Prepare release v0.12.0 (#1008)

* Prepare Release 0.12.0

* merge changelog entries

Signed-off-by: Andreas Gerstmayr <agerstmayr@redhat.com>

---------

Signed-off-by: Andreas Gerstmayr <agerstmayr@redhat.com>
Co-authored-by: andreasgerstmayr <andreasgerstmayr@users.noreply.github.com>
Co-authored-by: Andreas Gerstmayr <agerstmayr@redhat.com>

Author: tempooperatorbot

.chloggen/aws-sts-monolithic.yaml

@@ -3,6 +3,85 @@ Changes by Version
 
 <!-- next version -->
 
+## 0.12.0
+
+### 💡 Enhancements 💡
+
+- `tempostack, tempomonolithic`: Add support for AWS S3 STS authentication. (#978)
+  Now storage secret for S3 can contain
+  ```
+  data:
+    bucket:      # Bucket name
+    region:      # A valid AWS region, e.g. us-east-1
+    role_arn:    # The AWS IAM Role associated with a trust relationship to Tempo serviceaccount
+  ```
+- `tempostack`: Use TLS via OpenShift service annotation when gateway/multitenancy is disabled (#963)
+  On OpenShift when operator config `servingCertsService` is enabled and the following TempoStack CR is used.
+  The operator provisions OpenShift serving certificates for the distributor ingest APIs
+  ```
+    apiVersion: tempo.grafana.com/v1alpha1
+    kind:  TempoStack
+    spec:
+      template:
+        distributor:
+          tls:
+            enabled: true
+  ```
+  No `certName` and `caName` should be provided, If you specify it, those will be used instead.
+  
+  In order to use this on the client side, the openshift CA certificate should be used, there are two ways of get
+  access to it. You can mount the configmap generated by the operator, which will have the name `<tempostack-name>-serving-cabundle`
+  Or you can access to it on `var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt`.
+  
+  An example of OTel configuration used:
+  
+  ```
+     exporters:
+      otlp:
+        endpoint: tempo-simplest-distributor.chainsaw-tls-singletenant.svc.cluster.local:4317
+        tls:
+          insecure: false
+          ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
+  ```
+- `tempomonolithic`: Use TLS via OpenShift service annotation when gateway/multitenancy is disabled (monolithic) (#963)
+  On OpenShift when operator config `servingCertsService` is enabled and the following TempoMonolithic CR is used.
+  The operator provisions OpenShift serving certificates for the distributor ingest APIs
+  
+  ```
+    apiVersion: tempo.grafana.com/v1alpha1
+    kind:  TempoMonolithic
+    spec:
+      ingestion:
+        otlp:
+          grpc:
+            tls:
+              enabled: true
+  ```
+  or
+  ```
+    apiVersion: tempo.grafana.com/v1alpha1
+    kind:  TempoMonolithic
+    spec:
+      ingestion:
+        otlp:
+          http:
+            tls:
+              enabled: true
+  ```
+  No `certName` and `caName` should be provided, If you specify it, those will be used instead.
+  
+- `tempostack, tempomonolithic`: Bump observatorium gateway, (#991)
+  In this version upstream certs and CA are reloaded if changed
+
+### 🧰 Bug fixes 🧰
+
+- `tempostack, tempomonolithic`: Allow configmaps and secrets with dot in the name (as it is valid for those objects to have dots as part of it's name) (#983)
+- `tempostack`: Assign correct replicas in gateway component if it is specified in the CR, default is 1 if not set (#993)
+- `tempomonolithic`: Allow create a monolithic with tls enabled on both grpc/http (#976)
+
+### Components
+- Tempo: [v2.5.0](https://github.com/grafana/tempo/releases/tag/v2.5.0)
+
 ## 0.11.1
 
 ### 🧰 Bug fixes 🧰

.chloggen/aws-sts-tempostack.yaml

@@ -1,5 +1,5 @@
 # Current Operator version
-OPERATOR_VERSION ?= 0.11.1
+OPERATOR_VERSION ?= 0.12.0
 TEMPO_VERSION ?= 2.5.0
 TEMPO_QUERY_VERSION ?= 2.5.0
 TEMPO_GATEWAY_VERSION ?= main-2024-08-05-11d0d94

.chloggen/fix_ca_cofigmap_dots.yaml

@@ -73,8 +73,8 @@ metadata:
       ]
     capabilities: Deep Insights
     categories: Logging & Tracing,Monitoring
-    containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.11.1
-    createdAt: "2024-08-08T13:23:15Z"
+    containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.12.0
+    createdAt: "2024-08-12T10:08:34Z"
     description: Create and manage deployments of Tempo, a high-scale distributed
       tracing backend.
     operatorframework.io/cluster-monitoring: "true"
@@ -83,7 +83,7 @@ metadata:
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
     repository: https://github.com/grafana/tempo-operator
     support: Grafana Tempo Operator SIG
-  name: tempo-operator.v0.11.1
+  name: tempo-operator.v0.12.0
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
@@ -1400,7 +1400,7 @@ spec:
                   value: quay.io/observatorium/opa-openshift:main-2024-04-29-914c13f
                 - name: RELATED_IMAGE_OAUTH_PROXY
                   value: quay.io/openshift/origin-oauth-proxy:4.12
-                image: ghcr.io/grafana/tempo-operator/tempo-operator:v0.11.1
+                image: ghcr.io/grafana/tempo-operator/tempo-operator:v0.12.0
                 livenessProbe:
                   httpGet:
                     path: /healthz
@@ -1548,7 +1548,7 @@ spec:
     name: tempo-gateway-opa
   - image: quay.io/openshift/origin-oauth-proxy:4.12
     name: oauth-proxy
-  version: 0.11.1
+  version: 0.12.0
   webhookdefinitions:
   - admissionReviewVersions:
     - v1

.chloggen/fix_gateway_replicas.yaml

@@ -73,8 +73,8 @@ metadata:
       ]
     capabilities: Deep Insights
     categories: Logging & Tracing,Monitoring
-    containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.11.1
-    createdAt: "2024-08-08T13:23:13Z"
+    containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.12.0
+    createdAt: "2024-08-12T10:08:32Z"
     description: Create and manage deployments of Tempo, a high-scale distributed
       tracing backend.
     operatorframework.io/cluster-monitoring: "true"
@@ -83,7 +83,7 @@ metadata:
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
     repository: https://github.com/grafana/tempo-operator
     support: Grafana Tempo Operator SIG
-  name: tempo-operator.v0.11.1
+  name: tempo-operator.v0.12.0
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
@@ -1410,7 +1410,7 @@ spec:
                   value: quay.io/observatorium/opa-openshift:main-2024-04-29-914c13f
                 - name: RELATED_IMAGE_OAUTH_PROXY
                   value: quay.io/openshift/origin-oauth-proxy:4.12
-                image: ghcr.io/grafana/tempo-operator/tempo-operator:v0.11.1
+                image: ghcr.io/grafana/tempo-operator/tempo-operator:v0.12.0
                 livenessProbe:
                   httpGet:
                     path: /healthz
@@ -1569,7 +1569,7 @@ spec:
     name: tempo-gateway-opa
   - image: quay.io/openshift/origin-oauth-proxy:4.12
     name: oauth-proxy
-  version: 0.11.1
+  version: 0.12.0
   webhookdefinitions:
   - admissionReviewVersions:
     - v1

.chloggen/fix_tls_monolithic_both_enabled.yaml

@@ -9,4 +9,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: ghcr.io/grafana/tempo-operator/tempo-operator
-  newTag: v0.11.1
+  newTag: v0.12.0

.chloggen/ingest_tls_openshift.yaml

@@ -5,7 +5,7 @@ metadata:
     alm-examples: '[]'
     capabilities: Deep Insights
     categories: Logging & Tracing,Monitoring
-    containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.11.1
+    containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.12.0
     description: Create and manage deployments of Tempo, a high-scale distributed
       tracing backend.
     operatorframework.io/cluster-monitoring: "true"

.chloggen/tls_cert_serv_mono.yaml

@@ -5,7 +5,7 @@ metadata:
     alm-examples: '[]'
     capabilities: Deep Insights
     categories: Logging & Tracing,Monitoring
-    containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.11.1
+    containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.12.0
     description: Create and manage deployments of Tempo, a high-scale distributed
       tracing backend.
     operatorframework.io/cluster-monitoring: "true"