Merge pull request #94166 from max-cx/OBSDOCS-1675

kcarmichael08 · web-flow · commit 1c2c8cb0714e · 2025-06-17T13:56:50.000-04:00
OBSDOCS-1675: Release notes for Distributed tracing 3.6
diff --git a/observability/distr_tracing/distr-tracing-rn.adoc b/observability/distr_tracing/distr-tracing-rn.adoc
@@ -12,6 +12,71 @@ You can use the {TempoName} xref:../../observability/otel/otel-forwarding-teleme
 
 include::snippets/distr-tracing-and-otel-disclaimer-about-docs-for-supported-features-only.adoc[]
 
+[id="distr-tracing_3-6_{context}"]
+== Release notes for {DTShortName} 3.6
+
+[id="distr-tracing_3-6_tempo-release-notes_{context}"]
+=== {TempoName}
+
+The {TempoName} 3.6 is provided through the link:https://catalog.redhat.com/software/containers/rhosdt/tempo-operator-bundle/642c3e0eacf1b5bdbba7654a/history[{TempoOperator} 0.16.0].
+
+The {TempoName} 3.6 is based on the open source link:https://grafana.com/oss/tempo/[Grafana Tempo] 2.7.2.
+
+[WARNING]
+====
+This is the first release of the {DTProductName} that is shipped only with the {TempoName} and without the deprecated {JaegerName}.
+
+If you have not migrated from the deprecated {JaegerName} Operator to the {TempoOperator} and the {OTELName} Operator for distributed tracing collection and storage, see "Release notes for {DTProductName} 3.5".
+====
+
+[id="distr-tracing_3-6_tempo-release-notes_technology-preview-features_{context}"]
+==== Technology Preview features
+
+This update introduces the following Technology Preview feature:
+
+* TempoStack deployment combined with the distributed tracing UI plugin of the {coo-first} supports fine-grained query role-based access control (RBAC). With the enabled RBAC, your users can see the attributes only from the namespaces to which they are given access.
+
+:FeatureName: The fine-grained query RBAC for the UI plugin
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+[id="distr-tracing_3-6_tempo-release-notes_new-features-and-enhancements_{context}"]
+==== New features and enhancements
+
+This update introduces the following enhancements:
+
+* Support for authentication using the Google Cloud Platform (GCP) Workload Identity Federation short-lived tokens. This enables secure and temporary credential access for workloads running with the GCP.
+
+* Support for authentication using the Azure Workload Identity Federation short-lived tokens. This allows secure and temporary access for workloads federated with the Azure Active Directory.
+
+* Support for the AWS Security Token Service (STS) through the CloudCredential Operator. This allows the use of dynamic and temporary AWS credentials for workloads.
+
+////
+[id="distr-tracing_3-6_cves_{context}"]
+=== CVEs
+
+This release fixes the following CVEs:
+
+* ???
+////
+
+[id="distr-tracing_3-6_tempo-release-notes_bug-fixes_{context}"]
+==== Bug fixes
+
+This update introduces the following bug fixes:
+
+* Before this update, the per-tenant retention configuration was not properly configured in the `TempoStack` instance. With this update, the per-tenant retention is properly configured in the `TempoStack` deployment.
+
+* Before this update, the `oauth-proxy` container did not have any compute resources assigned to it. With this update, the container correctly sets the resources as specified in the `TempoStack` custom resource.
+
+[id="distr-tracing_3-6_tempo-release-notes_known-issues_{context}"]
+==== Known issues
+
+The {TempoName} 3.6 has the following known issue:
+
+* Currently, when the OpenShift tenancy mode is enabled, the `ServiceAccount` object of the gateway component of either a `TempoStack` or `TempoMonolithic` instance requires the `TokenReview` and `SubjectAccessReview` permissions for authorization.
++
+Workaround: Deploy the instance in a dedicated namespace, and carefully audit which users have the permission to read the secrets in this namespace.
+
 [id="distr-tracing_3-5_{context}"]
 == Release notes for {DTProductName} 3.5
 
diff --git a/observability/otel/otel-collector/otel-collector-exporters.adoc b/observability/otel/otel-collector/otel-collector-exporters.adoc
@@ -17,7 +17,7 @@ Currently, the following General Availability and Technology Preview exporters a
 - xref:../../../observability/otel/otel-collector/otel-collector-exporters.adoc#prometheus-exporter_otel-collector-exporters[Prometheus Exporter]
 - xref:../../../observability/otel/otel-collector/otel-collector-exporters.adoc#prometheus-remote-write-exporter_otel-collector-exporters[Prometheus Remote Write Exporter]
 - xref:../../../observability/otel/otel-collector/otel-collector-exporters.adoc#kafka-exporter_otel-collector-exporters[Kafka Exporter]
-- xref:../../../observability/otel/otel-collector/otel-collector-exporters.adoc#aws-cloudwatch-exporter_otel-collector-exporters[AWS CloudWatch Exporter]
+- xref:../../../observability/otel/otel-collector/otel-collector-exporters.adoc#aws-cloudwatch-exporter_otel-collector-exporters[AWS CloudWatch Logs Exporter]
 - xref:../../../observability/otel/otel-collector/otel-collector-exporters.adoc#aws-emf-exporter_otel-collector-exporters[AWS EMF Exporter]
 - xref:../../../observability/otel/otel-collector/otel-collector-exporters.adoc#aws-xray-exporter_otel-collector-exporters[AWS X-Ray Exporter]
 - xref:../../../observability/otel/otel-collector/otel-collector-exporters.adoc#file-exporter_otel-collector-exporters[File Exporter]
@@ -257,9 +257,6 @@ include::snippets/technology-preview.adoc[]
 
 The Kafka Exporter exports logs, metrics, and traces to Kafka. This exporter uses a synchronous producer that blocks and does not batch messages. You must use it with batch and queued retry processors for higher throughput and resiliency.
 
-:FeatureName: The Kafka Exporter
-include::snippets/technology-preview.adoc[]
-
 .OpenTelemetry Collector custom resource with the enabled Kafka Exporter
 [source,yaml]
 ----
@@ -312,14 +309,14 @@ include::snippets/technology-preview.adoc[]
         log_group_name: "<group_name_of_amazon_cloudwatch_logs>" # <1>
         log_stream_name: "<log_stream_of_amazon_cloudwatch_logs>" # <2>
         region: <aws_region_of_log_stream> # <3>
-        endpoint: <service_endpoint_of_amazon_cloudwatch_logs> # <4>
+        endpoint: <protocol><service_endpoint_of_amazon_cloudwatch_logs> # <4>
         log_retention: <supported_value_in_days> # <5>
 # ...
 ----
 <1> Required. If the log group does not exist yet, it is automatically created.
 <2> Required. If the log stream does not exist yet, it is automatically created.
 <3> Optional. If the AWS region is not already set in the default credential chain, you must specify it.
-<4> Optional. You can override the default Amazon CloudWatch Logs service endpoint to which the requests are forwarded. For the list of service endpoints by region, see link:https://docs.aws.amazon.com/general/latest/gr/cwl_region.html[Amazon CloudWatch Logs endpoints and quotas] (AWS General Reference).
+<4> Optional. You can override the default Amazon CloudWatch Logs service endpoint to which the requests are forwarded. You must include the protocol, such as `https://`, as part of the endpoint value. For the list of service endpoints by region, see link:https://docs.aws.amazon.com/general/latest/gr/cwl_region.html[Amazon CloudWatch Logs endpoints and quotas] (AWS General Reference).
 <5> Optional. With this parameter, you can set the log retention policy for new Amazon CloudWatch log groups. If this parameter is omitted or set to `0`, the logs never expire by default. Supported values for retention in days are `1`, `3`, `5`, `7`, `14`, `30`, `60`, `90`, `120`, `150`, `180`, `365`, `400`, `545`, `731`, `1827`, `2192`, `2557`, `2922`, `3288`, or `3653`.
 
 [role="_additional-resources"]
@@ -357,7 +354,7 @@ include::snippets/technology-preview.adoc[]
         resource_to_telemetry_conversion: # <3>
           enabled: true
         region: <region> # <4>
-        endpoint: <endpoint> # <5>
+        endpoint: <protocol><endpoint> # <5>
         log_retention: <supported_value_in_days> # <6>
         namespace: <custom_namespace> # <7>
 # ...
@@ -366,7 +363,7 @@ include::snippets/technology-preview.adoc[]
 <2> Customized log stream name.
 <3> Optional. Converts resource attributes to telemetry attributes such as metric labels. Disabled by default.
 <4> The AWS region of the log stream. If a region is not already set in the default credential provider chain, you must specify the region.
-<5> Optional. You can override the default Amazon CloudWatch Logs service endpoint to which the requests are forwarded. For the list of service endpoints by region, see link:https://docs.aws.amazon.com/general/latest/gr/cwl_region.html[Amazon CloudWatch Logs endpoints and quotas] (AWS General Reference).
+<5> Optional. You can override the default Amazon CloudWatch Logs service endpoint to which the requests are forwarded. You must include the protocol, such as `https://`, as part of the endpoint value. For the list of service endpoints by region, see link:https://docs.aws.amazon.com/general/latest/gr/cwl_region.html[Amazon CloudWatch Logs endpoints and quotas] (AWS General Reference).
 <6> Optional. With this parameter, you can set the log retention policy for new Amazon CloudWatch log groups. If this parameter is omitted or set to `0`, the logs never expire by default. Supported values for retention in days are `1`, `3`, `5`, `7`, `14`, `30`, `60`, `90`, `120`, `150`, `180`, `365`, `400`, `545`, `731`, `1827`, `2192`, `2557`, `2922`, `3288`, or `3653`.
 <7> Optional. A custom namespace for the Amazon CloudWatch metrics.
 
@@ -424,7 +421,7 @@ include::snippets/technology-preview.adoc[]
     exporters:
       awsxray:
         region: "<region>" # <1>
-        endpoint: <endpoint> # <2>
+        endpoint: <protocol><endpoint> # <2>
         resource_arn: "<aws_resource_arn>" # <3>
         role_arn: "<iam_role>" # <4>
         indexed_attributes: [ "<indexed_attr_0>", "<indexed_attr_1>" ] # <5>
@@ -433,7 +430,7 @@ include::snippets/technology-preview.adoc[]
 # ...
 ----
 <1> The destination region for the X-Ray segments sent to the AWS X-Ray service. For example, `eu-west-1`.
-<2> Optional. You can override the default Amazon CloudWatch Logs service endpoint to which the requests are forwarded. For the list of service endpoints by region, see link:https://docs.aws.amazon.com/general/latest/gr/cwl_region.html[Amazon CloudWatch Logs endpoints and quotas] (AWS General Reference).
+<2> Optional. You can override the default Amazon CloudWatch Logs service endpoint to which the requests are forwarded. You must include the protocol, such as `https://`, as part of the endpoint value. For the list of service endpoints by region, see link:https://docs.aws.amazon.com/general/latest/gr/cwl_region.html[Amazon CloudWatch Logs endpoints and quotas] (AWS General Reference).
 <3> The Amazon Resource Name (ARN) of the AWS resource that is running the Collector.
 <4> The AWS Identity and Access Management (IAM) role for uploading the X-Ray segments to a different account.
 <5> The list of attribute names to be converted to X-Ray annotations.
diff --git a/observability/otel/otel-collector/otel-collector-processors.adoc b/observability/otel/otel-collector/otel-collector-processors.adoc
@@ -183,9 +183,6 @@ rules:
 
 The Attributes Processor can modify attributes of a span, log, or metric. You can configure this processor to filter and match input data and include or exclude such data for specific actions.
 
-:FeatureName: The Attributes Processor
-include::snippets/technology-preview.adoc[]
-
 This processor operates on a list of actions, executing them in the order specified in the configuration. The following actions are supported:
 
 Insert:: Inserts a new attribute into the input data when the specified key does not already exist.
@@ -236,9 +233,6 @@ Convert:: Converts an existing attribute to a specified type.
 
 The Resource Processor applies changes to the resource attributes. This processor supports traces, metrics, and logs.
 
-:FeatureName: The Resource Processor
-include::snippets/technology-preview.adoc[]
-
 .OpenTelemetry Collector using the Resource Detection Processor
 [source,yaml]
 ----
diff --git a/observability/otel/otel-collector/otel-collector-receivers.adoc b/observability/otel/otel-collector/otel-collector-receivers.adoc
@@ -335,9 +335,6 @@ rules:
 
 The Prometheus Receiver scrapes the metrics endpoints.
 
-:FeatureName: The Prometheus Receiver
-include::snippets/technology-preview.adoc[]
-
 .OpenTelemetry Collector custom resource with an enabled Prometheus Receiver
 [source,yaml]
 ----
diff --git a/observability/otel/otel-rn.adoc b/observability/otel/otel-rn.adoc
@@ -12,6 +12,95 @@ You can use the {OTELName} xref:../../observability/otel/otel-forwarding-telemet
 
 include::snippets/distr-tracing-and-otel-disclaimer-about-docs-for-supported-features-only.adoc[]
 
+[id="otel_3-6_{context}"]
+== Release notes for {OTELName} 3.6
+
+The {OTELName} 3.6 is provided through the link:https://catalog.redhat.com/software/containers/rhosdt/opentelemetry-operator-bundle/615618406feffc5384e84400/history[{OTELOperator} 0.127.0].
+
+[NOTE]
+====
+The {OTELName} 3.6 is based on the open source link:https://opentelemetry.io/docs/collector/[OpenTelemetry] release 0.127.0.
+====
+
+[id="otel_3-6_cves_{context}"]
+=== CVEs
+
+This release fixes the following CVEs:
+
+* https://access.redhat.com/security/cve/CVE-2025-22868[CVE-2025-22868]
+* https://access.redhat.com/security/cve/CVE-2025-22871[CVE-2025-22871]
+
+[id="otel_3-6_technology-preview-features_{context}"]
+=== Technology Preview features
+
+This update introduces the following Technology Preview features:
+
+* Tail Sampling Processor
+
+* Cumulative-to-Delta Processor
+
+:FeatureName: Each of these features
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+[id="otel_3-6_new-features-and-enhancements_{context}"]
+=== New features and enhancements
+
+This update introduces the following enhancements:
+
+* The following link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] features reach General Availability:
+
+** Kafka Exporter
+
+** Attributes Processor
+
+** Resource Processor
+
+** Prometheus Receiver
+
+* With this update, the OpenTelemetry Collector can read TLS certificates in the `tss2` format according to the TPM Software Stack specification (TSS) 2.0 of the Trusted Platform Module (TPM) 2.0 Library by the Trusted Computing Group (TCG).
+
+* With this update, the {OTELOperator} automatically upgrades all `OpenTelemetryCollector` custom resources during its startup. The Operator reconciles all managed instances during its startup. If there is an error, the Operator retries the upgrade at exponential backoff. If an upgrade fails, the Operator will retry the upgrade again when it restarts.
+
+////
+[id="otel_3-6_deprecated-functionality_{context}"]
+=== Deprecated functionality
+
+In the {OTELName} 3.6, ???. (link:https://issues.redhat.com/browse/TRACING-????/[TRACING-????])
+////
+
+
+[id="otel_3-6_removal-notice_{context}"]
+=== Removal notice
+
+In the {OTELName} 3.6, the Loki Exporter, which is a temporary Technology Preview feature, is removed. If you currently use the Loki Exporter for Loki 3.0 or later, replace the Loki Exporter with the OTLP HTTP Exporter.
+
+:FeatureName: The Loki Exporter
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+// In the {OTELName} 3.6, the FEATURE has been removed. Bug fixes and support are provided only through the end of the 3.? lifecycle. As an alternative to the FEATURE for USE CASE, you can use the ALTERNATIVE instead.
+
+////
+[id="otel_3-6_bug-fixes_{context}"]
+=== Bug fixes
+
+This update introduces the following bug fix:
+
+* ??? (link:https://issues.redhat.com/browse/TRACING-????/[TRACING-????])
+////
+
+[id="otel_3-6_known-issues_{context}"]
+=== Known issues
+
+There is currently a known issue with the following exporters:
+
+* AWS CloudWatch Logs Exporter
+* AWS EMF Exporter
+* AWS X-Ray Exporter
+
+This known issue affects deployments that use the optional `endpoint` field of the exporter configuration in the Collector custom resource. Not specifying the protocol, such as `https://`, as part of the endpoint value results in the `unsupported protocol scheme` error.
+
+Workaround: Include the protocol, such as `https://`, as part of the endpoint value.
+
 [id="otel_3-5-1_{context}"]
 == Release notes for {OTELName} 3.5.1
 
diff --git a/observability/otel/otel-updating.adoc b/observability/otel/otel-updating.adoc
@@ -10,6 +10,8 @@ For version upgrades, the {OTELOperator} uses the Operator Lifecycle Manager (OL
 
 The OLM runs in the {product-title} by default. The OLM queries for available Operators as well as upgrades for installed Operators.
 
+The {OTELOperator} automatically upgrades all `OpenTelemetryCollector` custom resources during its startup. The Operator reconciles all managed instances during its startup. If there is an error, the Operator retries the upgrade at exponential backoff. If an upgrade fails, the Operator will retry the upgrade again when it restarts.
+
 When the {OTELOperator} is upgraded to the new version, it scans for running OpenTelemetry Collector instances that it manages and upgrades them to the version corresponding to the Operator's new version.
 
 [role="_additional-resources"]
diff --git a/snippets/distr-tracing-assembly-tip-for-jaeger-replacements.adoc b/snippets/distr-tracing-assembly-tip-for-jaeger-replacements.adoc
@@ -17,11 +17,9 @@
 [WARNING]
 ====
 [subs="attributes+"]
-The {JaegerName} 3.5 is the last release of the {JaegerName} that Red Hat plans to support.
+The deprecated {JaegerName} 3.5 was the last release of the {JaegerName} that Red Hat supports.
 
-In the {DTProductName} 3.5, Jaeger and support for Elasticsearch remain deprecated.
-
-Support for the {JaegerName} ends on November 3, 2025.
+Support for the deprecated {JaegerName} ends on November 3, 2025.
 
 The {JaegerOperator} Operator (Jaeger) will be removed from the `redhat-operators` catalog on November 3, 2025. For more information, see the Red Hat Knowledgebase solution link:https://access.redhat.com/solutions/7083722[Jaeger Deprecation and Removal in OpenShift].
 
