File tree Expand file tree Collapse file tree 3 files changed +144
-0
lines changed
observability/distr_tracing/distr_tracing_tempo Expand file tree Collapse file tree 3 files changed +144
-0
lines changed Original file line number Diff line number Diff line change 1+ // Module included in the following assemblies:
2+ //
3+ // * observability/distr_tracing/distr_tracing_tempo/distr-tracing-tempo-configuring.adoc
4+
5+ :_mod-docs-content-type: REFERENCE
6+ [id="distr-tracing-tempo-config-receiver-tls-for-tempomonolithic_{context} "]
7+ = Receiver TLS configuration for a TempoMonolithic instance
8+
9+ You can provide a TLS certificate in a secret or use the service serving certificates that are generated by {product-title} .
10+
11+ * To provide a TLS certificate in a secret, configure it in the `TempoMonolithic` custom resource.
12+ +
13+ [NOTE]
14+ ====
15+ This feature is not supported with the enabled Tempo Gateway.
16+ ====
17+ +
18+ .TLS for receivers and using a user-provided certificate in a secret
19+ [source,yaml]
20+ ----
21+ apiVersion: tempo.grafana.com/v1alpha1
22+ kind: TempoMonolithic
23+ # ...
24+ spec:
25+ # ...
26+ ingestion:
27+ otlp:
28+ grpc:
29+ tls:
30+ enabled: true # <1>
31+ certName: <tls_secret> # <2>
32+ caName: <ca_name> # <3>
33+ # ...
34+ ----
35+ <1> TLS enabled at the Tempo Distributor.
36+ <2> Secret containing a `tls.key` key and `tls.crt` certificate that you apply in advance.
37+ <3> Optional: CA in a config map to enable mutual TLS authentication (mTLS).
38+
39+ * Alternatively, you can use the service serving certificates that are generated by {product-title} .
40+ +
41+ [NOTE]
42+ ====
43+ Mutual TLS authentication (mTLS) is not supported with this feature.
44+ ====
45+ +
46+ .TLS for receivers and using the service serving certificates that are generated by {product-title}
47+ [source,yaml]
48+ ----
49+ apiVersion: tempo.grafana.com/v1alpha1
50+ kind: TempoMonolithic
51+ # ...
52+ spec:
53+ # ...
54+ ingestion:
55+ otlp:
56+ grpc:
57+ tls:
58+ enabled: true
59+ http:
60+ tls:
61+ enabled: true # <1>
62+ # ...
63+ ----
64+ <1> Minimal configuration for the TLS at the Tempo Distributor.
Original file line number Diff line number Diff line change 1+ // Module included in the following assemblies:
2+ //
3+ // * observability/distr_tracing/distr_tracing_tempo/distr-tracing-tempo-configuring.adoc
4+
5+ :_mod-docs-content-type: REFERENCE
6+ [id="distr-tracing-tempo-config-receiver-tls-for-tempostack_{context} "]
7+ = Receiver TLS configuration for a TempoStack instance
8+
9+ You can provide a TLS certificate in a secret or use the service serving certificates that are generated by {product-title} .
10+
11+ * To provide a TLS certificate in a secret, configure it in the `TempoStack` custom resource.
12+ +
13+ [NOTE]
14+ ====
15+ This feature is not supported with the enabled Tempo Gateway.
16+ ====
17+ +
18+ .TLS for receivers and using a user-provided certificate in a secret
19+ [source,yaml]
20+ ----
21+ apiVersion: tempo.grafana.com/v1alpha1
22+ kind: TempoStack
23+ # ...
24+ spec:
25+ # ...
26+ template:
27+ distributor:
28+ tls:
29+ enabled: true # <1>
30+ certName: <tls_secret> # <2>
31+ caName: <ca_name> # <3>
32+ # ...
33+ ----
34+ <1> TLS enabled at the Tempo Distributor.
35+ <2> Secret containing a `tls.key` key and `tls.crt` certificate that you apply in advance.
36+ <3> Optional: CA in a config map to enable mutual TLS authentication (mTLS).
37+
38+ * Alternatively, you can use the service serving certificates that are generated by {product-title} .
39+ +
40+ [NOTE]
41+ ====
42+ Mutual TLS authentication (mTLS) is not supported with this feature.
43+ ====
44+ +
45+ .TLS for receivers and using the service serving certificates that are generated by {product-title}
46+ [source,yaml]
47+ ----
48+ apiVersion: tempo.grafana.com/v1alpha1
49+ kind: TempoStack
50+ # ...
51+ spec:
52+ # ...
53+ template:
54+ distributor:
55+ tls:
56+ enabled: true <1>
57+ # ...
58+ ----
59+ <1> Sufficient configuration for the TLS at the Tempo Distributor.
Original file line number Diff line number Diff line change @@ -30,6 +30,27 @@ include::modules/distr-tracing-tempo-config-query-frontend.adoc[leveloffset=+1]
3030
3131include::modules/distr-tracing-tempo-config-spanmetrics.adoc[leveloffset=+1]
3232
33+ [id="config-receiver-tls_{context}"]
34+ == Configuring the receiver TLS
35+
36+ The custom resource of your TempoStack or TempoMonolithic instance supports configuring the TLS for receivers by using user-provided certificates or OpenShift's service serving certificates.
37+
38+ include::modules/distr-tracing-tempo-config-receiver-tls-for-tempostack.adoc[leveloffset=+2]
39+
40+ [role="_additional-resources"]
41+ .Additional resources
42+
43+ * xref:../../../security/certificates/service-serving-certificate.adoc#understanding-service-serving_service-serving-certificate[Understanding service serving certificates]
44+ * xref:../../../security/certificate_types_descriptions/service-ca-certificates.adoc#cert-types-service-ca-certificates[Service CA certificates]
45+
46+ include::modules/distr-tracing-tempo-config-receiver-tls-for-tempomonolithic.adoc[leveloffset=+2]
47+
48+ [role="_additional-resources"]
49+ .Additional resources
50+
51+ * xref:../../../security/certificates/service-serving-certificate.adoc#understanding-service-serving_service-serving-certificate[Understanding service serving certificates]
52+ * xref:../../../security/certificate_types_descriptions/service-ca-certificates.adoc#cert-types-service-ca-certificates[Service CA certificates]
53+
3354include::modules/distr-tracing-tempo-config-multitenancy.adoc[leveloffset=+1]
3455
3556[id="taints-and-tolerations_{context}"]
You can’t perform that action at this time.
0 commit comments