Add doc about configuring TLS with Helm #4328
Conversation
zalegrala
requested review from
knylander-grafana,
joe-elliott,
mdisibio,
mapno,
yvrhdn,
electron0zero,
ie-pham and
stoewer
as code owners
| querier: | ||
| frontend_worker: | ||
| grpc_client_config: | ||
| tls_ca_path: /tls/ca.crt | ||
| tls_cert_path: /tls/tls.crt | ||
| tls_enabled: true | ||
| tls_key_path: /tls/tls.key | ||
| tls_server_name: tempo-distributed.trace.svc.cluster.local |
There was a problem hiding this comment.
This client is the only one that supports two ways of setting TLS. Through this method, but also through here. If you see value in unification, I would remove the latter option since at least for me it just caused confusion when setting up TLS (given, back then I didn't know of the structuredConfig option)
There was a problem hiding this comment.
That sounds reasonable to me. Would you like to PR for this? If not I can follow up. We'll want to mark it a breaking change, and validate that the structuredConfig is the right approach in all cases. Wouldn't mind at least other eyes on that portion.
| readinessProbe: | ||
| httpGet: | ||
| scheme: HTTPS | ||
| structuredConfig: |
There was a problem hiding this comment.
this section should also have the memcached tls config, or a mention of it in the written part
cache:
caches:
- memcached:
<tls_config>
There was a problem hiding this comment.
This works and I'll include a bit of config for it in the example. The exporter is a little more work due to the way the annotations are handled, so I'm going to leave that out of this PR.
Co-authored-by: Markus Toivonen <[email protected]>
Co-authored-by: Kim Nylander <[email protected]>
Co-authored-by: Kim Nylander <[email protected]>
|
|
||
| ### Configure TLS with Helm | ||
|
|
||
| To configure TLS with the Helm chart, you must have a TLS key-pair and CA certificate stored in a Kubernetes secret. |
There was a problem hiding this comment.
Will this example values.yaml file work with any Tempo or GET Helm chart? Or is it specifically designed to use tempo-distributed?
Asking because I thought about adding a link to the tempo-distributed Helm chart and doc here, but then I wasn't sure if this is specifically part of that.
Either way, I'm linking from the tempo-distributed doc to here for TLS: #4334
There was a problem hiding this comment.
This is only for the tempo-distributed helm chart.
|
@zalegrala I added a section to the helm chart doc about TLS. Would you review? #4334 Is the TLS capability going to be in the next release? Or is this something we should backport to the current release docs? |
|
@knylander-grafana This has always been possible with tempo and helm, but we haven't had good docs for it. I'd seen a couple questions in community slack, so I followed up with a working doc. No tempo release is needed, but the helm release got merged and is available now. |
* chore: remove gofakeit dependency (#4274) * Further reduce Labes() calls in the metrics registry (#4283) * Respect passed headers in read path requests (#4287) * Ingester: Validate completed blocks (#4256) * Add validate method to block Signed-off-by: Joe Elliott <[email protected]> * Add Validate usage in the ingester Signed-off-by: Joe Elliott <[email protected]> * changelog Signed-off-by: Joe Elliott <[email protected]> * add test and fix replay Signed-off-by: Joe Elliott <[email protected]> * increment metric Signed-off-by: Joe Elliott <[email protected]> --------- Signed-off-by: Joe Elliott <[email protected]> * Add `invalid_utf8` to reasons spans could be rejected (#4293) * Add `invalid_utf8` to reasons spans could be rejected * Update changelog * Update docs * Ensure test covers invalid UTF-8 and not slack time * add signals for duplicate rf1 data (#4296) Signed-off-by: Joe Elliott <[email protected]> * Bump anchore/sbom-action from 0.17.5 to 0.17.7 (#4307) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.17.5 to 0.17.7. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@v0.17.5...v0.17.7) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs: Update readme with explore traces info (#4263) * docs: Update readme with explore traces info Co-authored-by: Kim Nylander <[email protected]> * chore: remove spanlogger (#4312) * chore: remove spanlogger * Query-Frontend: Add middleware to drop headers (#4298) * header strip ware Signed-off-by: Joe Elliott <[email protected]> * comment Signed-off-by: Joe Elliott <[email protected]> * changelog Signed-off-by: Joe Elliott <[email protected]> * remove header strip wear from metrics summary Signed-off-by: Joe Elliott <[email protected]> --------- Signed-off-by: Joe Elliott <[email protected]> * Increase length of time compactions have to fail (#4315) * increase length of time compactions have to fail Signed-off-by: Joe Elliott <[email protected]> * gen Signed-off-by: Joe Elliott <[email protected]> --------- Signed-off-by: Joe Elliott <[email protected]> * docs: mark serverless as deprecated (#4017) * docs: mark serverless as deprecated * Changelog + readme * docs: Remove duplicated examples (#4295) This removes duplicates examples from the Configure TraceQL metrics page. Signed-off-by: Alex Bikfalvi <[email protected]> * tempo-cli: support dropping multiple traces in a single operation (#4266) * tempo-cli: support dropping multiple traces in a single operation * update final log message --------- Co-authored-by: Suraj Nath <[email protected]> * [DOC] Add clarification for metrics summary and traceQL metrics (#4316) * Add clarification for metrics summary and traceQL metrics * Apply suggestions from code review Co-authored-by: Jennifer Villa <[email protected]> * Update docs/sources/tempo/api_docs/metrics-summary.md --------- Co-authored-by: Jennifer Villa <[email protected]> * TraceQL metrics time range fixes (#4325) * Disconnect job time range filtering from step, so that results in split backend/recent range is accurate * changelog * Fix to assert metrics query range before alignment because alignment may increase it, which is not the responsibility of the caller to account for (#4331) * Add doc about configuring TLS with Helm (#4328) * Add doc about configuring TLS with Helm * Add memberlist and readinessProbe to example * Include server config for listening on TLS * Add note about scraping * Update docs/sources/tempo/configuration/network/tls.md Co-authored-by: Markus Toivonen <[email protected]> * Update docs/sources/tempo/configuration/network/tls.md Co-authored-by: Kim Nylander <[email protected]> * Update docs/sources/tempo/configuration/network/tls.md Co-authored-by: Kim Nylander <[email protected]> * Add memcached config for TLS --------- Co-authored-by: Markus Toivonen <[email protected]> Co-authored-by: Kim Nylander <[email protected]> * [DOC] Add TLS info to Helm chart doc (#4334) --------- Signed-off-by: Joe Elliott <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Alex Bikfalvi <[email protected]> Co-authored-by: Javier Molina Reyes <[email protected]> Co-authored-by: Zach Leslie <[email protected]> Co-authored-by: Joe Elliott <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ryan Perry <[email protected]> Co-authored-by: Kim Nylander <[email protected]> Co-authored-by: Suraj Nath <[email protected]> Co-authored-by: Alex Bikfalvi <[email protected]> Co-authored-by: Andrey Karpov <[email protected]> Co-authored-by: Jennifer Villa <[email protected]> Co-authored-by: Martin Disibio <[email protected]> Co-authored-by: Markus Toivonen <[email protected]>
What this PR does:
Here we include some information about how to get a working TLS configuration using the
tempo-distributedHelm chart.Which issue(s) this PR fixes:
Fixes #
Checklist
CHANGELOG.mdupdated - the order of entries should be[CHANGE],[FEATURE],[ENHANCEMENT],[BUGFIX]