openshift · openshift-merge-bot · Jul 2, 2025 · Jul 2, 2025
diff --git a/tests/fixtures/chainsaw-tests/monolithic-multitenancy-openshift/01-assert.yaml b/tests/fixtures/chainsaw-tests/monolithic-multitenancy-openshift/01-assert.yaml
@@ -1,15 +1,15 @@
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
-  name: tempo-monolithic-multitenancy-openshift
+  name: tempo-mmo
 status:
   readyReplicas: 1
 
 ---
 apiVersion: v1
 kind: Pod
 metadata:
-  name: tempo-monolithic-multitenancy-openshift-0
+  name: tempo-mmo-0
 status:
   containerStatuses:
   - name: jaeger-query
@@ -33,7 +33,7 @@ status:
 apiVersion: v1
 kind: Service
 metadata:
-  name: tempo-monolithic-multitenancy-openshift-gateway
+  name: tempo-mmo-gateway
 spec:
   ports:
   - name: public
@@ -48,3 +48,47 @@ spec:
     port: 4317
     protocol: TCP
     targetPort: grpc-public
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/component: gateway
+    app.kubernetes.io/instance: mmo
+    app.kubernetes.io/managed-by: tempo-operator
+    app.kubernetes.io/name: tempo-monolithic
+    app.kubernetes.io/namespace: chainsaw-monolithic-multitenancy
+  name: tempo-mmo-gateway-chainsaw-monolithic-multitenancy
+rules:
+- apiGroups:
+    - authentication.k8s.io
+  resources:
+    - tokenreviews
+  verbs:
+    - create
+- apiGroups:
+    - authorization.k8s.io
+  resources:
+    - subjectaccessreviews
+  verbs:
+    - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: gateway
+    app.kubernetes.io/instance: mmo
+    app.kubernetes.io/managed-by: tempo-operator
+    app.kubernetes.io/name: tempo-monolithic
+    app.kubernetes.io/namespace: chainsaw-monolithic-multitenancy
+  name: tempo-mmo-gateway-chainsaw-monolithic-multitenancy
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tempo-mmo-gateway-chainsaw-monolithic-multitenancy
+subjects:
+- kind: ServiceAccount
+  name: tempo-mmo
+  namespace: chainsaw-monolithic-multitenancy
diff --git a/tests/fixtures/chainsaw-tests/monolithic-multitenancy-openshift/01-install-tempo.yaml b/tests/fixtures/chainsaw-tests/monolithic-multitenancy-openshift/01-install-tempo.yaml
@@ -1,10 +1,12 @@
 apiVersion: tempo.grafana.com/v1alpha1
 kind: TempoMonolithic
 metadata:
-  name: monolithic-multitenancy-openshift
+  name: mmo
 spec:
   jaegerui:
     enabled: true
+    route:
+      enabled: true
   multitenancy:
     enabled: true
     mode: openshift

diff --git a/tests/fixtures/chainsaw-tests/monolithic-multitenancy-openshift/02-install-otelcol.yaml b/tests/fixtures/chainsaw-tests/monolithic-multitenancy-openshift/02-install-otelcol.yaml
@@ -18,15 +18,15 @@ spec:
 
     exporters:
       otlp:
-        endpoint: tempo-monolithic-multitenancy-openshift-gateway.chainsaw-monolithic-multitenancy.svc.cluster.local:4317
+        endpoint: tempo-mmo-gateway.chainsaw-monolithic-multitenancy.svc.cluster.local:4317
         tls:
           ca_file: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
         auth:
           authenticator: bearertokenauth
         headers:
           X-Scope-OrgID: dev  # tenantName
       otlphttp:
-        endpoint: https://tempo-monolithic-multitenancy-openshift-gateway.chainsaw-monolithic-multitenancy.svc.cluster.local:8080/api/traces/v1/dev
+        endpoint: https://tempo-mmo-gateway.chainsaw-monolithic-multitenancy.svc.cluster.local:8080/api/traces/v1/dev
         tls:
           ca_file: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
         auth:

diff --git a/tests/fixtures/chainsaw-tests/monolithic-multitenancy-openshift/04-verify-traces.yaml b/tests/fixtures/chainsaw-tests/monolithic-multitenancy-openshift/04-verify-traces.yaml
@@ -14,7 +14,7 @@ spec:
           curl -vG \
             --header "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
             --cacert /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt \
-            https://tempo-monolithic-multitenancy-openshift-gateway.chainsaw-monolithic-multitenancy.svc:8080/api/traces/v1/dev/api/traces \
+            https://tempo-mmo-gateway.chainsaw-monolithic-multitenancy.svc:8080/api/traces/v1/dev/api/traces \
             --data-urlencode "service=grpc" \
             | tee /tmp/jaeger.out
 
@@ -42,7 +42,7 @@ spec:
             --header "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
             --cacert /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt \
             --data-urlencode 'q={ resource.service.name="grpc" }' \
-            https://tempo-monolithic-multitenancy-openshift-gateway.chainsaw-monolithic-multitenancy.svc:8080/api/traces/v1/dev/tempo/api/search \
+            https://tempo-mmo-gateway.chainsaw-monolithic-multitenancy.svc:8080/api/traces/v1/dev/tempo/api/search \
             | tee /tmp/tempo.out
 
           num_traces=$(jq ".traces | length" /tmp/tempo.out)
@@ -68,7 +68,7 @@ spec:
               curl -vG \
                 --header "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
                 --cacert /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt \
-                https://tempo-monolithic-multitenancy-openshift-gateway.chainsaw-monolithic-multitenancy.svc:8080/api/traces/v1/dev/api/traces \
+                https://tempo-mmo-gateway.chainsaw-monolithic-multitenancy.svc:8080/api/traces/v1/dev/api/traces \
                 --data-urlencode "service=http" \
                 | tee /tmp/jaeger.out
 
@@ -96,7 +96,7 @@ spec:
                 --header "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
                 --cacert /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt \
                 --data-urlencode 'q={ resource.service.name="http" }' \
-                https://tempo-monolithic-multitenancy-openshift-gateway.chainsaw-monolithic-multitenancy.svc:8080/api/traces/v1/dev/tempo/api/search \
+                https://tempo-mmo-gateway.chainsaw-monolithic-multitenancy.svc:8080/api/traces/v1/dev/tempo/api/search \
                 | tee /tmp/tempo.out
 
               num_traces=$(jq ".traces | length" /tmp/tempo.out)

diff --git a/tests/fixtures/chainsaw-tests/multitenancy/01-assert.yaml b/tests/fixtures/chainsaw-tests/multitenancy/01-assert.yaml
@@ -86,7 +86,8 @@ metadata:
     app.kubernetes.io/instance: simplest
     app.kubernetes.io/managed-by: tempo-operator
     app.kubernetes.io/name: tempo
-  name: tempo-simplest-gateway
+    app.kubernetes.io/namespace: chainsaw-multitenancy
+  name: tempo-simplest-gateway-chainsaw-multitenancy
 rules:
   - apiGroups:
       - authentication.k8s.io
@@ -109,11 +110,12 @@ metadata:
     app.kubernetes.io/instance: simplest
     app.kubernetes.io/managed-by: tempo-operator
     app.kubernetes.io/name: tempo
-  name: tempo-simplest-gateway
+    app.kubernetes.io/namespace: chainsaw-multitenancy
+  name: tempo-simplest-gateway-chainsaw-multitenancy
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: tempo-simplest-gateway
+  name: tempo-simplest-gateway-chainsaw-multitenancy
 subjects:
   - kind: ServiceAccount
     name: tempo-simplest-gateway
@@ -235,8 +237,6 @@ spec:
           readOnly: true
       - args:
         - --log.level=warn
-        - --opa.admin-groups=system:cluster-admins,cluster-admin,dedicated-admin
-        - --opa.matcher=kubernetes_namespace_name
         - --web.listen=:8082
         - --web.internal.listen=:8083
         - --web.healthchecks.url=http://localhost:8082

diff --git a/tests/fixtures/chainsaw-tests/multitenancy/01-install-tempo.yaml b/tests/fixtures/chainsaw-tests/multitenancy/01-install-tempo.yaml
@@ -5,6 +5,19 @@ metadata:
   name: simplest
   namespace: chainsaw-multitenancy
 spec:
+  retention:
+    global:
+      traces: 20h
+    perTenant:
+      dev:
+        traces: 10h
+  limits:
+    perTenant:
+      dev:
+        ingestion:
+          ingestionBurstSizeBytes: 1000000
+        query:
+          maxSearchDuration: 1h
   storage:
     secret:
       name: minio

diff --git a/tests/fixtures/chainsaw-tests/multitenancy/chainsaw-test.yaml b/tests/fixtures/chainsaw-tests/multitenancy/chainsaw-test.yaml
@@ -5,7 +5,6 @@ metadata:
   creationTimestamp: null
   name: multitenancy
 spec:
-  concurrent: false
   namespace: chainsaw-multitenancy
   steps:
   - name: step-00
@@ -20,18 +19,6 @@ spec:
         file: 01-install-tempo.yaml
     - assert:
         file: 01-assert.yaml
-  - name: Wait for Tempo to be ready
-    try:
-    - wait:
-        apiVersion: tempo.grafana.com/v1alpha1
-        kind: TempoStack
-        name: simplest
-        namespace: chainsaw-multitenancy
-        timeout: 2m
-        for:
-          condition:
-            name: Ready
-            value: 'True'
   - name: step-02
     try:
     - apply: