` API. The authorization uses the Kubernetes `SubjectAccessReview` API. |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.SuggestAttribute: Use the AsciiDoc attribute '{TempoName}' or '{TempoShortName}' rather than the plain text product term 'Tempo', unless your use case is an exception.
|
|
||
| Authentication and authorization is provided in the Tempo Gateway service. The authentication uses OpenShift OAuth and the Kubernetes `TokenReview` API. The authorization uses the Kubernetes `SubjectAccessReview` API. | ||
|
|
||
| To properly define tenants and manage their read and write access, the distributed tracing stack—built on the Red Hat distribution of OpenTelemetry and Tempo—requires a well-configured authorization setup. |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.SuggestAttribute: Use the AsciiDoc attribute '{DTShortName}' rather than the plain text product term 'distributed tracing', unless your use case is an exception.
|
|
||
| Authentication and authorization is provided in the Tempo Gateway service. The authentication uses OpenShift OAuth and the Kubernetes `TokenReview` API. The authorization uses the Kubernetes `SubjectAccessReview` API. | ||
|
|
||
| To properly define tenants and manage their read and write access, the distributed tracing stack—built on the Red Hat distribution of OpenTelemetry and Tempo—requires a well-configured authorization setup. |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.SuggestAttribute: Use the AsciiDoc attribute '{TempoName}' or '{TempoShortName}' rather than the plain text product term 'Tempo', unless your use case is an exception.
| * Add the desired tenant in the otlp/otlphttp exporters as the "X-Scope-OrgID" headers | ||
| * Enable TLS with a valid certificate authority file. | ||
|
|
||
| Trace data can be sent to the Tempo instance from the OpenTelemetry Collector that uses the service account with RBAC for writing the data. |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.SuggestAttribute: Use the AsciiDoc attribute '{TempoName}' or '{TempoShortName}' rather than the plain text product term 'Tempo', unless your use case is an exception.
| <2> Must be set to `openshift`. | ||
| <3> The list of tenants. | ||
| <4> The tenant name. Must be provided in the `X-Scope-OrgId` header when ingesting the data. | ||
| <5> Defines a universally unique identifier of the tenant. Unlike the tenantName, which must be unique at a given time, the tenantId must be unique over the entire lifetime of the Tempo deployment. Tempo uses this ID to prefix objects in the object storage. This could be a UUID, or can match the tempoName |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.SuggestAttribute: Use the AsciiDoc attribute '{TempoName}' or '{TempoShortName}' rather than the plain text product term 'Tempo', unless your use case is an exception.
| <1> Secret you created in step 2 for the object storage that had been set up as one of the prerequisites. | ||
| <2> Value of the `name` in the `metadata` of the secret. | ||
| <3> Accepted values are `azure` for Azure Blob Storage; `gcs` for Google Cloud Storage; and `s3` for | ||
| <4> Size of the persistent volume claim for the Tempo WAL. The default is `10Gi`. |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.SuggestAttribute: Use the AsciiDoc attribute '{TempoName}' or '{TempoShortName}' rather than the plain text product term 'Tempo', unless your use case is an exception.
| <5> Tenant mode must be set to `openshift`. | ||
| <6> The list of tenants. | ||
| <7> The tenant name. Must be provided in the `X-Scope-OrgId` header when ingesting the data. | ||
| <8> Defines a universally unique identifier of the tenant. Unlike the tenantName, which must be unique at a given time, the tenantId must be unique over the entire lifetime of the Tempo deployment. Tempo uses this ID to prefix objects in the object storage. This could be a UUID, or can match the tempoName |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.SuggestAttribute: Use the AsciiDoc attribute '{TempoName}' or '{TempoShortName}' rather than the plain text product term 'Tempo', unless your use case is an exception.
| <5> Tenant mode must be set to `openshift`. | ||
| <6> The list of tenants. | ||
| <7> The tenant name. Must be provided in the `X-Scope-OrgId` header when ingesting the data. | ||
| <8> Defines a universally unique identifier of the tenant. Unlike the tenantName, which must be unique at a given time, the tenantId must be unique over the entire lifetime of the Tempo deployment. Tempo uses this ID to prefix objects in the object storage. This could be a UUID, or can match the tempoName |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.SuggestAttribute: Use the AsciiDoc attribute '{TempoName}' or '{TempoShortName}' rather than the plain text product term 'Tempo', unless your use case is an exception.
|
@rubenvp8510: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
@rubenvp8510, you can close this PR because I have opened #89092. |
Version(s):
Issue:
https://issues.redhat.com/browse/TRACING-4649
https://issues.redhat.com/browse/TRACING-4847
Link to docs preview:
QE review:
Additional information: