From 8f21e1be7e71419eec3d075d3469fd9704dd7587 Mon Sep 17 00:00:00 2001 From: Max Leonov Date: Mon, 31 Mar 2025 13:44:35 +0200 Subject: [PATCH] OBSDOCS-1596: Release notes for the Tempo 3.5.1 patch --- ...r-tracing-tempo-config-query-frontend.adoc | 2 +- ...istr-tracing-tempo-config-spanmetrics.adoc | 2 +- .../distr_tracing/distr-tracing-rn.adoc | 50 ++++++++++++++++++- observability/otel/otel-rn.adoc | 20 ++++++++ 4 files changed, 70 insertions(+), 4 deletions(-) diff --git a/modules/distr-tracing-tempo-config-query-frontend.adoc b/modules/distr-tracing-tempo-config-query-frontend.adoc index bfae764553a1..06a346743d1a 100644 --- a/modules/distr-tracing-tempo-config-query-frontend.adoc +++ b/modules/distr-tracing-tempo-config-query-frontend.adoc @@ -96,7 +96,7 @@ The query frontend component is responsible for sharding the search space for an |type: boolean |`jaegerQuery.monitorTab.prometheusEndpoint` -|The endpoint to the Prometheus instance that contains the span rate, error, and duration (RED) metrics. For example, `+https://thanos-querier.openshift-monitoring.svc.cluster.local:9091+`. +|The endpoint to the Prometheus instance that contains the span rate, error, and duration (RED) metrics. For example, `+https://thanos-querier.openshift-monitoring.svc.cluster.local:9092+`. |type: string |=== diff --git a/modules/distr-tracing-tempo-config-spanmetrics.adoc b/modules/distr-tracing-tempo-config-spanmetrics.adoc index 48237824660e..0ef9d37058f5 100644 --- a/modules/distr-tracing-tempo-config-spanmetrics.adoc +++ b/modules/distr-tracing-tempo-config-spanmetrics.adoc @@ -95,7 +95,7 @@ spec: enabled: true monitorTab: enabled: true # <1> - prometheusEndpoint: https://thanos-querier.openshift-monitoring.svc.cluster.local:9091 # <2> + prometheusEndpoint: https://thanos-querier.openshift-monitoring.svc.cluster.local:9092 # <2> redMetricsNamespace: "" <3> ingress: type: route diff --git a/observability/distr_tracing/distr-tracing-rn.adoc b/observability/distr_tracing/distr-tracing-rn.adoc index d4551d216a06..12bc6e418e9d 100644 --- a/observability/distr_tracing/distr-tracing-rn.adoc +++ b/observability/distr_tracing/distr-tracing-rn.adoc @@ -17,6 +17,11 @@ include::snippets/distr-tracing-and-otel-disclaimer-about-docs-for-supported-fea This release of the {DTProductName} includes the {TempoName} and the deprecated {JaegerName}. +[IMPORTANT] +==== +The {TempoName} 3.5.1 patch release has been released. +==== + //// [id="distr-tracing_3-5_cves_{context}"] === CVEs @@ -27,7 +32,7 @@ This release fixes the following CVEs: //// [id="distr-tracing_3-5_tempo-release-notes_{context}"] -=== {TempoName} +=== {TempoName} 3.5 The {TempoName} 3.5 is provided through the link:https://catalog.redhat.com/software/containers/rhosdt/tempo-operator-bundle/642c3e0eacf1b5bdbba7654a/history[{TempoOperator} 0.15.3]. @@ -55,8 +60,49 @@ This update introduces the following bug fix: * Before this update, the {TempoOperator} failed when the `TempoStack` custom resource had the `spec.storage.tls.enabled` field set to `true` and used an Amazon S3 object store with the Security Token Service (STS) authentication. With this update, such a `TempoStack` custom resource configuration does not cause the {TempoOperator} to fail. +[id="distr-tracing_3-5_tempo-release-notes_known-issues_{context}"] +==== Known issues + +The {TempoName} 3.5 has the following known issue: + +* Currently, when the OpenShift tenancy mode is enabled, the `ServiceAccount` object of the gateway component of a `TempoStack` or `TempoMonolithic` instance requires the `TokenReview` and `SubjectAccessReview` permissions for authorization. ++ +Workaround: Deploy the instance in a dedicated namespace, and carefully audit which users have the permission to read the secrets in this namespace. + +[id="distr-tracing_3-5-1_tempo-release-notes_{context}"] +=== {TempoName} 3.5.1 + +The {TempoName} 3.5.1 is a patch release. + +[id="distr-tracing_3-5-1_tempo-release-notes_cves_{context}"] +==== CVEs + +The {TempoName} 3.5.1 patch release fixes the following CVEs: + +* link:https://access.redhat.com/security/cve/CVE-2025-2786[CVE-2025-2786] + +* link:https://access.redhat.com/security/cve/CVE-2025-2842[CVE-2025-2842] + +* link:https://access.redhat.com/security/cve/CVE-2025-30204[CVE-2025-30204] + +[id="distr-tracing_3-5-1_tempo-release-notes_breaking-changes_{context}"] +==== Breaking changes + +The {TempoName} 3.5.1 update introduces the following breaking change: + +* With this update, for a user to create or modify a `TempoStack` or `TempoMonolithic` custom resource with enabled multi-tenancy, the user must have permissions to create the `TokenReview` and `SubjectAccessReview` authorization objects. + +[id="distr-tracing_3-5-1_tempo-release-notes_known-issues_{context}"] +==== Known issues + +The {TempoName} 3.5.1 has the following known issue: + +* Currently, when the OpenShift tenancy mode is enabled, the `ServiceAccount` object of the gateway component of a `TempoStack` or `TempoMonolithic` instance requires the `TokenReview` and `SubjectAccessReview` permissions for authorization. ++ +Workaround: Deploy the instance in a dedicated namespace, and carefully audit which users have the permission to read the secrets in this namespace. + [id="distr-tracing_3-5_jaeger-release-notes_{context}"] -=== {JaegerName} +=== {JaegerName} 3.5 The {JaegerName} 3.5 is the last release of the {JaegerName} that Red Hat plans to support. diff --git a/observability/otel/otel-rn.adoc b/observability/otel/otel-rn.adoc index 3fd7fb28a448..a00352b3fbb3 100644 --- a/observability/otel/otel-rn.adoc +++ b/observability/otel/otel-rn.adoc @@ -12,6 +12,26 @@ You can use the {OTELName} xref:../../observability/otel/otel-forwarding-telemet include::snippets/distr-tracing-and-otel-disclaimer-about-docs-for-supported-features-only.adoc[] +[id="otel_3-5-1_{context}"] +== Release notes for {OTELName} 3.5.1 + +The {OTELName} 3.5.1 is provided through the link:https://catalog.redhat.com/software/containers/rhosdt/opentelemetry-operator-bundle/615618406feffc5384e84400/history[{OTELOperator} 0.119.0]. + +[NOTE] +==== +The {OTELName} 3.5.1 is based on the open source link:https://opentelemetry.io/docs/collector/[OpenTelemetry] release 0.119.0. +==== + +[id="distr-tracing_3-5-1_cves_{context}"] +=== CVEs + +This release fixes the following CVEs: + +* link:https://access.redhat.com/security/cve/CVE-2025-22868[CVE-2025-22868] +* link:https://access.redhat.com/security/cve/CVE-2025-27144[CVE-2025-27144] +* link:https://access.redhat.com/security/cve/CVE-2025-29786[CVE-2025-29786] +* link:https://access.redhat.com/security/cve/CVE-2025-30204[CVE-2025-30204] + [id="otel_3-5_{context}"] == Release notes for {OTELName} 3.5