From 7e4a74cff918e70bf7e386bd4fd3820c83f56eaf Mon Sep 17 00:00:00 2001 From: Andreas Gerstmayr Date: Thu, 9 Nov 2023 13:38:25 +0100 Subject: [PATCH 1/2] Unset (default) images in TempoStack CR Various tools are capable of automatic rebuilding of images in case of CVEs (e.g. freshmaker [1]). These tools rebuild all images and update the RELATED_IMAGE_ environment variables in the CSV accordingly (ref. #638). However, they do not update the version field (the github.com/grafana/tempo-operator/internal/version.operatorVersion LDFLAG when building the operator), they only update the version of the CSV. Therefore the upgrade process won't run, and nothing will replace the images field in the TempoStack CRs, i.e. the tempo/tempo-query/gateway pods are not updated with the new image version. This PR modifies the handling to use the default images if the image field of the TempoStack CR is unset. Then the operator will use the image from RELATED_IMAGE_ env variables, and the containers are always using the latest images as specified in the RELATED_IMAGE_ env vars. As a bonus, if a user is manually editing the images field, it won't get reset on every upgrade. [1] https://github.com/redhat-exd-rebuilds/freshmaker Resolves: #674 Signed-off-by: Andreas Gerstmayr --- .chloggen/unset_images_in_cr.yaml | 16 +++++++ apis/tempo/v1alpha1/tempostack_webhook.go | 25 ----------- .../tempo/v1alpha1/tempostack_webhook_test.go | 18 ++------ cmd/generate/main.go | 20 +++++---- cmd/generate/main_test.go | 18 ++++---- .../tempo/tempostack_create_or_update.go | 2 +- internal/manifests/compactor/compactor.go | 10 +++-- internal/manifests/config/build.go | 12 ++--- internal/manifests/config/build_test.go | 16 ++++--- internal/manifests/distributor/distributor.go | 10 +++-- internal/manifests/gateway/gateway.go | 22 ++++++---- internal/manifests/gateway/gateway_test.go | 40 ++++++++++------- internal/manifests/gateway/openshift.go | 15 ++++--- internal/manifests/gateway/openshift_test.go | 3 +- internal/manifests/ingester/ingester.go | 10 +++-- internal/manifests/manifestutils/params.go | 2 +- internal/manifests/querier/querier.go | 10 +++-- .../manifests/queryfrontend/query_frontend.go | 20 ++++++--- .../queryfrontend/query_frontend_test.go | 8 ++-- .../servicemonitor/servicemonitor.go | 2 +- .../servicemonitor/servicemonitor_test.go | 12 +++-- internal/tlsprofile/options.go | 2 +- internal/upgrade/upgrade.go | 22 ---------- internal/upgrade/upgrade_test.go | 15 ++----- internal/upgrade/v0_6_0.go | 17 +++++++ internal/upgrade/versions.go | 4 ++ tests/e2e/generate/01-generate.yaml | 2 +- tests/e2e/generate/config.yaml | 44 +++++++++++++++++++ 28 files changed, 233 insertions(+), 164 deletions(-) create mode 100644 .chloggen/unset_images_in_cr.yaml create mode 100644 internal/upgrade/v0_6_0.go create mode 100644 tests/e2e/generate/config.yaml diff --git a/.chloggen/unset_images_in_cr.yaml b/.chloggen/unset_images_in_cr.yaml new file mode 100644 index 000000000..d4e1f8d20 --- /dev/null +++ b/.chloggen/unset_images_in_cr.yaml @@ -0,0 +1,16 @@ +# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' +change_type: breaking + +# The name of the component, or a single word describing the area of concern, (e.g. operator, github action) +component: operator + +# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). +note: Unset (default) images in TempoStack CR + +# One or more tracking issues related to the change +issues: [674] + +# (Optional) One or more lines of additional information to render under the primary note. +# These lines will be padded with 2 spaces and then inserted directly into the document. +# Use pipe (|) for multiline entries. +subtext: From 0.6.0 onwards, the image location is not stored in the TempoStack CR unless it got changed manually diff --git a/apis/tempo/v1alpha1/tempostack_webhook.go b/apis/tempo/v1alpha1/tempostack_webhook.go index 9ef1eb2fe..b63f2f4f7 100644 --- a/apis/tempo/v1alpha1/tempostack_webhook.go +++ b/apis/tempo/v1alpha1/tempostack_webhook.go @@ -74,31 +74,6 @@ func (d *Defaulter) Default(ctx context.Context, obj runtime.Object) error { } r.Labels["tempo.grafana.com/distribution"] = d.ctrlConfig.Distribution - if r.Spec.Images.Tempo == "" { - if d.ctrlConfig.DefaultImages.Tempo == "" { - return fmt.Errorf("please specify a tempo image in the CR or in the %s env var", v1alpha1.EnvRelatedImageTempo) - } - r.Spec.Images.Tempo = d.ctrlConfig.DefaultImages.Tempo - } - if r.Spec.Images.TempoQuery == "" { - if d.ctrlConfig.DefaultImages.TempoQuery == "" { - return fmt.Errorf("please specify a tempoQuery image in the CR or in the %s env var", v1alpha1.EnvRelatedImageTempoQuery) - } - r.Spec.Images.TempoQuery = d.ctrlConfig.DefaultImages.TempoQuery - } - if r.Spec.Images.TempoGateway == "" { - if d.ctrlConfig.DefaultImages.TempoGateway == "" { - return fmt.Errorf("please specify a tempoGateway image in the CR or in the %s env var", v1alpha1.EnvRelatedImageTempoGateway) - } - r.Spec.Images.TempoGateway = d.ctrlConfig.DefaultImages.TempoGateway - } - if r.Spec.Images.TempoGatewayOpa == "" { - if d.ctrlConfig.DefaultImages.TempoGatewayOpa == "" { - return fmt.Errorf("please specify a tempoGatewayOpa image in the CR or in the %s env var", v1alpha1.EnvRelatedImageTempoGatewayOpa) - } - r.Spec.Images.TempoGatewayOpa = d.ctrlConfig.DefaultImages.TempoGatewayOpa - } - if r.Spec.ServiceAccount == "" { r.Spec.ServiceAccount = naming.DefaultServiceAccountName(r.Name) } diff --git a/apis/tempo/v1alpha1/tempostack_webhook_test.go b/apis/tempo/v1alpha1/tempostack_webhook_test.go index 48f187333..ddcf10058 100644 --- a/apis/tempo/v1alpha1/tempostack_webhook_test.go +++ b/apis/tempo/v1alpha1/tempostack_webhook_test.go @@ -134,13 +134,8 @@ func TestDefault(t *testing.T) { }, Spec: TempoStackSpec{ ReplicationFactor: 1, - Images: v1alpha1.ImagesSpec{ - Tempo: "docker.io/grafana/tempo:x.y.z", - TempoQuery: "docker.io/grafana/tempo-query:x.y.z", - TempoGateway: "docker.io/observatorium/gateway:1.2.3", - TempoGatewayOpa: "docker.io/observatorium/opa-openshift:1.2.3", - }, - ServiceAccount: "tempo-test", + Images: v1alpha1.ImagesSpec{}, + ServiceAccount: "tempo-test", Retention: RetentionSpec{ Global: RetentionConfig{ Traces: metav1.Duration{Duration: 48 * time.Hour}, @@ -201,13 +196,8 @@ func TestDefault(t *testing.T) { }, Spec: TempoStackSpec{ ReplicationFactor: 1, - Images: v1alpha1.ImagesSpec{ - Tempo: "docker.io/grafana/tempo:x.y.z", - TempoQuery: "docker.io/grafana/tempo-query:x.y.z", - TempoGateway: "docker.io/observatorium/gateway:1.2.3", - TempoGatewayOpa: "docker.io/observatorium/opa-openshift:1.2.3", - }, - ServiceAccount: "tempo-test", + Images: v1alpha1.ImagesSpec{}, + ServiceAccount: "tempo-test", Retention: RetentionSpec{ Global: RetentionConfig{ Traces: metav1.Duration{Duration: 48 * time.Hour}, diff --git a/cmd/generate/main.go b/cmd/generate/main.go index a23511e35..ddf3483b5 100644 --- a/cmd/generate/main.go +++ b/cmd/generate/main.go @@ -16,7 +16,6 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - configv1alpha1 "github.com/grafana/tempo-operator/apis/config/v1alpha1" "github.com/grafana/tempo-operator/apis/tempo/v1alpha1" "github.com/grafana/tempo-operator/cmd" controllers "github.com/grafana/tempo-operator/controllers/tempo" @@ -41,9 +40,9 @@ func loadSpec(r io.Reader) (v1alpha1.TempoStack, error) { return spec, nil } -func build(ctrlConfig configv1alpha1.ProjectConfig, params manifestutils.Params) ([]client.Object, error) { +func build(params manifestutils.Params) ([]client.Object, error) { // apply default values from Defaulter webhook - defaulterWebhook := v1alpha1.NewDefaulter(ctrlConfig) + defaulterWebhook := v1alpha1.NewDefaulter(params.CtrlConfig) err := defaulterWebhook.Default(context.Background(), ¶ms.Tempo) if err != nil { return nil, err @@ -105,7 +104,7 @@ func toYAMLManifest(scheme *runtime.Scheme, objects []client.Object, out io.Writ func generate(c *cobra.Command, crPath string, outPath string, params manifestutils.Params) error { rootCmdConfig := c.Context().Value(cmd.RootConfigKey{}).(cmd.RootConfig) - ctrlConfig, options := rootCmdConfig.CtrlConfig, rootCmdConfig.Options + options := rootCmdConfig.Options var specReader io.Reader if crPath == "/dev/stdin" { @@ -132,7 +131,7 @@ func generate(c *cobra.Command, crPath string, outPath string, params manifestut } params.Tempo = spec - objects, err := build(ctrlConfig, params) + objects, err := build(params) if err != nil { return fmt.Errorf("error building manifests: %w", err) } @@ -170,12 +169,16 @@ func NewGenerateCommand() *cobra.Command { var gcsBucket string var s3Endpoint string var s3Bucket string - params := manifestutils.Params{} cmd := &cobra.Command{ Use: "generate", Short: "Generate YAML manifests from a Tempo CR", - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(c *cobra.Command, args []string) error { + rootCmdConfig := c.Context().Value(cmd.RootConfigKey{}).(cmd.RootConfig) + params := manifestutils.Params{ + CtrlConfig: rootCmdConfig.CtrlConfig, + } + switch { case azureContainer != "": params.StorageParams.AzureStorage = controllers.GetAzureParams(v1alpha1.TempoStack{}, &corev1.Secret{Data: map[string][]byte{ @@ -191,7 +194,8 @@ func NewGenerateCommand() *cobra.Command { "bucket": []byte(s3Bucket), }}) } - return generate(cmd, crPath, outPath, params) + + return generate(c, crPath, outPath, params) }, } cmd.Flags().StringVar(&crPath, "cr", "/dev/stdin", "Input CR") diff --git a/cmd/generate/main_test.go b/cmd/generate/main_test.go index 8360f10e1..2a73ec05a 100644 --- a/cmd/generate/main_test.go +++ b/cmd/generate/main_test.go @@ -19,15 +19,15 @@ import ( ) func TestBuild(t *testing.T) { - ctrlConfig := configv1alpha1.ProjectConfig{ - DefaultImages: configv1alpha1.ImagesSpec{ - Tempo: "tempo-image", - TempoQuery: "tempo-query-image", - TempoGateway: "tempo-gateway-image", - TempoGatewayOpa: "tempo-gateway-opa-image", - }, - } params := manifestutils.Params{ + CtrlConfig: configv1alpha1.ProjectConfig{ + DefaultImages: configv1alpha1.ImagesSpec{ + Tempo: "tempo-image", + TempoQuery: "tempo-query-image", + TempoGateway: "tempo-gateway-image", + TempoGatewayOpa: "tempo-gateway-opa-image", + }, + }, StorageParams: manifestutils.StorageParams{ AzureStorage: &manifestutils.AzureStorage{}, GCS: &manifestutils.GCS{}, @@ -35,7 +35,7 @@ func TestBuild(t *testing.T) { }, } - objects, err := build(ctrlConfig, params) + objects, err := build(params) require.NoError(t, err) require.Equal(t, 14, len(objects)) } diff --git a/controllers/tempo/tempostack_create_or_update.go b/controllers/tempo/tempostack_create_or_update.go index 3672f6771..7783bf908 100644 --- a/controllers/tempo/tempostack_create_or_update.go +++ b/controllers/tempo/tempostack_create_or_update.go @@ -152,7 +152,7 @@ func (r *TempoStackReconciler) createOrUpdate(ctx context.Context, log logr.Logg managedObjects, err := manifests.BuildAll(manifestutils.Params{ Tempo: tempo, StorageParams: storageConfig, - Gates: r.CtrlConfig.Gates, + CtrlConfig: r.CtrlConfig, TLSProfile: tlsProfile, GatewayTenantSecret: tenantSecrets, GatewayTenantsData: gatewayTenantsData, diff --git a/internal/manifests/compactor/compactor.go b/internal/manifests/compactor/compactor.go index 2821ed890..76e8595f8 100644 --- a/internal/manifests/compactor/compactor.go +++ b/internal/manifests/compactor/compactor.go @@ -24,7 +24,7 @@ func BuildCompactor(params manifestutils.Params) ([]client.Object, error) { if err != nil { return nil, err } - gates := params.Gates + gates := params.CtrlConfig.Gates tempo := params.Tempo if gates.HTTPEncryption || gates.GRPCEncryption { caBundleName := naming.SigningCABundleName(tempo.Name) @@ -45,6 +45,10 @@ func deployment(params manifestutils.Params) (*v1.Deployment, error) { labels := manifestutils.ComponentLabels(manifestutils.CompactorComponentName, tempo.Name) annotations := manifestutils.CommonAnnotations(params.ConfigChecksum) cfg := tempo.Spec.Template.Compactor + image := tempo.Spec.Images.Tempo + if image == "" { + image = params.CtrlConfig.DefaultImages.Tempo + } d := &v1.Deployment{ TypeMeta: metav1.TypeMeta{ @@ -71,7 +75,7 @@ func deployment(params manifestutils.Params) (*v1.Deployment, error) { Containers: []corev1.Container{ { Name: "tempo", - Image: tempo.Spec.Images.Tempo, + Image: image, Args: []string{ "-target=compactor", "-config.file=/conf/tempo.yaml", @@ -89,7 +93,7 @@ func deployment(params manifestutils.Params) (*v1.Deployment, error) { Protocol: corev1.ProtocolTCP, }, }, - ReadinessProbe: manifestutils.TempoReadinessProbe(params.Gates.HTTPEncryption), + ReadinessProbe: manifestutils.TempoReadinessProbe(params.CtrlConfig.Gates.HTTPEncryption), VolumeMounts: []corev1.VolumeMount{ { Name: manifestutils.ConfigVolumeName, diff --git a/internal/manifests/config/build.go b/internal/manifests/config/build.go index b417fa9e7..45f78009e 100644 --- a/internal/manifests/config/build.go +++ b/internal/manifests/config/build.go @@ -47,7 +47,7 @@ func fromRateLimitSpecToRateLimitOptionsMap(ratemaps map[string]v1alpha1.RateLim func buildQueryFrontEndConfig(params manifestutils.Params) ([]byte, error) { if !params.Tempo.Spec.Template.Gateway.Enabled { - params.Gates.HTTPEncryption = false + params.CtrlConfig.Gates.HTTPEncryption = false } return buildConfiguration(params) @@ -58,7 +58,7 @@ func buildConfiguration(params manifestutils.Params) ([]byte, error) { tlsopts := tlsOptions{} var err error - if params.Gates.GRPCEncryption || params.Gates.HTTPEncryption { + if params.CtrlConfig.Gates.GRPCEncryption || params.CtrlConfig.Gates.HTTPEncryption { tlsopts, err = buildTLSConfig(params) if err != nil { return []byte{}, err @@ -79,8 +79,8 @@ func buildConfiguration(params manifestutils.Params) ([]byte, error) { Multitenancy: tempo.Spec.Tenants != nil, Gateway: tempo.Spec.Template.Gateway.Enabled, Gates: featureGates{ - GRPCEncryption: params.Gates.GRPCEncryption, - HTTPEncryption: params.Gates.HTTPEncryption, + GRPCEncryption: params.CtrlConfig.Gates.GRPCEncryption, + HTTPEncryption: params.CtrlConfig.Gates.HTTPEncryption, }, TLS: tlsopts, ReceiverTLS: buildReceiverTLSConfig(tempo), @@ -151,8 +151,8 @@ func buildTempoQueryConfig(params manifestutils.Params) ([]byte, error) { TLS: tlsopts, HTTPPort: manifestutils.PortHTTPServer, Gates: featureGates{ - GRPCEncryption: params.Gates.GRPCEncryption, - HTTPEncryption: params.Gates.HTTPEncryption, + GRPCEncryption: params.CtrlConfig.Gates.GRPCEncryption, + HTTPEncryption: params.CtrlConfig.Gates.HTTPEncryption, }, TenantHeader: manifestutils.TenantHeader, Gateway: params.Tempo.Spec.Template.Gateway.Enabled, diff --git a/internal/manifests/config/build_test.go b/internal/manifests/config/build_test.go index 6115a5885..ee29d3eb3 100644 --- a/internal/manifests/config/build_test.go +++ b/internal/manifests/config/build_test.go @@ -1512,9 +1512,11 @@ ingester_client: "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}, MinTLSVersion: "VersionTLS12", }, - Gates: configv1alpha1.FeatureGates{ - HTTPEncryption: true, - GRPCEncryption: true, + CtrlConfig: configv1alpha1.ProjectConfig{ + Gates: configv1alpha1.FeatureGates{ + HTTPEncryption: true, + GRPCEncryption: true, + }, }, }) require.NoError(t, err) @@ -1669,9 +1671,11 @@ ingester_client: "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}, MinTLSVersion: "VersionTLS12", }, - Gates: configv1alpha1.FeatureGates{ - HTTPEncryption: true, - GRPCEncryption: true, + CtrlConfig: configv1alpha1.ProjectConfig{ + Gates: configv1alpha1.FeatureGates{ + HTTPEncryption: true, + GRPCEncryption: true, + }, }, }) require.NoError(t, err) diff --git a/internal/manifests/distributor/distributor.go b/internal/manifests/distributor/distributor.go index 3d3e33614..2257b3112 100644 --- a/internal/manifests/distributor/distributor.go +++ b/internal/manifests/distributor/distributor.go @@ -24,7 +24,7 @@ func BuildDistributor(params manifestutils.Params) ([]client.Object, error) { if err != nil { return nil, err } - gates := params.Gates + gates := params.CtrlConfig.Gates tempo := params.Tempo if gates.HTTPEncryption || gates.GRPCEncryption { caBundleName := naming.SigningCABundleName(tempo.Name) @@ -125,6 +125,10 @@ func deployment(params manifestutils.Params) *v1.Deployment { labels := manifestutils.ComponentLabels(manifestutils.DistributorComponentName, tempo.Name) annotations := manifestutils.CommonAnnotations(params.ConfigChecksum) cfg := tempo.Spec.Template.Distributor + image := tempo.Spec.Images.Tempo + if image == "" { + image = params.CtrlConfig.DefaultImages.Tempo + } containerPorts := []corev1.ContainerPort{ { @@ -207,14 +211,14 @@ func deployment(params manifestutils.Params) *v1.Deployment { Containers: []corev1.Container{ { Name: "tempo", - Image: tempo.Spec.Images.Tempo, + Image: image, Args: []string{ "-target=distributor", "-config.file=/conf/tempo.yaml", "-log.level=info", }, Ports: containerPorts, - ReadinessProbe: manifestutils.TempoReadinessProbe(params.Gates.HTTPEncryption), + ReadinessProbe: manifestutils.TempoReadinessProbe(params.CtrlConfig.Gates.HTTPEncryption), VolumeMounts: []corev1.VolumeMount{ { Name: manifestutils.ConfigVolumeName, diff --git a/internal/manifests/gateway/gateway.go b/internal/manifests/gateway/gateway.go index ce06b5739..e34822d8d 100644 --- a/internal/manifests/gateway/gateway.go +++ b/internal/manifests/gateway/gateway.go @@ -38,7 +38,7 @@ const ( // BuildGateway creates gateway objects. func BuildGateway(params manifestutils.Params) ([]client.Object, error) { - rbacCfg, tenantsCfg, err := buildConfigFiles(newOptions(params.Tempo, params.Gates.OpenShift.BaseDomain, params.GatewayTenantSecret, params.GatewayTenantsData)) + rbacCfg, tenantsCfg, err := buildConfigFiles(newOptions(params.Tempo, params.CtrlConfig.Gates.OpenShift.BaseDomain, params.GatewayTenantSecret, params.GatewayTenantsData)) if err != nil { return nil, err } @@ -49,12 +49,12 @@ func BuildGateway(params manifestutils.Params) ([]client.Object, error) { objs := []client.Object{ rbacConfigMap, tenantsSecret, - service(params.Tempo, params.Gates.OpenShift.ServingCertsService), + service(params.Tempo, params.CtrlConfig.Gates.OpenShift.ServingCertsService), } dep := deployment(params, rbacCfgHash, tenantsCfgHash) - if params.Gates.HTTPEncryption || params.Gates.GRPCEncryption { + if params.CtrlConfig.Gates.HTTPEncryption || params.CtrlConfig.Gates.GRPCEncryption { caBundleName := naming.SigningCABundleName(params.Tempo.Name) if err := manifestutils.ConfigureServiceCA(&dep.Spec.Template.Spec, caBundleName); err != nil { return nil, err @@ -67,7 +67,7 @@ func BuildGateway(params manifestutils.Params) ([]client.Object, error) { if params.Tempo.Spec.Tenants.Mode == v1alpha1.ModeOpenShift { dep = patchOCPServiceAccount(params.Tempo, dep) - dep, err = patchOCPOPAContainer(params.Tempo, dep) + dep, err = patchOCPOPAContainer(params, dep) if err != nil { return nil, err } @@ -79,7 +79,7 @@ func BuildGateway(params manifestutils.Params) ([]client.Object, error) { configMapCABundle(params.Tempo), }...) - if params.Gates.OpenShift.ServingCertsService { + if params.CtrlConfig.Gates.OpenShift.ServingCertsService { dep, err = patchOCPServingCerts(params.Tempo, dep) if err != nil { return nil, err @@ -123,8 +123,12 @@ func deployment(params manifestutils.Params, rbacCfgHash string, tenantsCfgHash cfg := tempo.Spec.Template.Gateway internalServerScheme := corev1.URISchemeHTTP tlsArgs := []string{} + image := tempo.Spec.Images.TempoGateway + if image == "" { + image = params.CtrlConfig.DefaultImages.TempoGateway + } - if params.Gates.HTTPEncryption { + if params.CtrlConfig.Gates.HTTPEncryption { internalServerScheme = corev1.URISchemeHTTPS tlsArgs = []string{ fmt.Sprintf("--tls.internal.server.key-file=%s/tls.key", manifestutils.TempoServerTLSDir()), @@ -160,15 +164,15 @@ func deployment(params manifestutils.Params, rbacCfgHash string, tenantsCfgHash Containers: []corev1.Container{ { Name: "tempo-gateway", - Image: tempo.Spec.Images.TempoGateway, + Image: image, Args: append([]string{ fmt.Sprintf("--traces.tenant-header=%s", manifestutils.TenantHeader), fmt.Sprintf("--web.listen=0.0.0.0:%d", portPublic), fmt.Sprintf("--web.internal.listen=0.0.0.0:%d", portInternal), fmt.Sprintf("--traces.write.endpoint=%s:%d", naming.ServiceFqdn(tempo.Namespace, tempo.Name, manifestutils.DistributorComponentName), manifestutils.PortOtlpGrpcServer), - fmt.Sprintf("--traces.read.endpoint=%s://%s:%d", httpScheme(params.Gates.HTTPEncryption), + fmt.Sprintf("--traces.read.endpoint=%s://%s:%d", httpScheme(params.CtrlConfig.Gates.HTTPEncryption), naming.ServiceFqdn(tempo.Namespace, tempo.Name, manifestutils.QueryFrontendComponentName), manifestutils.PortJaegerQuery), - fmt.Sprintf("--traces.tempo.endpoint=%s://%s:%d", httpScheme(params.Gates.HTTPEncryption), + fmt.Sprintf("--traces.tempo.endpoint=%s://%s:%d", httpScheme(params.CtrlConfig.Gates.HTTPEncryption), naming.ServiceFqdn(tempo.Namespace, tempo.Name, manifestutils.QueryFrontendComponentName), manifestutils.PortHTTPServer), fmt.Sprintf("--grpc.listen=0.0.0.0:%d", portGRPC), fmt.Sprintf("--rbac.config=%s", path.Join(tempoGatewayMountDir, "cm", tempoGatewayRbacFileName)), diff --git a/internal/manifests/gateway/gateway_test.go b/internal/manifests/gateway/gateway_test.go index 9d55d2611..afbc53e12 100644 --- a/internal/manifests/gateway/gateway_test.go +++ b/internal/manifests/gateway/gateway_test.go @@ -62,12 +62,12 @@ func TestRbacConfig(t *testing.T) { StorageParams: manifestutils.StorageParams{}, ConfigChecksum: "", Tempo: tempo, - Gates: configv1alpha1.FeatureGates{}, + CtrlConfig: configv1alpha1.ProjectConfig{}, TLSProfile: tlsprofile.TLSProfileOptions{}, GatewayTenantSecret: []*manifestutils.GatewayTenantOIDCSecret{}, } - cfgOpts := newOptions(params.Tempo, params.Gates.OpenShift.BaseDomain, params.GatewayTenantSecret, params.GatewayTenantsData) + cfgOpts := newOptions(params.Tempo, params.CtrlConfig.Gates.OpenShift.BaseDomain, params.GatewayTenantSecret, params.GatewayTenantsData) tenantsCfg, _, err := buildConfigFiles(cfgOpts) assert.NoError(t, err) @@ -113,12 +113,12 @@ func TestTenantsConfig(t *testing.T) { StorageParams: manifestutils.StorageParams{}, ConfigChecksum: "", Tempo: tempo, - Gates: configv1alpha1.FeatureGates{}, + CtrlConfig: configv1alpha1.ProjectConfig{}, TLSProfile: tlsprofile.TLSProfileOptions{}, GatewayTenantSecret: []*manifestutils.GatewayTenantOIDCSecret{}, } - cfgOpts := newOptions(params.Tempo, params.Gates.OpenShift.BaseDomain, params.GatewayTenantSecret, params.GatewayTenantsData) + cfgOpts := newOptions(params.Tempo, params.CtrlConfig.Gates.OpenShift.BaseDomain, params.GatewayTenantSecret, params.GatewayTenantsData) _, tenantsCfg, err := buildConfigFiles(cfgOpts) assert.NoError(t, err) @@ -158,11 +158,13 @@ func TestBuildGateway_openshift(t *testing.T) { } objects, err := BuildGateway(manifestutils.Params{ Tempo: tempo, - Gates: configv1alpha1.FeatureGates{ - OpenShift: configv1alpha1.OpenShiftFeatureGates{ - ServingCertsService: true, - OpenShiftRoute: true, - BaseDomain: "domain", + CtrlConfig: configv1alpha1.ProjectConfig{ + Gates: configv1alpha1.FeatureGates{ + OpenShift: configv1alpha1.OpenShiftFeatureGates{ + ServingCertsService: true, + OpenShiftRoute: true, + BaseDomain: "domain", + }, }, }, }) @@ -418,10 +420,12 @@ func TestTLSParameters(t *testing.T) { // test with TLS objects, err := BuildGateway(manifestutils.Params{ Tempo: tempo, - Gates: configv1alpha1.FeatureGates{ - HTTPEncryption: true, - OpenShift: configv1alpha1.OpenShiftFeatureGates{ - BaseDomain: "domain", + CtrlConfig: configv1alpha1.ProjectConfig{ + Gates: configv1alpha1.FeatureGates{ + HTTPEncryption: true, + OpenShift: configv1alpha1.OpenShiftFeatureGates{ + BaseDomain: "domain", + }, }, }, }) @@ -449,10 +453,12 @@ func TestTLSParameters(t *testing.T) { // test without TLS objects, err = BuildGateway(manifestutils.Params{ Tempo: tempo, - Gates: configv1alpha1.FeatureGates{ - HTTPEncryption: false, - OpenShift: configv1alpha1.OpenShiftFeatureGates{ - BaseDomain: "domain", + CtrlConfig: configv1alpha1.ProjectConfig{ + Gates: configv1alpha1.FeatureGates{ + HTTPEncryption: false, + OpenShift: configv1alpha1.OpenShiftFeatureGates{ + BaseDomain: "domain", + }, }, }, }) diff --git a/internal/manifests/gateway/openshift.go b/internal/manifests/gateway/openshift.go index b059ad115..c85f18857 100644 --- a/internal/manifests/gateway/openshift.go +++ b/internal/manifests/gateway/openshift.go @@ -194,9 +194,9 @@ func patchOCPServiceAccount(tempo v1alpha1.TempoStack, dep *v1.Deployment) *v1.D return dep } -func patchOCPOPAContainer(tempo v1alpha1.TempoStack, dep *v1.Deployment) (*v1.Deployment, error) { +func patchOCPOPAContainer(params manifestutils.Params, dep *v1.Deployment) (*v1.Deployment, error) { pod := corev1.PodSpec{ - Containers: []corev1.Container{opaContainer(tempo)}, + Containers: []corev1.Container{opaContainer(params)}, } err := mergo.Merge(&dep.Spec.Template.Spec, pod, mergo.WithAppendSlice) if err != nil { @@ -205,7 +205,12 @@ func patchOCPOPAContainer(tempo v1alpha1.TempoStack, dep *v1.Deployment) (*v1.De return dep, err } -func opaContainer(tempo v1alpha1.TempoStack) corev1.Container { +func opaContainer(params manifestutils.Params) corev1.Container { + image := params.Tempo.Spec.Images.TempoGatewayOpa + if image == "" { + image = params.CtrlConfig.DefaultImages.TempoGatewayOpa + } + var args = []string{ "--log.level=warn", "--opa.admin-groups=system:cluster-admins,cluster-admin,dedicated-admin", @@ -214,13 +219,13 @@ func opaContainer(tempo v1alpha1.TempoStack) corev1.Container { fmt.Sprintf("--web.healthchecks.url=http://localhost:%d", gatewayOPAHTTPPort), fmt.Sprintf("--opa.package=%s", "tempostack"), } - for _, t := range tempo.Spec.Tenants.Authentication { + for _, t := range params.Tempo.Spec.Tenants.Authentication { args = append(args, fmt.Sprintf(`--openshift.mappings=%s=%s`, t.TenantName, "tempo.grafana.com")) } return corev1.Container{ Name: "opa", - Image: tempo.Spec.Images.TempoGatewayOpa, + Image: image, Args: args, Ports: []corev1.ContainerPort{ { diff --git a/internal/manifests/gateway/openshift_test.go b/internal/manifests/gateway/openshift_test.go index a811e1d84..84b60f97d 100644 --- a/internal/manifests/gateway/openshift_test.go +++ b/internal/manifests/gateway/openshift_test.go @@ -11,6 +11,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/grafana/tempo-operator/apis/tempo/v1alpha1" + "github.com/grafana/tempo-operator/internal/manifests/manifestutils" "github.com/grafana/tempo-operator/internal/manifests/naming" ) @@ -36,7 +37,7 @@ func TestPatchOPAContainer(t *testing.T) { }, }, } - dep, err := patchOCPOPAContainer(tempo, &appsv1.Deployment{}) + dep, err := patchOCPOPAContainer(manifestutils.Params{Tempo: tempo}, &appsv1.Deployment{}) require.NoError(t, err) require.Equal(t, 1, len(dep.Spec.Template.Spec.Containers)) assert.Equal(t, []string{ diff --git a/internal/manifests/ingester/ingester.go b/internal/manifests/ingester/ingester.go index 4c9af5e1a..4a7848339 100644 --- a/internal/manifests/ingester/ingester.go +++ b/internal/manifests/ingester/ingester.go @@ -26,7 +26,7 @@ func BuildIngester(params manifestutils.Params) ([]client.Object, error) { return nil, err } - gates := params.Gates + gates := params.CtrlConfig.Gates tempo := params.Tempo if gates.HTTPEncryption || gates.GRPCEncryption { @@ -50,6 +50,10 @@ func statefulSet(params manifestutils.Params) (*v1.StatefulSet, error) { annotations := manifestutils.CommonAnnotations(params.ConfigChecksum) filesystem := corev1.PersistentVolumeFilesystem cfg := tempo.Spec.Template.Ingester + image := tempo.Spec.Images.Tempo + if image == "" { + image = params.CtrlConfig.DefaultImages.Tempo + } ss := &v1.StatefulSet{ ObjectMeta: metav1.ObjectMeta{ @@ -83,7 +87,7 @@ func statefulSet(params manifestutils.Params) (*v1.StatefulSet, error) { Containers: []corev1.Container{ { Name: "tempo", - Image: tempo.Spec.Images.Tempo, + Image: image, Args: []string{ "-target=ingester", "-config.file=/conf/tempo.yaml", @@ -117,7 +121,7 @@ func statefulSet(params manifestutils.Params) (*v1.StatefulSet, error) { Protocol: corev1.ProtocolTCP, }, }, - ReadinessProbe: manifestutils.TempoReadinessProbe(params.Gates.HTTPEncryption), + ReadinessProbe: manifestutils.TempoReadinessProbe(params.CtrlConfig.Gates.HTTPEncryption), Resources: manifestutils.Resources(tempo, manifestutils.IngesterComponentName), SecurityContext: manifestutils.TempoContainerSecurityContext(), }, diff --git a/internal/manifests/manifestutils/params.go b/internal/manifests/manifestutils/params.go index 5fa52cabb..da4b2fa55 100644 --- a/internal/manifests/manifestutils/params.go +++ b/internal/manifests/manifestutils/params.go @@ -11,7 +11,7 @@ type Params struct { StorageParams StorageParams ConfigChecksum string Tempo v1alpha1.TempoStack - Gates configv1alpha1.FeatureGates + CtrlConfig configv1alpha1.ProjectConfig TLSProfile tlsprofile.TLSProfileOptions GatewayTenantSecret []*GatewayTenantOIDCSecret GatewayTenantsData []*GatewayTenantsData diff --git a/internal/manifests/querier/querier.go b/internal/manifests/querier/querier.go index f523b3b27..4a61dbacc 100644 --- a/internal/manifests/querier/querier.go +++ b/internal/manifests/querier/querier.go @@ -26,7 +26,7 @@ func BuildQuerier(params manifestutils.Params) ([]client.Object, error) { return nil, err } - gates := params.Gates + gates := params.CtrlConfig.Gates tempo := params.Tempo if gates.HTTPEncryption || gates.GRPCEncryption { @@ -48,6 +48,10 @@ func deployment(params manifestutils.Params) (*v1.Deployment, error) { labels := manifestutils.ComponentLabels(manifestutils.QuerierComponentName, tempo.Name) annotations := manifestutils.CommonAnnotations(params.ConfigChecksum) cfg := tempo.Spec.Template.Querier + image := tempo.Spec.Images.Tempo + if image == "" { + image = params.CtrlConfig.DefaultImages.Tempo + } d := &v1.Deployment{ TypeMeta: metav1.TypeMeta{ @@ -75,7 +79,7 @@ func deployment(params manifestutils.Params) (*v1.Deployment, error) { Containers: []corev1.Container{ { Name: "tempo", - Image: tempo.Spec.Images.Tempo, + Image: image, Args: []string{ "-target=querier", "-config.file=/conf/tempo.yaml", @@ -93,7 +97,7 @@ func deployment(params manifestutils.Params) (*v1.Deployment, error) { Protocol: corev1.ProtocolTCP, }, }, - ReadinessProbe: manifestutils.TempoReadinessProbe(params.Gates.HTTPEncryption), + ReadinessProbe: manifestutils.TempoReadinessProbe(params.CtrlConfig.Gates.HTTPEncryption), VolumeMounts: []corev1.VolumeMount{ { Name: manifestutils.ConfigVolumeName, diff --git a/internal/manifests/queryfrontend/query_frontend.go b/internal/manifests/queryfrontend/query_frontend.go index f84cc204b..84b82d76d 100644 --- a/internal/manifests/queryfrontend/query_frontend.go +++ b/internal/manifests/queryfrontend/query_frontend.go @@ -47,7 +47,7 @@ func BuildQueryFrontend(params manifestutils.Params) ([]client.Object, error) { if err != nil { return nil, err } - gates := params.Gates + gates := params.CtrlConfig.Gates tempo := params.Tempo if gates.HTTPEncryption || gates.GRPCEncryption { @@ -97,6 +97,14 @@ func deployment(params manifestutils.Params) (*appsv1.Deployment, error) { labels := manifestutils.ComponentLabels(manifestutils.QueryFrontendComponentName, tempo.Name) annotations := manifestutils.CommonAnnotations(params.ConfigChecksum) cfg := tempo.Spec.Template.QueryFrontend + tempoImage := tempo.Spec.Images.Tempo + if tempoImage == "" { + tempoImage = params.CtrlConfig.DefaultImages.Tempo + } + tempoQueryImage := tempo.Spec.Images.TempoQuery + if tempoQueryImage == "" { + tempoQueryImage = params.CtrlConfig.DefaultImages.TempoQuery + } d := &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ @@ -124,7 +132,7 @@ func deployment(params manifestutils.Params) (*appsv1.Deployment, error) { Containers: []corev1.Container{ { Name: "tempo", - Image: tempo.Spec.Images.Tempo, + Image: tempoImage, Args: []string{ "-target=query-frontend", "-config.file=/conf/tempo-query-frontend.yaml", @@ -143,7 +151,7 @@ func deployment(params manifestutils.Params) (*appsv1.Deployment, error) { Protocol: corev1.ProtocolTCP, }, }, - ReadinessProbe: manifestutils.TempoReadinessProbe(params.Gates.HTTPEncryption && params.Tempo.Spec.Template.Gateway.Enabled), + ReadinessProbe: manifestutils.TempoReadinessProbe(params.CtrlConfig.Gates.HTTPEncryption && params.Tempo.Spec.Template.Gateway.Enabled), VolumeMounts: []corev1.VolumeMount{ { Name: manifestutils.ConfigVolumeName, @@ -185,7 +193,7 @@ func deployment(params manifestutils.Params) (*appsv1.Deployment, error) { if tempo.Spec.Template.QueryFrontend.JaegerQuery.Enabled { jaegerQueryContainer := corev1.Container{ Name: "tempo-query", - Image: tempo.Spec.Images.TempoQuery, + Image: tempoQueryImage, Args: []string{ "--query.base-path=/", "--grpc-storage-plugin.configuration-file=/conf/tempo-query.yaml", @@ -236,7 +244,7 @@ func deployment(params manifestutils.Params) (*appsv1.Deployment, error) { }...) } - if params.Gates.HTTPEncryption && tempo.Spec.Template.Gateway.Enabled { + if params.CtrlConfig.Gates.HTTPEncryption && tempo.Spec.Template.Gateway.Enabled { jaegerQueryContainer.Args = append(jaegerQueryContainer.Args, "--query.http.tls.enabled=true", fmt.Sprintf("--query.http.tls.key=%s/tls.key", manifestutils.TempoServerTLSDir()), @@ -245,7 +253,7 @@ func deployment(params manifestutils.Params) (*appsv1.Deployment, error) { ) } - if params.Gates.GRPCEncryption && tempo.Spec.Template.Gateway.Enabled { + if params.CtrlConfig.Gates.GRPCEncryption && tempo.Spec.Template.Gateway.Enabled { jaegerQueryContainer.Args = append(jaegerQueryContainer.Args, "--query.grpc.tls.enabled=true", fmt.Sprintf("--query.grpc.tls.key=%s/tls.key", manifestutils.TempoServerTLSDir()), diff --git a/internal/manifests/queryfrontend/query_frontend_test.go b/internal/manifests/queryfrontend/query_frontend_test.go index 99c5510a1..938db204d 100644 --- a/internal/manifests/queryfrontend/query_frontend_test.go +++ b/internal/manifests/queryfrontend/query_frontend_test.go @@ -482,9 +482,11 @@ func TestQueryFrontendJaegerRoute(t *testing.T) { func TestQueryFrontendJaegerTLS(t *testing.T) { objects, err := BuildQueryFrontend(manifestutils.Params{ - Gates: configv1alpha1.FeatureGates{ - HTTPEncryption: true, - GRPCEncryption: true, + CtrlConfig: configv1alpha1.ProjectConfig{ + Gates: configv1alpha1.FeatureGates{ + HTTPEncryption: true, + GRPCEncryption: true, + }, }, Tempo: v1alpha1.TempoStack{ ObjectMeta: metav1.ObjectMeta{ diff --git a/internal/manifests/servicemonitor/servicemonitor.go b/internal/manifests/servicemonitor/servicemonitor.go index 3893fcc3a..7e0cf1e67 100644 --- a/internal/manifests/servicemonitor/servicemonitor.go +++ b/internal/manifests/servicemonitor/servicemonitor.go @@ -37,7 +37,7 @@ func buildServiceMonitor(params manifestutils.Params, component string, port str scheme := "http" var tlsConfig *monitoringv1.TLSConfig - if params.Gates.HTTPEncryption { + if params.CtrlConfig.Gates.HTTPEncryption { scheme = "https" serverName := naming.ServiceFqdn(tempo.Namespace, tempo.Name, component) diff --git a/internal/manifests/servicemonitor/servicemonitor_test.go b/internal/manifests/servicemonitor/servicemonitor_test.go index 78300deeb..74526048a 100644 --- a/internal/manifests/servicemonitor/servicemonitor_test.go +++ b/internal/manifests/servicemonitor/servicemonitor_test.go @@ -60,8 +60,10 @@ func TestBuildServiceMonitors(t *testing.T) { func TestBuildServiceMonitorsTLS(t *testing.T) { objects := BuildServiceMonitors(manifestutils.Params{ - Gates: configv1alpha1.FeatureGates{ - HTTPEncryption: true, + CtrlConfig: configv1alpha1.ProjectConfig{ + Gates: configv1alpha1.FeatureGates{ + HTTPEncryption: true, + }, }, Tempo: v1alpha1.TempoStack{ ObjectMeta: metav1.ObjectMeta{ @@ -186,8 +188,10 @@ func TestBuildGatewayServiceMonitor(t *testing.T) { func TestBuildGatewayServiceMonitorsTLS(t *testing.T) { objects := BuildServiceMonitors(manifestutils.Params{ - Gates: configv1alpha1.FeatureGates{ - HTTPEncryption: true, + CtrlConfig: configv1alpha1.ProjectConfig{ + Gates: configv1alpha1.FeatureGates{ + HTTPEncryption: true, + }, }, Tempo: v1alpha1.TempoStack{ ObjectMeta: metav1.ObjectMeta{ diff --git a/internal/tlsprofile/options.go b/internal/tlsprofile/options.go index a53d1d62b..5b9a5c5d4 100644 --- a/internal/tlsprofile/options.go +++ b/internal/tlsprofile/options.go @@ -38,6 +38,6 @@ func (o TLSProfileOptions) MinVersionShort() (string, error) { case string(openshiftconfigv1.VersionTLS13): return "1.3", nil default: - return "", errors.New("invalid TLS version") + return "", ErrInvalidTLSVersion } } diff --git a/internal/upgrade/upgrade.go b/internal/upgrade/upgrade.go index bd3c6ec0b..9fdb70aeb 100644 --- a/internal/upgrade/upgrade.go +++ b/internal/upgrade/upgrade.go @@ -163,9 +163,6 @@ func (u Upgrade) updateTempoStackCR(ctx context.Context, tempo v1alpha1.TempoSta } } - // update all tempo images to the new default images on every upgrade - updateTempoStackImages(u, &tempo) - // at the end of the upgrade process, the CR is up to date with the current running component versions (Operator, Tempo, TempoQuery) // update all component versions in the Status field of the CR with the current running versions updateTempoStackVersions(u, &tempo) @@ -173,25 +170,6 @@ func (u Upgrade) updateTempoStackCR(ctx context.Context, tempo v1alpha1.TempoSta return tempo, nil } -// updateTempoStackImages updates all images with the default images of the operator configuration. -func updateTempoStackImages(u Upgrade, tempo *v1alpha1.TempoStack) { - if u.CtrlConfig.DefaultImages.Tempo != "" { - tempo.Spec.Images.Tempo = u.CtrlConfig.DefaultImages.Tempo - } - - if u.CtrlConfig.DefaultImages.TempoQuery != "" { - tempo.Spec.Images.TempoQuery = u.CtrlConfig.DefaultImages.TempoQuery - } - - if u.CtrlConfig.DefaultImages.TempoGateway != "" { - tempo.Spec.Images.TempoGateway = u.CtrlConfig.DefaultImages.TempoGateway - } - - if u.CtrlConfig.DefaultImages.TempoGatewayOpa != "" { - tempo.Spec.Images.TempoGatewayOpa = u.CtrlConfig.DefaultImages.TempoGatewayOpa - } -} - // updateTempoStackVersions updates all component versions in the CR with the current running component versions. func updateTempoStackVersions(u Upgrade, tempo *v1alpha1.TempoStack) { tempo.Status.OperatorVersion = u.Version.OperatorVersion diff --git a/internal/upgrade/upgrade_test.go b/internal/upgrade/upgrade_test.go index ca6289991..1cfafab68 100644 --- a/internal/upgrade/upgrade_test.go +++ b/internal/upgrade/upgrade_test.go @@ -29,12 +29,7 @@ func createTempoCR(t *testing.T, nsn types.NamespacedName, version string, manag }, Spec: v1alpha1.TempoStackSpec{ ManagementState: managementState, - Images: configv1alpha1.ImagesSpec{ - Tempo: "docker.io/grafana/tempo:0.0.0", - TempoQuery: "docker.io/grafana/tempo-query:0.0.0", - TempoGateway: "quay.io/observatorium/api:0.0.0", - TempoGatewayOpa: "quay.io/observatorium/opa-openshift:0.0.0", - }, + Images: configv1alpha1.ImagesSpec{}, Storage: v1alpha1.ObjectStorageSpec{ Secret: v1alpha1.ObjectStorageSecretSpec{ Type: v1alpha1.ObjectStorageSecretS3, @@ -82,14 +77,10 @@ func TestUpgradeToLatest(t *testing.T) { upgradedTempo := v1alpha1.TempoStack{} err = k8sClient.Get(context.Background(), nsn, &upgradedTempo) assert.NoError(t, err) + + // assert versions were updated assert.Equal(t, currentV.OperatorVersion, upgradedTempo.Status.OperatorVersion) assert.Equal(t, currentV.TempoVersion, upgradedTempo.Status.TempoVersion) - - // assert images were updated - assert.Equal(t, "docker.io/grafana/tempo:latest", upgradedTempo.Spec.Images.Tempo) - assert.Equal(t, "docker.io/grafana/tempo-query:latest", upgradedTempo.Spec.Images.TempoQuery) - assert.Equal(t, "quay.io/observatorium/api:latest", upgradedTempo.Spec.Images.TempoGateway) - assert.Equal(t, "quay.io/observatorium/opa-openshift:latest", upgradedTempo.Spec.Images.TempoGatewayOpa) } func TestSkipUpgrade(t *testing.T) { diff --git a/internal/upgrade/v0_6_0.go b/internal/upgrade/v0_6_0.go new file mode 100644 index 000000000..738ae483f --- /dev/null +++ b/internal/upgrade/v0_6_0.go @@ -0,0 +1,17 @@ +package upgrade + +import ( + "context" + + "github.com/grafana/tempo-operator/apis/tempo/v1alpha1" +) + +// This upgrade unsets the image fields in the TempoStack CR. +// From 0.6.0 onwards, the image location is not stored in the CR unless it got changed manually. +func upgrade0_6_0(ctx context.Context, u Upgrade, tempo *v1alpha1.TempoStack) (*v1alpha1.TempoStack, error) { + tempo.Spec.Images.Tempo = "" + tempo.Spec.Images.TempoQuery = "" + tempo.Spec.Images.TempoGateway = "" + tempo.Spec.Images.TempoGatewayOpa = "" + return tempo, nil +} diff --git a/internal/upgrade/versions.go b/internal/upgrade/versions.go index 8585c670c..b39c81897 100644 --- a/internal/upgrade/versions.go +++ b/internal/upgrade/versions.go @@ -31,5 +31,9 @@ var ( version: *semver.MustParse("0.5.0"), upgrade: upgrade0_5_0, }, + { + version: *semver.MustParse("0.6.0"), + upgrade: upgrade0_6_0, + }, } ) diff --git a/tests/e2e/generate/01-generate.yaml b/tests/e2e/generate/01-generate.yaml index 66d711c77..1c1c79149 100644 --- a/tests/e2e/generate/01-generate.yaml +++ b/tests/e2e/generate/01-generate.yaml @@ -7,6 +7,6 @@ commands: RELATED_IMAGE_TEMPO_QUERY=docker.io/grafana/tempo-query:2.2.1 RELATED_IMAGE_TEMPO_GATEWAY=quay.io/observatorium/api:main-2023-09-13-14e06c6 RELATED_IMAGE_TEMPO_GATEWAY_OPA=quay.io/observatorium/opa-openshift:main-2023-05-24-8e91537 - ../../../bin/manager generate --config ../../../config/overlays/community/controller_manager_config.yaml --cr cr.yaml --output generated.yaml" + ../../../bin/manager generate --config config.yaml --cr cr.yaml --output generated.yaml" - command: kubectl apply -f generated.yaml namespaced: true diff --git a/tests/e2e/generate/config.yaml b/tests/e2e/generate/config.yaml new file mode 100644 index 000000000..897fcc5df --- /dev/null +++ b/tests/e2e/generate/config.yaml @@ -0,0 +1,44 @@ +apiVersion: config.tempo.grafana.com/v1alpha1 +kind: ProjectConfig +distribution: community +health: + healthProbeBindAddress: :8081 +metrics: + bindAddress: 127.0.0.1:8080 +webhook: + port: 9443 +leaderElection: + leaderElect: true + resourceName: 8b886b0f.grafana.com +# leaderElectionReleaseOnCancel defines if the leader should step down volume +# when the Manager ends. This requires the binary to immediately end when the +# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly +# speeds up voluntary leader transitions as the new leader don't have to wait +# LeaseDuration time first. +# In the default scaffold provided, the program ends immediately after +# the manager stops, so would be fine to enable this option. However, +# if you are doing or is intended to do any operation such as perform cleanups +# after the manager stops then its usage might be unsafe. +# leaderElectionReleaseOnCancel: true +featureGates: + openshift: + openshiftRoute: false + servingCertsService: false + prometheusOperator: false + httpEncryption: false + grpcEncryption: false + tlsProfile: Modern + builtInCertManagement: + enabled: false + # CA certificate validity: 5 years + caValidity: 43830h + # CA certificate refresh at 80% of validity + caRefresh: 35064h + # Target certificate validity: 90d + certValidity: 2160h + # Target certificate refresh at 80% of validity + certRefresh: 1728h + observability: + metrics: + createServiceMonitors: false + createPrometheusRules: false From 4ceafa2c82bb0bee121212513cc3e887d29e0917 Mon Sep 17 00:00:00 2001 From: Andreas Gerstmayr Date: Thu, 9 Nov 2023 19:02:33 +0100 Subject: [PATCH 2/2] update changelog entry text Signed-off-by: Andreas Gerstmayr --- .chloggen/unset_images_in_cr.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.chloggen/unset_images_in_cr.yaml b/.chloggen/unset_images_in_cr.yaml index d4e1f8d20..76361b2bd 100644 --- a/.chloggen/unset_images_in_cr.yaml +++ b/.chloggen/unset_images_in_cr.yaml @@ -13,4 +13,6 @@ issues: [674] # (Optional) One or more lines of additional information to render under the primary note. # These lines will be padded with 2 spaces and then inserted directly into the document. # Use pipe (|) for multiline entries. -subtext: From 0.6.0 onwards, the image location is not stored in the TempoStack CR unless it got changed manually +subtext: | + This upgrade reverts any change to the `spec.images` fields of any TempoStack instance. + Beginning with version 0.6.0, the image location is not stored in the TempoStack instance unless it is changed manually.