Yet another useless blog_
  • What's New
    • What's new in OpenShift, 4.20 Edition
  • Compliance
    • oc compliance command line plugin
    • Compliance Operator
  • GitOps Episodes
    • Introducing the GitOps Approach
    • GitOps - Choosing the right Git repository structure
    • Setup OpenShift GitOps/Argo CD
    • Configure App-of-Apps
    • Setup & Configure Compliance Operator using GitOps
    • Setup & Configure Advanced Cluster Security using GitOps
    • Configure Buckets in MinIO using GitOps
    • Installing OpenShift Logging using GitOps
    • Multiple Sources for Applications in Argo CD
    • Update Cluster Version using GitOps approach
    • Managing Certificates using GitOps approach
    • Using Kustomize to post render a Helm Chart
    • Using ApplicationSet with Matrix Generator and define individual Namespaces
    • Reusable Argo CD Application Helm Template
  • OpenShift
    • A second look into the Kubernetes Gateway API on OpenShift
    • A first look into the Kubernetes Gateway API on OpenShift
    • Cert-Manager Policy Approver in OpenShift
    • Single log out from Keycloak and OpenShift
    • Step by Step - Using Keycloak Authentication in OpenShift
    • Introducing AdminNetworkPolicies
    • OpenShift Data Foundation - Noobaa Bucket Data Retention (Lifecycle)
    • Running Falco on OpenShift 4.12
    • Quay Deployment and Configuration using GitOps
    • Setting up Falco on OpenShift 4.12
    • How to force a MachineConfig rollout
    • Operator installation with Argo CD
    • SSL Certificate Management for OpenShift on AWS
    • Using ServerSideApply with ArgoCD
    • Secrets Management - Vault on OpenShift
    • Overview of Red Hat's Multi Cloud Gateway (Noobaa)
    • Secure your secrets with Sealed Secrets
    • Understanding RWO block device handling in OpenShift
    • Writing Operator using Ansible
    • Thanos Querier vs Thanos Querier
    • GitOps - Argo CD
    • OpenShift Pipelines - Tekton Introduction
    • Helpful oc / kubectl commands
  • OpenShift Day-2
    • etcd
      • Automated ETCD Backup
    • Labels & Environments
      • Working with Environments
    • Observability
      • The Hitchhiker's Guide to Observability Introduction - Part 1
      • The Hitchhiker's Guide to Observability - Grafana Tempo - Part 2
      • The Hitchhiker's Guide to Observability - Central Collector - Part 3
      • The Hitchhiker's Guide to Observability - Example Applications - Part 4
      • The Hitchhiker's Guide to Observability - Understanding Traces - Part 5
      • The Hitchhiker's Guide to Observability - Adding A New Tenant - Part 6
      • The Hitchhiker's Guide to Observability - Here Comes Grafana - Part 7
      • The Hitchhiker's Guide to Observability - Limit Read Access to Traces - Part 8
    • Pod Placement
      • Introduction
      • NodeSelector
      • Pod Affinity/Anti-Affinity
      • Node Affinity
      • Taints and Tolerations
      • Topology Spread Constraints
      • Using Descheduler
  • Secure Supply Chain
    • Introduction to a Secure Supply Chain
    • Step 1 - Listen to Events
    • Step 2 - Pipelines
    • Step 3 - SonarQube
    • Step 4 - Verify Git Commit
    • Step 5 - Build and Sign Image
    • Step 6 - Scanning with ACS
    • Step 7 - Generating a SBOM
    • Step 8 - Updating Kubernetes Manifests
    • Step 9 - Linting Kubernetes Manifests
    • Step 10 - The Example Application
    • Step 11 - ACS Deployment Check
    • Step 12 - Verify TLog Signature
    • Step 13 - Bring it to Production
  • General
    • Basic usage of git
    • Red Hat Satellite Cheat Sheet
  • Ansible
    • Ansible Style Guide
    • Automation Controller and LDAP Authentication
    • Ansible Tower and downloading collections
    • Ansible - Azure Resource Manager Example
    • DO410 Ansible and Ansible Tower training notes
  • Service Mesh
    • Enable Automatic Route Creation
    • Authorization (RBAC)
    • Deploy Example Bookinfo Application
    • Service Mesh 1.1 released
    • Authentication JWT
    • Mutual TLS Authentication
    • Fault Injection
    • Limit Egress/External Traffic
    • Advanced Routing Example
    • Routing Example
    • Ingress with custom domain
    • Ingress Traffic
    • Deploy Microservices
    • Installation
  • Advanced Cluster Security
    • Advanced Cluster Security - Authentication
  • Azure
    • Stumbling into Azure Part II: Setting up a private ARO cluster
    • Stumbling into Azure Part I: Building a site-to-site VPN tunnel for testing
  • Java
    • Adventures in Java Land: JPA disconnected entities
  • Quay
    • Red Hat Quay Registry - Integrate Keycloak
    • Stumbling into Quay: Upgrading from 3.3 to 3.4 with the quay-operator
    • Red Hat Quay Registry - Overview and Installation
  • Legal Disclosure
  • RSS Feeds

Saved Articles 0

No saved articles yet.

Click the "Save" button on any article to bookmark it for later.

    What's on this Page
    • Home
    • About Us
      Thomas Jungbauer Toni Schmidbauer Legal Disclosure
    • Catagories
    • Tags
    • History
    • Helm Charts

     navi

    navigation YAUB Yet Another Useless Blog > Authors > Articles by Thomas Jungbauer

    Articles by Thomas Jungbauer

    image from The Hitchhiker's Guide to Observability - Limit Read Access to Traces - Part 8
    OpenShift Observability Distributed Tracing OpenTelemetry Tempo Grafana

    The Hitchhiker's Guide to Observability - Limit Read Access to Traces - Part 8

    December 6, 2025 - Thomas Jungbauer Thomas Jungbauer - 3 min

    In the previous articles, we deployed a distributed tracing infrastructure with TempoStack and OpenTelemetry Collector. We also deployed a Grafana instance to visualize the traces. The configuration was done in a way that allows everybody to read the traces. Every system:authenticated user is able to read ALL traces. This is usually not what you want. You want to limit trace access to only the appropriate namespace.

    In this article, we’ll limit the read access to traces. The users of the team-a namespace will only be able to see their own traces.

    Read More ...
    image from The Hitchhiker's Guide to Observability - Here Comes Grafana - Part 7
    OpenShift Observability Distributed Tracing OpenTelemetry Tempo Grafana

    The Hitchhiker's Guide to Observability - Here Comes Grafana - Part 7

    December 4, 2025 - Thomas Jungbauer Thomas Jungbauer - 12 min

    While we have been using the integrated tracing UI in OpenShift, it is time to summon Grafana. Grafana is a visualization powerhouse that allows teams to build custom dashboards, correlate traces with logs and metrics, and gain deep insights into their applications. In this article, we’ll deploy a dedicated Grafana instance for team-a in their namespace, configure a Tempo datasource, and create a dashboard to explore distributed traces.

    Read More ...
    image from The Hitchhiker's Guide to Observability Introduction - Part 1
    OpenShift Observability Distributed Tracing OpenTelemetry Tempo Grafana

    The Hitchhiker's Guide to Observability Introduction - Part 1

    November 23, 2025 - Thomas Jungbauer Thomas Jungbauer - 4 min

    With this article I would like to summarize and, especially, remember my setup. This is Part 1 of a series of articles that I split up so it is easier to read and understand and not too long. Initially, there will be 6 parts, but I will add more as needed.

    Read More ...
    image from The Hitchhiker's Guide to Observability - Grafana Tempo - Part 2
    OpenShift Observability Distributed Tracing OpenTelemetry Tempo Grafana

    The Hitchhiker's Guide to Observability - Grafana Tempo - Part 2

    November 24, 2025 - Thomas Jungbauer Thomas Jungbauer - 17 min

    After covering the fundamentals and architecture in Part 1, it’s time to get our hands dirty! This article walks through the complete implementation of a distributed tracing infrastructure on OpenShift.

    We’ll deploy and configure the Tempo Operator and a multi-tenant TempoStack instance. For S3 storage we will use the integrated OpenShift Data Foundation. However, you can use whatever S3-compatible storage you have available.

    Read More ...
    image from The Hitchhiker's Guide to Observability - Central Collector - Part 3
    OpenShift Observability Distributed Tracing OpenTelemetry Tempo Grafana

    The Hitchhiker's Guide to Observability - Central Collector - Part 3

    November 25, 2025 - Thomas Jungbauer Thomas Jungbauer - 12 min

    With the architecture defined in Part 1 and TempoStack deployed in Part 2, it’s time to tackle the heart of our distributed tracing system: the Central OpenTelemetry Collector. This is the critical component that sits between your application namespaces and TempoStack, orchestrating trace flow, metadata enrichment, and tenant routing.

    Read More ...
    image from The Hitchhiker's Guide to Observability - Example Applications - Part 4
    OpenShift Observability Distributed Tracing OpenTelemetry Tempo Grafana

    The Hitchhiker's Guide to Observability - Example Applications - Part 4

    November 26, 2025 - Thomas Jungbauer Thomas Jungbauer - 13 min

    With the architecture defined, TempoStack deployed, and the Central Collector configured, we’re now ready to complete the distributed tracing pipeline. It’s time to deploy real applications and see traces flowing through the entire system!

    In this fourth installment, we’ll focus on the application layer - deploying Local OpenTelemetry Collectors in team namespaces and configuring example applications to generate traces. You’ll see how applications automatically get enriched with Kubernetes metadata, how namespace-based routing directs traces to the correct TempoStack tenants, and how the entire two-tier architecture comes together.

    Read More ...
    image from The Hitchhiker's Guide to Observability - Understanding Traces - Part 5
    OpenShift Observability Distributed Tracing OpenTelemetry Tempo Grafana

    The Hitchhiker's Guide to Observability - Understanding Traces - Part 5

    November 27, 2025 - Thomas Jungbauer Thomas Jungbauer - 4 min

    With the architecture established, TempoStack deployed, the Central Collector configured, and applications generating traces, it’s time to take a step back and understand what we’re actually building. Before you deploy more applications and start troubleshooting performance issues, you need to understand how to read and interpret distributed traces.

    Let’s decode the matrix of distributed tracing!

    Read More ...
    image from The Hitchhiker's Guide to Observability - Adding A New Tenant - Part 6
    OpenShift Observability Distributed Tracing OpenTelemetry Tempo Grafana

    The Hitchhiker's Guide to Observability - Adding A New Tenant - Part 6

    November 28, 2025 - Thomas Jungbauer Thomas Jungbauer - 4 min

    While we have created our distributed tracing infrastructure, we created two tenants as an example. In this article, I will show you how to add a new tenant and which changes must be made in the TempoStack and the OpenTelemetry Collector.

    This article was mainly created as a quick reference guide to see which changes must be made when adding new tenants.

    Read More ...
    • 1
    • 2
    • 3
    • 4
    • 5
    • »
    • » »

      Copyright © 2020 - 2025 Toni Schmidbauer & Thomas Jungbauer

      ← Previous
      Use arrow keys to navigate
      Next →
      ←
      →