From 21f7aa26883cebf881c5659a175799dd0607ce6f Mon Sep 17 00:00:00 2001 From: Daria Zubairova Date: Wed, 15 Sep 2021 10:21:57 +0300 Subject: [PATCH] Add gateway component to tempo-distributed Signed-off-by: Daria Zubairova --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 50 +++- charts/tempo-distributed/README.md.gotmpl | 1 + charts/tempo-distributed/templates/NOTES.txt | 3 + .../tempo-distributed/templates/_helpers.tpl | 34 +++ .../distributor/_helpers-distributor.tpl | 7 + .../distributor/deployment-distributor.yaml | 2 +- .../distributor/service-distributor.yaml | 2 +- .../servicemonitor-distributor.yaml | 2 +- .../templates/gateway/_helpers-gateway.tpl | 30 +++ .../templates/gateway/configmap-gateway.yaml | 11 + .../templates/gateway/deployment-gateway.yaml | 89 ++++++++ .../templates/gateway/ingress-gateway.yaml | 55 +++++ .../templates/gateway/secret-gateway.yaml | 13 ++ .../templates/gateway/service-gateway.yaml | 33 +++ charts/tempo-distributed/values.yaml | 213 +++++++++++++++++- 16 files changed, 540 insertions(+), 7 deletions(-) create mode 100644 charts/tempo-distributed/templates/gateway/_helpers-gateway.tpl create mode 100644 charts/tempo-distributed/templates/gateway/configmap-gateway.yaml create mode 100644 charts/tempo-distributed/templates/gateway/deployment-gateway.yaml create mode 100644 charts/tempo-distributed/templates/gateway/ingress-gateway.yaml create mode 100644 charts/tempo-distributed/templates/gateway/secret-gateway.yaml create mode 100644 charts/tempo-distributed/templates/gateway/service-gateway.yaml diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 355a7d0adf..b47d760cfb 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 0.9.14 +version: 0.9.15 appVersion: 1.1.0 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 77672c95f6..65a7905a81 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 0.9.14](https://img.shields.io/badge/Version-0.9.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.0](https://img.shields.io/badge/AppVersion-1.1.0-informational?style=flat-square) +![Version: 0.9.15](https://img.shields.io/badge/Version-0.9.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.0](https://img.shields.io/badge/AppVersion-1.1.0-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -102,6 +102,51 @@ The memcached default args are removed and should be provided manually. The sett | distributor.service.type | string | `"ClusterIP"` | Type of service for the distributor | | distributor.terminationGracePeriodSeconds | int | `30` | Grace period to allow the distributor to shutdown before it is killed | | distributor.tolerations | list | `[]` | Tolerations for distributor pods | +| gateway.affinity | string | Hard node and soft zone anti-affinity | Affinity for gateway pods. Passed through `tpl` and, thus, to be configured as string | +| gateway.basicAuth.enabled | bool | `false` | Enables basic authentication for the gateway | +| gateway.basicAuth.existingSecret | string | `nil` | Existing basic auth secret to use. Must contain '.htpasswd' | +| gateway.basicAuth.htpasswd | string | `"{{ htpasswd (required \"'gateway.basicAuth.username' is required\" .Values.gateway.basicAuth.username) (required \"'gateway.basicAuth.password' is required\" .Values.gateway.basicAuth.password) }}"` | Uses the specified username and password to compute a htpasswd using Sprig's `htpasswd` function. The value is templated using `tpl`. Override this to use a custom htpasswd, e.g. in case the default causes high CPU load. | +| gateway.basicAuth.password | string | `nil` | The basic auth password for the gateway | +| gateway.basicAuth.username | string | `nil` | The basic auth username for the gateway | +| gateway.enabled | bool | `false` | Specifies whether the gateway should be enabled | +| gateway.extraArgs | list | `[]` | Additional CLI args for the gateway | +| gateway.extraEnv | list | `[]` | Environment variables to add to the gateway pods | +| gateway.extraEnvFrom | list | `[]` | Environment variables from secrets or configmaps to add to the gateway pods | +| gateway.extraVolumeMounts | list | `[]` | Volume mounts to add to the gateway pods | +| gateway.extraVolumes | list | `[]` | Volumes to add to the gateway pods | +| gateway.image.pullPolicy | string | `"IfNotPresent"` | The gateway image pull policy | +| gateway.image.registry | string | `"docker.io"` | The Docker registry for the gateway image | +| gateway.image.repository | string | `"nginxinc/nginx-unprivileged"` | The gateway image repository | +| gateway.image.tag | string | `"1.19-alpine"` | The gateway image tag | +| gateway.ingress.annotations | object | `{}` | Ingress Class Name. MAY be required for Kubernetes versions >= 1.18 ingressClassName: nginx -- Annotations for the gateway ingress | +| gateway.ingress.enabled | bool | `false` | Specifies whether an ingress for the gateway should be created | +| gateway.ingress.hosts | list | `[{"host":"gateway.tempo.example.com","paths":[{"path":"/"}]}]` | Hosts configuration for the gateway ingress | +| gateway.ingress.tls | list | `[{"hosts":["gateway.tempo.example.com"],"secretName":"tempo-gateway-tls"}]` | TLS configuration for the gateway ingress | +| gateway.nginxConfig.file | string | See values.yaml | Config file contents for Nginx. Passed through the `tpl` function to allow templating | +| gateway.nginxConfig.httpSnippet | string | `""` | Allows appending custom configuration to the http block | +| gateway.nginxConfig.logFormat | string | `"main '$remote_addr - $remote_user [$time_local] $status '\n '\"$request\" $body_bytes_sent \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';"` | NGINX log format | +| gateway.nginxConfig.serverSnippet | string | `""` | Allows appending custom configuration to the server block | +| gateway.nodeSelector | object | `{}` | Node selector for gateway pods | +| gateway.podAnnotations | object | `{}` | Annotations for gateway pods | +| gateway.priorityClassName | string | `nil` | The name of the PriorityClass for gateway pods | +| gateway.readinessProbe.httpGet.path | string | `"/"` | | +| gateway.readinessProbe.httpGet.port | string | `"http"` | | +| gateway.readinessProbe.initialDelaySeconds | int | `15` | | +| gateway.readinessProbe.timeoutSeconds | int | `1` | | +| gateway.replicas | int | `1` | Number of replicas for the gateway | +| gateway.resources | object | `{}` | Resource requests and limits for the gateway | +| gateway.service.annotations | object | `{}` | Annotations for the gateway service | +| gateway.service.clusterIP | string | `nil` | ClusterIP of the gateway service | +| gateway.service.labels | object | `{}` | Labels for gateway service | +| gateway.service.loadBalancerIP | string | `nil` | Load balancer IPO address if service type is LoadBalancer | +| gateway.service.nodePort | string | `nil` | Node port if service type is NodePort | +| gateway.service.port | int | `80` | Port of the gateway service | +| gateway.service.type | string | `"ClusterIP"` | Type of the gateway service | +| gateway.terminationGracePeriodSeconds | int | `30` | Grace period to allow the gateway to shutdown before it is killed | +| gateway.tolerations | list | `[]` | Tolerations for gateway pods | +| global.clusterDomain | string | `"cluster.local"` | configures cluster domain ("cluster.local" by default) | +| global.dnsNamespace | string | `"kube-system"` | configures DNS service namespace | +| global.dnsService | string | `"kube-dns"` | configures DNS service name | | global.image.registry | string | `nil` | Overrides the Docker registry globally for all images | | global.priorityClassName | string | `nil` | Overrides the priorityClassName for all pods | | ingester.affinity | string | Hard node and soft zone anti-affinity | Affinity for ingester pods. Passed through `tpl` and, thus, to be configured as string | @@ -200,7 +245,7 @@ The memcached default args are removed and should be provided manually. The sett | serviceMonitor.scrapeTimeout | string | `nil` | ServiceMonitor scrape timeout in Go duration format (e.g. 15s) | | serviceMonitor.tlsConfig | string | `nil` | ServiceMonitor will use these tlsConfig settings to make the health check requests | | storage.trace.backend | string | `"local"` | | -| tempo | object | `{"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"grafana/tempo","tag":null},"readinessProbe":{"httpGet":{"path":"/ready","port":"http"},"initialDelaySeconds":30,"timeoutSeconds":1}}` | Overrides the chart's computed fullname fullnameOverride: tempo -- Overrides the chart's computed fullname | +| tempo | object | `{"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"grafana/tempo","tag":null},"readinessProbe":{"httpGet":{"path":"/ready","port":"http"},"initialDelaySeconds":30,"timeoutSeconds":1}}` | Overrides the chart's computed fullname fullnameOverride: tempo | | tempo.image.registry | string | `"docker.io"` | The Docker registry | | tempo.image.repository | string | `"grafana/tempo"` | Docker image repository | | tempo.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | @@ -227,6 +272,7 @@ The other components are optional and must be explicitly enabled. | query-frontend | no | | compactor | no | | memcached | yes | +| gateway | yes | ## (Configuration)[https://grafana.com/docs/tempo/latest/configuration/] diff --git a/charts/tempo-distributed/README.md.gotmpl b/charts/tempo-distributed/README.md.gotmpl index 73701b84a4..57bfc0f2f6 100644 --- a/charts/tempo-distributed/README.md.gotmpl +++ b/charts/tempo-distributed/README.md.gotmpl @@ -79,6 +79,7 @@ The other components are optional and must be explicitly enabled. | query-frontend | no | | compactor | no | | memcached | yes | +| gateway | yes | ## (Configuration)[https://grafana.com/docs/tempo/latest/configuration/] diff --git a/charts/tempo-distributed/templates/NOTES.txt b/charts/tempo-distributed/templates/NOTES.txt index c2ef1c631e..0ca96f3b04 100644 --- a/charts/tempo-distributed/templates/NOTES.txt +++ b/charts/tempo-distributed/templates/NOTES.txt @@ -15,3 +15,6 @@ Installed components: {{- if .Values.memcached.enabled }} * memcached {{- end }} +{{- if .Values.gateway.enabled }} +* gateway +{{- end }} \ No newline at end of file diff --git a/charts/tempo-distributed/templates/_helpers.tpl b/charts/tempo-distributed/templates/_helpers.tpl index c6836136db..7357b87587 100644 --- a/charts/tempo-distributed/templates/_helpers.tpl +++ b/charts/tempo-distributed/templates/_helpers.tpl @@ -86,3 +86,37 @@ Gossip ring Selector labels {{- define "tempo.gossipRing.selectorLabels" -}} tempo-gossip-member: "true" {{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "tempo.ingress.apiVersion" -}} + {{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version) -}} + {{- print "networking.k8s.io/v1" -}} + {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} + {{- print "networking.k8s.io/v1beta1" -}} + {{- else -}} + {{- print "extensions/v1beta1" -}} + {{- end -}} +{{- end -}} + +{{/* +Return if ingress is stable. +*/}} +{{- define "tempo.ingress.isStable" -}} + {{- eq (include "tempo.ingress.apiVersion" .) "networking.k8s.io/v1" -}} +{{- end -}} + +{{/* +Return if ingress supports ingressClassName. +*/}} +{{- define "tempo.ingress.supportsIngressClassName" -}} + {{- or (eq (include "tempo.ingress.isStable" .) "true") (and (eq (include "tempo.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}} +{{- end -}} + +{{/* +Return if ingress supports pathType. +*/}} +{{- define "tempo.ingress.supportsPathType" -}} + {{- or (eq (include "tempo.ingress.isStable" .) "true") (and (eq (include "tempo.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}} +{{- end -}} diff --git a/charts/tempo-distributed/templates/distributor/_helpers-distributor.tpl b/charts/tempo-distributed/templates/distributor/_helpers-distributor.tpl index 61caa5ca1b..39f9788f3a 100644 --- a/charts/tempo-distributed/templates/distributor/_helpers-distributor.tpl +++ b/charts/tempo-distributed/templates/distributor/_helpers-distributor.tpl @@ -1,3 +1,10 @@ +{{/* +distributor fullname +*/}} +{{- define "tempo.distributorFullname" -}} +{{ include "tempo.fullname" . }}-distributor +{{- end }} + {{/* distributor common labels */}} diff --git a/charts/tempo-distributed/templates/distributor/deployment-distributor.yaml b/charts/tempo-distributed/templates/distributor/deployment-distributor.yaml index 2e72fa1ff5..ccad302b01 100644 --- a/charts/tempo-distributed/templates/distributor/deployment-distributor.yaml +++ b/charts/tempo-distributed/templates/distributor/deployment-distributor.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "tempo.fullname" . }}-distributor + name: {{ include "tempo.distributorFullname" . }} namespace: {{ .Release.Namespace }} labels: {{- include "tempo.distributorLabels" . | nindent 4 }} diff --git a/charts/tempo-distributed/templates/distributor/service-distributor.yaml b/charts/tempo-distributed/templates/distributor/service-distributor.yaml index 9b81e518d6..ba441d4aa4 100644 --- a/charts/tempo-distributed/templates/distributor/service-distributor.yaml +++ b/charts/tempo-distributed/templates/distributor/service-distributor.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ template "tempo.fullname" . }}-distributor + name: {{ include "tempo.distributorFullname" . }} namespace: {{ .Release.Namespace }} labels: {{- include "tempo.distributorLabels" . | nindent 4 }} diff --git a/charts/tempo-distributed/templates/distributor/servicemonitor-distributor.yaml b/charts/tempo-distributed/templates/distributor/servicemonitor-distributor.yaml index 46883e210a..b885d39464 100644 --- a/charts/tempo-distributed/templates/distributor/servicemonitor-distributor.yaml +++ b/charts/tempo-distributed/templates/distributor/servicemonitor-distributor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ template "tempo.fullname" $ }}-distributor + name: {{ include "tempo.distributorFullname" $ }} {{- with .namespace }} namespace: {{ . }} {{- end }} diff --git a/charts/tempo-distributed/templates/gateway/_helpers-gateway.tpl b/charts/tempo-distributed/templates/gateway/_helpers-gateway.tpl new file mode 100644 index 0000000000..5f346432ec --- /dev/null +++ b/charts/tempo-distributed/templates/gateway/_helpers-gateway.tpl @@ -0,0 +1,30 @@ +{{/* +gateway fullname +*/}} +{{- define "tempo.gatewayFullname" -}} +{{ include "tempo.fullname" . }}-gateway +{{- end }} + +{{/* +gateway common labels +*/}} +{{- define "tempo.gatewayLabels" -}} +{{ include "tempo.labels" . }} +app.kubernetes.io/component: gateway +{{- end }} + +{{/* +gateway selector labels +*/}} +{{- define "tempo.gatewaySelectorLabels" -}} +{{ include "tempo.selectorLabels" . }} +app.kubernetes.io/component: gateway +{{- end }} + +{{/* +gateway image +*/}} +{{- define "tempo.gatewayImage" -}} +{{- $dict := dict "tempo" .Values.tempo.image "service" .Values.gateway.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion -}} +{{- include "tempo.tempoImage" $dict -}} +{{- end }} diff --git a/charts/tempo-distributed/templates/gateway/configmap-gateway.yaml b/charts/tempo-distributed/templates/gateway/configmap-gateway.yaml new file mode 100644 index 0000000000..4044f17424 --- /dev/null +++ b/charts/tempo-distributed/templates/gateway/configmap-gateway.yaml @@ -0,0 +1,11 @@ +{{- if .Values.gateway.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "tempo.gatewayFullname" . }} + labels: + {{- include "tempo.gatewayLabels" . | nindent 4 }} +data: + nginx.conf: | + {{- tpl .Values.gateway.nginxConfig.file . | nindent 4 }} +{{- end }} diff --git a/charts/tempo-distributed/templates/gateway/deployment-gateway.yaml b/charts/tempo-distributed/templates/gateway/deployment-gateway.yaml new file mode 100644 index 0000000000..e518a2b5b1 --- /dev/null +++ b/charts/tempo-distributed/templates/gateway/deployment-gateway.yaml @@ -0,0 +1,89 @@ +{{- if .Values.gateway.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tempo.gatewayFullname" . }} + labels: + {{- include "tempo.gatewayLabels" . | nindent 4 }} +spec: + minReadySeconds: 10 + replicas: {{ .Values.gateway.replicas }} + revisionHistoryLimit: 10 + selector: + matchLabels: + {{- include "tempo.gatewaySelectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ include (print .Template.BasePath "/gateway/configmap-gateway.yaml") . | sha256sum }} + {{- with .Values.gateway.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "tempo.gatewaySelectorLabels" . | nindent 8 }} + spec: + serviceAccountName: {{ include "tempo.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.gateway.terminationGracePeriodSeconds }} + containers: + - name: nginx + image: {{ include "tempo.gatewayImage" . }} + imagePullPolicy: {{ .Values.gateway.image.pullPolicy }} + ports: + - name: http + containerPort: 8080 + protocol: TCP + {{- with .Values.gateway.extraEnv }} + env: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.gateway.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + readinessProbe: + {{- toYaml .Values.gateway.readinessProbe | nindent 12 }} + volumeMounts: + - name: config + mountPath: /etc/nginx + {{- if .Values.gateway.basicAuth.enabled }} + - name: auth + mountPath: /etc/nginx/secrets + {{- end }} + - name: tmp + mountPath: /tmp + - name: docker-entrypoint-d-override + mountPath: /docker-entrypoint.d + {{- if .Values.gateway.extraVolumeMounts }} + {{- toYaml .Values.gateway.extraVolumeMounts | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.gateway.resources | nindent 12 }} + {{- with .Values.gateway.affinity }} + affinity: + {{- tpl . $ | nindent 8 }} + {{- end }} + {{- with .Values.gateway.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.gateway.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ include "tempo.gatewayFullname" . }} + {{- if .Values.gateway.basicAuth.enabled }} + - name: auth + secret: + secretName: {{ include "tempo.gatewayAuthSecret" . }} + {{- end }} + - name: tmp + emptyDir: {} + - name: docker-entrypoint-d-override + emptyDir: {} + {{- if .Values.gateway.extraVolumes }} + {{- toYaml .Values.gateway.extraVolumes | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/tempo-distributed/templates/gateway/ingress-gateway.yaml b/charts/tempo-distributed/templates/gateway/ingress-gateway.yaml new file mode 100644 index 0000000000..4c5db9a7be --- /dev/null +++ b/charts/tempo-distributed/templates/gateway/ingress-gateway.yaml @@ -0,0 +1,55 @@ +{{- if .Values.gateway.enabled -}} +{{- if .Values.gateway.ingress.enabled -}} +{{- $ingressApiIsStable := eq (include "tempo.ingress.isStable" .) "true" -}} +{{- $ingressSupportsIngressClassName := eq (include "tempo.ingress.supportsIngressClassName" .) "true" -}} +{{- $ingressSupportsPathType := eq (include "tempo.ingress.supportsPathType" .) "true" -}} +apiVersion: {{ include "tempo.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "tempo.gatewayFullname" . }} + labels: + {{- include "tempo.gatewayLabels" . | nindent 4 }} + {{- with .Values.gateway.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and $ingressSupportsIngressClassName .Values.gateway.ingress.ingressClassName }} + ingressClassName: {{ .Values.gateway.ingress.ingressClassName }} + {{- end -}} + {{- if .Values.gateway.ingress.tls }} + tls: + {{- range .Values.gateway.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + {{- with .secretName }} + secretName: {{ . }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.gateway.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if $ingressSupportsPathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if $ingressApiIsStable }} + service: + name: {{ include "tempo.gatewayFullname" $ }} + port: + number: {{ $.Values.gateway.service.port }} + {{- else }} + serviceName: {{ include "tempo.gatewayFullname" $ }} + servicePort: {{ $.Values.gateway.service.port }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/tempo-distributed/templates/gateway/secret-gateway.yaml b/charts/tempo-distributed/templates/gateway/secret-gateway.yaml new file mode 100644 index 0000000000..02b19c475b --- /dev/null +++ b/charts/tempo-distributed/templates/gateway/secret-gateway.yaml @@ -0,0 +1,13 @@ +{{- with .Values.gateway }} +{{- if and .enabled .basicAuth.enabled (not .basicAuth.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "tempo.gatewayFullname" $ }} + labels: + {{- include "tempo.gatewayLabels" $ | nindent 4 }} +stringData: + .htpasswd: | + {{- tpl .basicAuth.htpasswd $ | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/tempo-distributed/templates/gateway/service-gateway.yaml b/charts/tempo-distributed/templates/gateway/service-gateway.yaml new file mode 100644 index 0000000000..0c802cf9e9 --- /dev/null +++ b/charts/tempo-distributed/templates/gateway/service-gateway.yaml @@ -0,0 +1,33 @@ +{{- if .Values.gateway.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "tempo.gatewayFullname" . }} + labels: + {{- include "tempo.gatewayLabels" . | nindent 4 }} + {{- with .Values.gateway.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.gateway.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.gateway.service.type }} + {{- with .Values.gateway.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- if and (eq "LoadBalancer" .Values.gateway.service.type) .Values.gateway.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.gateway.service.loadBalancerIP }} + {{- end }} + ports: + - name: http + port: {{ .Values.gateway.service.port }} + targetPort: http + {{- if and (eq "NodePort" .Values.gateway.service.type) .Values.gateway.service.nodePort }} + nodePort: {{ .Values.gateway.service.nodePort }} + {{- end }} + protocol: TCP + selector: + {{- include "tempo.gatewaySelectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index bd1be43e21..3485cfec4b 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -4,9 +4,14 @@ global: registry: null # -- Overrides the priorityClassName for all pods priorityClassName: null + # -- configures cluster domain ("cluster.local" by default) + clusterDomain: "cluster.local" + # -- configures DNS service name + dnsService: "kube-dns" + # -- configures DNS service namespace + dnsNamespace: "kube-system" # -- Overrides the chart's computed fullname # fullnameOverride: tempo -# -- Overrides the chart's computed fullname tempo: image: # -- The Docker registry @@ -526,3 +531,209 @@ serviceMonitor: scheme: http # -- ServiceMonitor will use these tlsConfig settings to make the health check requests tlsConfig: null + +# Configuration for the gateway +gateway: + # -- Specifies whether the gateway should be enabled + enabled: false + # -- Number of replicas for the gateway + replicas: 1 + image: + # -- The Docker registry for the gateway image + registry: docker.io + # -- The gateway image repository + repository: nginxinc/nginx-unprivileged + # -- The gateway image tag + tag: 1.19-alpine + # -- The gateway image pull policy + pullPolicy: IfNotPresent + # -- The name of the PriorityClass for gateway pods + priorityClassName: null + # -- Annotations for gateway pods + podAnnotations: {} + # -- Additional CLI args for the gateway + extraArgs: [] + # -- Environment variables to add to the gateway pods + extraEnv: [] + # -- Environment variables from secrets or configmaps to add to the gateway pods + extraEnvFrom: [] + # -- Volumes to add to the gateway pods + extraVolumes: [] + # -- Volume mounts to add to the gateway pods + extraVolumeMounts: [] + # -- Resource requests and limits for the gateway + resources: {} + # -- Grace period to allow the gateway to shutdown before it is killed + terminationGracePeriodSeconds: 30 + # -- Affinity for gateway pods. Passed through `tpl` and, thus, to be configured as string + # @default -- Hard node and soft zone anti-affinity + affinity: | + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + {{- include "tempo.gatewaySelectorLabels" . | nindent 10 }} + topologyKey: kubernetes.io/hostname + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + {{- include "tempo.gatewaySelectorLabels" . | nindent 12 }} + topologyKey: failure-domain.beta.kubernetes.io/zone + # -- Node selector for gateway pods + nodeSelector: {} + # -- Tolerations for gateway pods + tolerations: [] + # Gateway service configuration + service: + # -- Port of the gateway service + port: 80 + # -- Type of the gateway service + type: ClusterIP + # -- ClusterIP of the gateway service + clusterIP: null + # -- Node port if service type is NodePort + nodePort: null + # -- Load balancer IPO address if service type is LoadBalancer + loadBalancerIP: null + # -- Annotations for the gateway service + annotations: {} + # -- Labels for gateway service + labels: {} + # Gateway ingress configuration + ingress: + # -- Specifies whether an ingress for the gateway should be created + enabled: false + # -- Ingress Class Name. MAY be required for Kubernetes versions >= 1.18 + # ingressClassName: nginx + # -- Annotations for the gateway ingress + annotations: {} + # -- Hosts configuration for the gateway ingress + hosts: + - host: gateway.tempo.example.com + paths: + - path: / + # -- pathType (e.g. ImplementationSpecific, Prefix, .. etc.) might also be required by some Ingress Controllers + # pathType: Prefix + # -- TLS configuration for the gateway ingress + tls: + - secretName: tempo-gateway-tls + hosts: + - gateway.tempo.example.com + # Basic auth configuration + basicAuth: + # -- Enables basic authentication for the gateway + enabled: false + # -- The basic auth username for the gateway + username: null + # -- The basic auth password for the gateway + password: null + # -- Uses the specified username and password to compute a htpasswd using Sprig's `htpasswd` function. + # The value is templated using `tpl`. Override this to use a custom htpasswd, e.g. in case the default causes + # high CPU load. + htpasswd: >- + {{ htpasswd (required "'gateway.basicAuth.username' is required" .Values.gateway.basicAuth.username) (required "'gateway.basicAuth.password' is required" .Values.gateway.basicAuth.password) }} + # -- Existing basic auth secret to use. Must contain '.htpasswd' + existingSecret: null + # Configures the readiness probe for the gateway + readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 15 + timeoutSeconds: 1 + nginxConfig: + # -- NGINX log format + logFormat: |- + main '$remote_addr - $remote_user [$time_local] $status ' + '"$request" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + # -- Allows appending custom configuration to the server block + serverSnippet: "" + # -- Allows appending custom configuration to the http block + httpSnippet: "" + # -- Config file contents for Nginx. Passed through the `tpl` function to allow templating + # @default -- See values.yaml + file: | + worker_processes 5; ## Default: 1 + error_log /dev/stderr; + pid /tmp/nginx.pid; + worker_rlimit_nofile 8192; + + events { + worker_connections 4096; ## Default: 1024 + } + + http { + client_body_temp_path /tmp/client_temp; + proxy_temp_path /tmp/proxy_temp_path; + fastcgi_temp_path /tmp/fastcgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + scgi_temp_path /tmp/scgi_temp; + + default_type application/octet-stream; + log_format {{ .Values.gateway.nginxConfig.logFormat }} + access_log /dev/stderr main; + sendfile on; + tcp_nopush on; + resolver {{ .Values.global.dnsService }}.{{ .Values.global.dnsNamespace }}.svc.{{ .Values.global.clusterDomain }}; + + {{- with .Values.gateway.nginxConfig.httpSnippet }} + {{ . | nindent 2 }} + {{- end }} + + server { + listen 8080; + + {{- if .Values.gateway.basicAuth.enabled }} + auth_basic "Tempo"; + auth_basic_user_file /etc/nginx/secrets/.htpasswd; + {{- end }} + + location = / { + return 200 'OK'; + auth_basic off; + } + + location = /jaeger/api/traces { + proxy_pass http://{{ include "tempo.distributorFullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:14268/api/traces; + } + + location = /zipkin/spans { + proxy_pass http://{{ include "tempo.distributorFullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:9411/spans; + } + + location = /otlp/v1/traces { + proxy_pass http://{{ include "tempo.distributorFullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:55681/v1/traces; + } + + location ^~ /api { + proxy_pass http://{{ include "tempo.queryFrontendFullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri; + } + + location = /flush { + proxy_pass http://{{ include "tempo.ingesterFullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri; + } + + location = /shutdown { + proxy_pass http://{{ include "tempo.ingesterFullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri; + } + + location = /distributor/ring { + proxy_pass http://{{ include "tempo.distributorFullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri; + } + + location = /ingester/ring { + proxy_pass http://{{ include "tempo.distributorFullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri; + } + + location = /compactor/ring { + proxy_pass http://{{ include "tempo.compactorFullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri; + } + + {{- with .Values.gateway.nginxConfig.serverSnippet }} + {{ . | nindent 4 }} + {{- end }} + } + }