Add TempoMonolithic deployment (#57)

Author: christian-stephen

.circleci/config.yml

@@ -206,6 +206,14 @@ jobs:
           command: |
             helm install server-monitoring-stack ./target/server-monitoring-stack*.tgz \
               -n server-monitoring --set global.enabled=false --set prometheusOperator.installCRDs=true
+      - run:
+          name: Install Grafana Tempo operator
+          command: |
+            kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.18.0/cert-manager.yaml
+            kubectl wait --for=condition=available --timeout=30s deployment/cert-manager-webhook -n cert-manager
+
+            kubectl apply -f https://github.com/grafana/tempo-operator/releases/download/v0.16.0/tempo-operator.yaml
+            kubectl wait --for=condition=available --timeout=30s deployment/tempo-operator-controller -n tempo-operator-system
       - run:
           name: Install Helm chart
           command: helm upgrade --install server-monitoring-stack . --reset-values --timeout=2m -n server-monitoring

README.md

@@ -51,12 +51,21 @@ $ helm repo update
 
 ### 3. Install Dependencies
 
-Before installing the full chart, you must first install the dependency subcharts, including the Prometheus Custom Resource Definitions (CRDs) and the Grafana operator chart. This assumes you are installing it in the same namespace as your CircleCI server installation:
+Before installing the full chart, you must first install the dependency subcharts and operators.
+
+#### 3.1 Install Prometheus CRDs and Grafana Operator
+
+Install the Prometheus Custom Resource Definitions (CRDs) and the Grafana operator chart. This assumes you are installing it in the same namespace as your CircleCI server installation:
 
 ```bash
 $ helm install server-monitoring-stack server-monitoring-stack/server-monitoring-stack --set global.enabled=false --set prometheusOperator.installCRDs=true --version 0.1.0-alpha.4 -n <your-server-namespace>
 ```
-> **_NOTE:_**  It's possible to install the monitoring stack in a different namespace than the CircleCI server installation. If you do so, set the `prometheus.serviceMonitor.selectorNamespaces` value with the target namespace.
+
+> **_NOTE:_** It's possible to install the monitoring stack in a different namespace than the CircleCI server installation. If you do so, set the `prometheus.serviceMonitor.selectorNamespaces` value with the target namespace.
+
+#### 3.2 Install Tempo Operator (Optional)
+
+If you plan to enable distributed tracing with Tempo (`tempo.enabled=true`), you must manually install the Tempo Operator by following the official documentation at https://grafana.com/docs/tempo/latest/setup/operator/#installation[]. There is currently no official Helm chart available for the Tempo Operator or its CRDs.
 
 ### 4. Install the Helm Chart
 
@@ -211,6 +220,16 @@ Dashboards are provisioned directly from CRDs, which means any manual edits will
 | prometheusOperator.prometheusConfigReloader.image.repository | string | `"quay.io/prometheus-operator/prometheus-config-reloader"` | Image repository for Prometheus Config Reloader. |
 | prometheusOperator.prometheusConfigReloader.image.tag | string | `"v0.81.0"` | Tag for the Prometheus Config Reloader image. |
 | prometheusOperator.replicas | int | `1` | Number of Prometheus Operator replicas to deploy. |
+| tempo.enabled | string | `"-"` | Enable Tempo distributed tracing Requires manual installation of Tempo Operator Set to true to enable, false to disable, "-" to use global default |
+| tempo.resources | object | `{"limits":{"cpu":"1000m","memory":"2Gi"},"requests":{"cpu":"500m","memory":"1Gi"}}` | Resource requirements for Tempo pods Adjust based on your trace volume and cluster capacity |
+| tempo.resources.limits.cpu | string | `"1000m"` | Maximum CPU Tempo pods can use |
+| tempo.resources.limits.memory | string | `"2Gi"` | Maximum memory Tempo pods can use |
+| tempo.resources.requests.cpu | string | `"500m"` | Minimum CPU guaranteed to Tempo pods |
+| tempo.resources.requests.memory | string | `"1Gi"` | Minimum memory guaranteed to Tempo pods |
+| tempo.retentionPeriod | string | `"24h"` | Trace retention period How long to keep trace data before deletion |
+| tempo.storage | object | `{"traces":{"backend":"memory","size":"20Gi"}}` | Storage configuration for trace data |
+| tempo.storage.traces.backend | string | `"memory"` | Storage backend for traces Default: in-memory storage (traces lost on pod restart) Suitable for development/testing environments only |
+| tempo.storage.traces.size | string | `"20Gi"` | Storage volume size For memory/pv: actual volume size For cloud backends: size of WAL (Write-Ahead Log) volume Increase for higher trace volumes or longer retention |
 
 ## Releases
 

README.md.gotmpl

@@ -45,12 +45,21 @@ $ helm repo update
 
 ### 3. Install Dependencies
 
-Before installing the full chart, you must first install the dependency subcharts, including the Prometheus Custom Resource Definitions (CRDs) and the Grafana operator chart. This assumes you are installing it in the same namespace as your CircleCI server installation:
+Before installing the full chart, you must first install the dependency subcharts and operators.
+
+#### 3.1 Install Prometheus CRDs and Grafana Operator
+
+Install the Prometheus Custom Resource Definitions (CRDs) and the Grafana operator chart. This assumes you are installing it in the same namespace as your CircleCI server installation:
 
 ```bash
 $ helm install {{ template "chart.name" . }} {{ template "chart.name" . }}/{{ template "chart.name" . }} --set global.enabled=false --set prometheusOperator.installCRDs=true --version {{ template "chart.version" . }} -n <your-server-namespace>
 ```
-> **_NOTE:_**  It's possible to install the monitoring stack in a different namespace than the CircleCI server installation. If you do so, set the `prometheus.serviceMonitor.selectorNamespaces` value with the target namespace.
+
+> **_NOTE:_** It's possible to install the monitoring stack in a different namespace than the CircleCI server installation. If you do so, set the `prometheus.serviceMonitor.selectorNamespaces` value with the target namespace.
+
+#### 3.2 Install Tempo Operator (Optional)
+
+If you plan to enable distributed tracing with Tempo (`tempo.enabled=true`), you must manually install the Tempo Operator by following the official documentation at https://grafana.com/docs/tempo/latest/setup/operator/#installation[]. There is currently no official Helm chart available for the Tempo Operator or its CRDs.
 
 ### 4. Install the Helm Chart
 

do

@@ -15,13 +15,21 @@ version() {
 help_kubeconform="Run helm kubeconform"
 kubeconform() {
     check-helm
-
     install-plugin kubeconform https://github.com/jtyr/kubeconform-helm
 
-    helm kubeconform --ignore-missing-schema --verbose --summary --strict "$@" \
+    # Add schemas not included in any catalogs
+    schemas_dir="./target/schemas"
+    mkdir -p "${schemas_dir}"
+    cd "${schemas_dir}"
+    curl -s https://raw.githubusercontent.com/yannh/kubeconform/master/scripts/openapi2jsonschema.py | \
+        python3 - https://raw.githubusercontent.com/grafana/tempo-operator/refs/heads/main/config/crd/bases/tempo.grafana.com_tempomonolithics.yaml
+    cd -
+
+    helm kubeconform --verbose --summary --strict "$@" \
         --schema-location default \
-        --schema-location https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json \
-        . --skip GrafanaDashboard # https://github.com/yannh/kubeconform/issues/300
+        --schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json" \
+        --schema-location "${schemas_dir}/{{ .ResourceKind }}_{{.ResourceAPIVersion}}.json" \
+        .
 }
 
 # This variable is used, but shellcheck can't tell.

templates/_helpers.tpl

@@ -36,3 +36,12 @@ Compute if grafana is enabled.
   (eq (.Values.grafana.enabled | toString) "true")
   (and (eq (.Values.grafana.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
 {{- end -}}
+
+{{/*
+Compute if tempo is enabled.
+*/}}
+{{- define "tempo.enabled" -}}
+{{- $_ := set . "tempoEnabled" (or
+  (eq (.Values.tempo.enabled | toString) "true")
+  (and (eq (.Values.tempo.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}

templates/tempo/tempomonolithic.yaml

@@ -0,0 +1,55 @@
+{{- include "tempo.enabled" . -}}
+{{- if .tempoEnabled }}
+{{- $name := include "server-monitoring.fullname" . -}}
+
+apiVersion: tempo.grafana.com/v1alpha1
+kind: TempoMonolithic
+metadata:
+  name: {{ $name }}-tempo
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ $name }}-tempo
+spec:
+  {{- with .Values.tempo.resources }}
+  resources:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+
+  {{- with .Values.tempo.storage.traces }}
+  storage:
+    traces:
+      backend: {{ .backend }}
+      size: {{ .size }}
+
+      {{- if eq .backend "s3" }}
+      s3:
+        secret: {{ .s3.secret }}
+      {{- end }}
+
+      {{- if eq .backend "gcs" }}
+      gcs:
+        secret: {{ .gcs.secret }}
+      {{- end }}
+  {{- end }}
+
+  # TODO: https://circleci.atlassian.net/browse/ONPREM-2157
+  #  observability:
+  #    grafana:
+  #      dataSource:
+  #        enabled: true
+
+  extraConfig:
+    tempo:
+      limits_config:
+        retention_period: {{ .Values.tempo.retentionPeriod }}
+      compactor:
+        ring:
+          kvstore:
+            store: inmemory
+      ingester:
+        lifecycler:
+          ring:
+            kvstore:
+              store: inmemory
+
+{{- end }}

tests/kubeconform/pvc-values.yaml

@@ -7,3 +7,8 @@ grafana:
   persistence:
     enabled: true
     storageClass: "custom-storage"
+
+tempo:
+  storage:
+    traces:
+      backend: pv

tests/tempo/tempomonolithic_test.yaml

@@ -0,0 +1,109 @@
+suite: test tempo
+templates:
+  - tempo/tempomonolithic.yaml
+tests:
+  - it: should work with basic configuration
+    set:
+      tempo.enabled: true
+      tempo.resources.requests.cpu: 250m
+      tempo.resources.requests.memory: 512Mi
+      tempo.resources.limits.cpu: 500m
+      tempo.resources.limits.memory: 1Gi
+      tempo.storage.traces.size: 20Gi
+    asserts:
+      - isKind:
+          of: TempoMonolithic
+      - matchRegex:
+          path: metadata.name
+          pattern: tempo
+      - equal:
+          path: spec.resources.requests.cpu
+          value: 250m
+      - equal:
+          path: spec.resources.requests.memory
+          value: 512Mi
+      - equal:
+          path: spec.resources.limits.cpu
+          value: 500m
+      - equal:
+          path: spec.resources.limits.memory
+          value: 1Gi
+      - equal:
+          path: spec.storage.traces.size
+          value: 20Gi
+
+  - it: should configure memory backend
+    set:
+      tempo.enabled: true
+      tempo.storage.traces.backend: memory
+      tempo.storage.traces.size: 2Gi
+    asserts:
+      - equal:
+          path: spec.storage.traces.backend
+          value: memory
+      - equal:
+          path: spec.storage.traces.size
+          value: 2Gi
+
+  - it: should configure s3 backend
+    set:
+      tempo.enabled: true
+      tempo.storage.traces.backend: s3
+      tempo.storage.traces.s3.secret: my-s3-secret
+      tempo.storage.traces.size: 100Gi
+    asserts:
+      - equal:
+          path: spec.storage.traces.backend
+          value: s3
+      - equal:
+          path: spec.storage.traces.s3.secret
+          value: my-s3-secret
+      - equal:
+          path: spec.storage.traces.size
+          value: 100Gi
+
+  - it: should configure gcs backend
+    set:
+      tempo.enabled: true
+      tempo.storage.traces.backend: gcs
+      tempo.storage.traces.gcs.secret: my-gcs-secret
+      tempo.storage.traces.size: 100Gi
+    asserts:
+      - equal:
+          path: spec.storage.traces.backend
+          value: gcs
+      - equal:
+          path: spec.storage.traces.gcs.secret
+          value: my-gcs-secret
+      - equal:
+          path: spec.storage.traces.size
+          value: 100Gi
+
+  - it: should configure pv backend
+    set:
+      tempo.enabled: true
+      tempo.storage.traces.backend: pv
+      tempo.storage.traces.size: 50Gi
+    asserts:
+      - equal:
+          path: spec.storage.traces.backend
+          value: pv
+      - equal:
+          path: spec.storage.traces.size
+          value: 50Gi
+
+  - it: should set retention period
+    set:
+      tempo.enabled: true
+      tempo.retentionPeriod: 7d
+    asserts:
+      - equal:
+          path: spec.extraConfig.tempo.limits_config.retention_period
+          value: 7d
+
+  - it: should not create resource when disabled
+    set:
+      tempo.enabled: false
+    asserts:
+      - hasDocuments:
+          count: 0

values.yaml

@@ -149,3 +149,53 @@ grafana:
   dashboards:
     # -- The directory containing JSON files for Grafana dashboards.
     jsonDirectory: dashboards
+
+tempo:
+  # -- Enable Tempo distributed tracing
+  # Requires manual installation of Tempo Operator
+  # Set to true to enable, false to disable, "-" to use global default
+  enabled: "-"
+  # -- Resource requirements for Tempo pods
+  # Adjust based on your trace volume and cluster capacity
+  resources:
+    requests:
+      # -- Minimum CPU guaranteed to Tempo pods
+      cpu: 500m
+      # -- Minimum memory guaranteed to Tempo pods
+      memory: 1Gi
+    limits:
+      # -- Maximum CPU Tempo pods can use
+      cpu: 1000m
+      # -- Maximum memory Tempo pods can use
+      memory: 2Gi
+  # -- Storage configuration for trace data
+  storage:
+    traces:
+      # -- Storage backend for traces
+      # Default: in-memory storage (traces lost on pod restart)
+      # Suitable for development/testing environments only
+      backend: memory
+
+      # -- Persistent Volume storage
+      # Stores traces on persistent disk attached to the pod
+      # backend: pv
+
+      # -- Cloud storage backends
+      # Choose based on your CircleCI server deployment location:
+
+      # -- AWS S3 (use if CircleCI server is on AWS)
+      # s3:
+      #   secret: tempo-s3-secret
+
+      # -- Google Cloud Storage (use if CircleCI server is on GCP)
+      # gcs:
+      #   secret: tempo-gcs-secret
+
+      # -- Storage volume size
+      # For memory/pv: actual volume size
+      # For cloud backends: size of WAL (Write-Ahead Log) volume
+      # Increase for higher trace volumes or longer retention
+      size: 20Gi
+  # -- Trace retention period
+  # How long to keep trace data before deletion
+  retentionPeriod: 24h