fix: добавить ingress для Tempo, конвертировать на values-шаблон

- Добавлены tempo_ingress_enabled/host/class/tls/cert_issuer в defaults
- Создан tempo-values.yaml.j2 (вместо inline values в задаче — проще с условиями)
- tasks/main.yml обновлён под values_files + показывает ingress-адрес в итоговом выводе

addons/tempo/role/defaults/main.yml

@@ -18,6 +18,13 @@ tempo_receivers_otlp_enabled: true
 tempo_receivers_jaeger_enabled: true
 tempo_receivers_zipkin_enabled: false
 
+# Ingress
+tempo_ingress_enabled: false
+tempo_ingress_host: "tempo.local"
+tempo_ingress_class: "{{ ingress_nginx_class_name | default('nginx') }}"
+tempo_ingress_tls: false
+tempo_ingress_cert_issuer: "{{ cert_manager_default_issuer_name | default('letsencrypt-prod') }}"
+
 # Метрики
 tempo_metrics_enabled: true
 # ServiceMonitor создаётся только когда addon_prometheus_stack: true

addons/tempo/role/tasks/main.yml

@@ -6,6 +6,12 @@
   environment:
     KUBECONFIG: "{{ k3s_kubeconfig_path }}"
 
+- name: Template Tempo values
+  ansible.builtin.template:
+    src: tempo-values.yaml.j2
+    dest: /tmp/tempo-values.yaml
+    mode: '0644'
+
 - name: Install Tempo via Helm
   kubernetes.core.helm:
     name: tempo
@@ -15,58 +21,8 @@
     create_namespace: true
     wait: true
     timeout: "5m0s"
-    values:
+    values_files:
-      tempo:
+      - /tmp/tempo-values.yaml
-        retention: "{{ tempo_retention_period }}"
-
-        receivers:
-{% if tempo_receivers_otlp_enabled %}
-          otlp:
-            protocols:
-              grpc:
-                endpoint: "0.0.0.0:4317"
-              http:
-                endpoint: "0.0.0.0:4318"
-{% endif %}
-{% if tempo_receivers_jaeger_enabled %}
-          jaeger:
-            protocols:
-              thrift_http:
-                endpoint: "0.0.0.0:14268"
-              grpc:
-                endpoint: "0.0.0.0:14250"
-{% endif %}
-{% if tempo_receivers_zipkin_enabled %}
-          zipkin:
-            endpoint: "0.0.0.0:9411"
-{% endif %}
-
-      persistence:
-        enabled: true
-        accessModes:
-          - ReadWriteOnce
-        size: "{{ tempo_storage_size }}"
-{% if tempo_storage_class %}
-        storageClassName: "{{ tempo_storage_class }}"
-{% endif %}
-
-      tolerations:
-        - key: "node-role.kubernetes.io/control-plane"
-          operator: "Exists"
-          effect: "NoSchedule"
-
-      resources:
-        requests:
-          cpu: "{{ tempo_resources.requests.cpu }}"
-          memory: "{{ tempo_resources.requests.memory }}"
-        limits:
-          cpu: "{{ tempo_resources.limits.cpu }}"
-          memory: "{{ tempo_resources.limits.memory }}"
-
-      serviceMonitor:
-        enabled: "{{ tempo_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool }}"
-        additionalLabels:
-          release: kube-prometheus-stack
   environment:
     KUBECONFIG: "{{ k3s_kubeconfig_path }}"
 
@@ -98,5 +54,5 @@
       - "{% if tempo_receivers_otlp_enabled %}OTLP gRPC: tempo.{{ tempo_namespace }}.svc.cluster.local:4317{% endif %}"
       - "{% if tempo_receivers_otlp_enabled %}OTLP HTTP: tempo.{{ tempo_namespace }}.svc.cluster.local:4318{% endif %}"
       - "{% if tempo_receivers_jaeger_enabled %}Jaeger HTTP: tempo.{{ tempo_namespace }}.svc.cluster.local:14268{% endif %}"
+      - "{% if tempo_ingress_enabled %}UI/API: http{{ 's' if tempo_ingress_tls else '' }}://{{ tempo_ingress_host }}{% else %}Port-forward: kubectl port-forward svc/tempo -n {{ tempo_namespace }} 3200:3200{% endif %}"
       - "{% if addon_prometheus_stack | default(false) | bool %}Datasource 'Tempo' добавлен в Grafana автоматически{% else %}Добавь datasource в Grafana: тип Tempo, URL http://tempo.{{ tempo_namespace }}.svc.cluster.local:3200{% endif %}"
-      - "Отправляй трейсы из приложений через OTLP на tempo.{{ tempo_namespace }}.svc.cluster.local:4317"

addons/tempo/role/templates/tempo-values.yaml.j2

@@ -0,0 +1,72 @@
+## Tempo Helm values — Ansible managed
+
+tempo:
+  retention: "{{ tempo_retention_period }}"
+
+  receivers:
+{% if tempo_receivers_otlp_enabled %}
+    otlp:
+      protocols:
+        grpc:
+          endpoint: "0.0.0.0:4317"
+        http:
+          endpoint: "0.0.0.0:4318"
+{% endif %}
+{% if tempo_receivers_jaeger_enabled %}
+    jaeger:
+      protocols:
+        thrift_http:
+          endpoint: "0.0.0.0:14268"
+        grpc:
+          endpoint: "0.0.0.0:14250"
+{% endif %}
+{% if tempo_receivers_zipkin_enabled %}
+    zipkin:
+      endpoint: "0.0.0.0:9411"
+{% endif %}
+
+persistence:
+  enabled: true
+  accessModes:
+    - ReadWriteOnce
+  size: "{{ tempo_storage_size }}"
+{% if tempo_storage_class %}
+  storageClassName: "{{ tempo_storage_class }}"
+{% endif %}
+
+tolerations:
+  - key: "node-role.kubernetes.io/control-plane"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+resources:
+  requests:
+    cpu: "{{ tempo_resources.requests.cpu }}"
+    memory: "{{ tempo_resources.requests.memory }}"
+  limits:
+    cpu: "{{ tempo_resources.limits.cpu }}"
+    memory: "{{ tempo_resources.limits.memory }}"
+
+serviceMonitor:
+  enabled: {{ (tempo_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool) | lower }}
+  additionalLabels:
+    release: kube-prometheus-stack
+
+ingress:
+  enabled: {{ tempo_ingress_enabled | lower }}
+{% if tempo_ingress_enabled %}
+  ingressClassName: "{{ tempo_ingress_class }}"
+  hosts:
+    - host: "{{ tempo_ingress_host }}"
+      paths:
+        - path: /
+          pathType: Prefix
+{% if tempo_ingress_tls %}
+  tls:
+    - secretName: tempo-tls
+      hosts:
+        - "{{ tempo_ingress_host }}"
+  annotations:
+    cert-manager.io/cluster-issuer: "{{ tempo_ingress_cert_issuer }}"
+{% endif %}
+{% endif %}