deploy uptrace

uptrace/chart/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

uptrace/chart/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: uptrace
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.0.0"

uptrace/chart/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "uptrace.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "uptrace.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "uptrace.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "uptrace.labels" -}}
+helm.sh/chart: {{ include "uptrace.chart" . }}
+{{ include "uptrace.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "uptrace.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "uptrace.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "uptrace.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "uptrace.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

uptrace/chart/templates/clickhouse-service.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: clickhouse-{{ include "uptrace.fullname" . }}
+  labels:
+    app: clickhouse
+    {{- include "uptrace.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: 8123
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 9000
+      targetPort: tcp
+      protocol: TCP
+      name: tcp
+  selector:
+    app: clickhouse
+    {{- include "uptrace.selectorLabels" . | nindent 4 }}

uptrace/chart/templates/clickhouse-statefulset.yaml

@@ -0,0 +1,73 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: clickhouse-{{ include "uptrace.fullname" . }}
+  labels:
+    app: clickhouse
+    {{- include "uptrace.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: 1
+  {{- end }}
+  serviceName: clickhouse-{{ include "uptrace.fullname" . }}
+  selector:
+    matchLabels:
+      app: clickhouse
+      {{- include "uptrace.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        app: clickhouse
+        {{- include "uptrace.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.clickhouse.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "uptrace.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.clickhouse.image.repository }}:{{ .Values.clickhouse.image.tag | default "latest" }}"
+          imagePullPolicy: {{ .Values.clickhouse.image.pullPolicy }}
+          env:
+            - name: CLICKHOUSE_DB
+              value: uptrace
+          volumeMounts: []
+          ports:
+            - name: http
+              containerPort: 8123
+              protocol: TCP
+            - name: tcp
+              containerPort: 9000
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes: []

uptrace/chart/templates/hpa.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "uptrace.fullname" . }}
+  labels:
+    {{- include "uptrace.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "uptrace.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}

uptrace/chart/templates/ingress.yaml

@@ -0,0 +1,61 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "uptrace.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "uptrace.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end }}

uptrace/chart/templates/service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "uptrace.fullname" . }}
+  labels:
+    app: uptrace
+    {{- include "uptrace.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app: uptrace
+    {{- include "uptrace.selectorLabels" . | nindent 4 }}

uptrace/chart/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "uptrace.serviceAccountName" . }}
+  labels:
+    {{- include "uptrace.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

uptrace/chart/templates/uptrace-config.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "uptrace.fullname" . }}
+  labels:
+    {{- include "uptrace.labels" . | nindent 4 }}
+data:
+  uptrace.yml: |
+{{ .Values.uptrace.config | toYaml | indent 4 }}

uptrace/chart/templates/uptrace-statefulset.yaml

@@ -0,0 +1,71 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "uptrace.fullname" . }}
+  labels:
+    app: uptrace
+    {{- include "uptrace.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  serviceName: {{ include "uptrace.fullname" . }}
+  selector:
+    matchLabels:
+      app: uptrace
+      {{- include "uptrace.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ .Values.uptrace.config | toYaml | sha256sum }}
+      labels:
+        app: uptrace
+        {{- include "uptrace.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "uptrace.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          volumeMounts:
+            - name: config
+              mountPath: /etc/uptrace/uptrace.yml
+              subPath: uptrace.yml
+          ports:
+            - name: http
+              containerPort: 14318
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: config
+          configMap:
+            name: {{ include "uptrace.fullname" . }}

uptrace/chart/values.yaml

@@ -0,0 +1,302 @@
+# Default values for uptrace.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: uptrace/uptrace-dev
+  pullPolicy: Always
+  tag: latest
+
+clickhouse:
+  imagePullSecrets: []
+  image:
+    repository: clickhouse/clickhouse-server
+    pullPolicy: IfNotPresent
+    tag: "22.7"
+
+
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+service:
+  type: ClusterIP
+  port: 80
+
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+uptrace:
+  config:
+    ##
+    ## A list of pre-configured projects. Each project is fully isolated.
+    ##
+    projects:
+      # Conventionally, the first project is used to monitor Uptrace itself.
+      - id: 1
+        name: Uptrace
+        # Token grants write access to the project. Keep a secret.
+        token: project1_secret_token
+        pinned_attrs:
+          - service.name
+          - host.name
+          - deployment.environment
+
+      # Other projects can be used to monitor your applications.
+      # To monitor micro-services or multiple related services, use a single project.
+      - id: 2
+        name: My project
+        token: project2_secret_token
+        pinned_attrs:
+          - service.name
+          - host.name
+          - deployment.environment
+
+    ##
+    ## To require authentication, uncomment the following section.
+    ##
+    # users:
+    #   - username: uptrace
+    #     password: uptrace
+    #   - username: admin
+    #     password: admin
+
+    ##
+    ## You can also specify auth providers, instead of username+password login.
+    ##
+    # user_providers:
+    #   # Cloudflare user provider: uses Cloudflare Zero Trust Access (Identity)
+    #   # See https://developers.cloudflare.com/cloudflare-one/identity/ for more info.
+    #   cloudflare:
+    #     # The base URL of the Cloudflare Zero Trust team.
+    #     team_url: https://myteam.cloudflareaccess.com
+    #     # The Application Audience (AUD) Tag for this application.
+    #     # You can retrieve this from the Cloudflare Zero Trust 'Access' Dashboard.
+    #     audience: bea6df23b944e4a0cd178609ba1bb64dc98dfe1f66ae7b918e563f6cf28b37e0
+
+    ##
+    ## ClickHouse database credentials.
+    ##
+    ch:
+      # Connection string for ClickHouse database. For example:
+      # clickhouse://<user>:<password>@<host>:<port>/<database>?sslmode=disable
+      #
+      # See https://clickhouse.uptrace.dev/guide/golang-clickhouse.html#options
+      dsn: 'clickhouse://default:@clickhouse-uptrace:9000/uptrace?sslmode=disable'
+
+    ##
+    ## Alerting rules for monitoring metrics.
+    ##
+    ## See https://uptrace.dev/get/alerting.html for details.
+    ##
+    alerting:
+      rules:
+        - name: Network errors
+          metrics:
+            - system.network.errors as $net_errors
+          query:
+            - $net_errors > 0 group by host.name
+          # for the last 5 minutes
+          for: 5m
+          # in the project id=1
+          projects: [1]
+
+        - name: Filesystem usage >= 90%
+          metrics:
+            - system.filesystem.usage as $fs_usage
+          query:
+            - group by host.name
+            - group by device
+            - where device !~ "loop"
+            - $fs_usage{state="used"} / $fs_usage >= 0.9
+          for: 5m
+          projects: [1]
+
+        - name: Uptrace is dropping spans
+          metrics:
+            - uptrace.projects.spans as $spans
+          query:
+            - $spans{type=dropped} > 0
+          for: 1m
+          projects: [1]
+
+        - name: Always firing (for fun and testing)
+          metrics:
+            - process.runtime.go.goroutines as $goroutines
+          query:
+            - $goroutines >= 0 group by host.name
+          for: 1m
+          projects: [1]
+
+      # Create alerts from error logs and span events.
+      create_alerts_from_spans:
+        enabled: true
+        labels:
+          alert_kind: error
+
+    ##
+    ## AlertManager client configuration.
+    ## See https://uptrace.dev/get/alerting.html for details.
+    ##
+    ## Note that this is NOT an AlertManager config and you need to configure AlertManager separately.
+    ## See https://prometheus.io/docs/alerting/latest/configuration/ for details.
+    ##
+    alertmanager_client:
+      # AlertManager API endpoints that Uptrace uses to manage alerts.
+      urls:
+        - 'http://localhost:9093/api/v2/alerts'
+
+    ##
+    ## Various options to tweak ClickHouse schema.
+    ## For changes to take effect, you need reset the ClickHouse database with `ch reset`.
+    ##
+    ch_schema:
+      # Compression codec, for example, LZ4, ZSTD(3), or Default.
+      compression: ZSTD(3)
+
+      # Whether to use ReplicatedMergeTree instead of MergeTree.
+      replicated: false
+
+      # Cluster name for Distributed tables and ON CLUSTER clause.
+      #cluster: uptrace1
+
+      spans:
+        storage_policy: 'default'
+        # Delete spans data after 30 days.
+        ttl_delete: 30 DAY
+
+      metrics:
+        storage_policy: 'default'
+        # Delete metrics data after 90 days.
+        ttl_delete: 90 DAY
+
+    ##
+    ## Addresses on which Uptrace receives gRPC and HTTP requests.
+    ##
+    listen:
+      # OTLP/gRPC API.
+      grpc:
+        addr: ':14317'
+        # tls:
+        #   cert_file: config/tls/uptrace.crt
+        #   key_file: config/tls/uptrace.key
+
+      # OTLP/HTTP API and Uptrace API with UI.
+      http:
+        addr: ':14318'
+        # tls:
+        #   cert_file: config/tls/uptrace.crt
+        #   key_file: config/tls/uptrace.key
+
+    ##
+    ## Various options for Uptrace UI.
+    ##
+    site:
+      # Overrides public URL for Vue-powered UI in case you put Uptrace behind a proxy.
+      #addr: 'https://uptrace.mydomain.com'
+
+    ##
+    ## Spans processing options.
+    ##
+    spans:
+      # The size of the Go chan used to buffer incoming spans.
+      # If the buffer is full, Uptrace starts to drop spans.
+      #buffer_size: 100000
+
+      # The number of spans to insert in a single query.
+      #batch_size: 10000
+
+    ##
+    ## Metrics processing options.
+    ##
+    metrics:
+      # List of attributes to drop for being noisy.
+      drop_attrs:
+        - telemetry.sdk.language
+        - telemetry.sdk.name
+        - telemetry.sdk.version
+
+      # The size of the Go chan used to buffer incoming measures.
+      # If the buffer is full, Uptrace starts to drop measures.
+      #buffer_size: 100000
+
+      # The number of measures to insert in a single query.
+      #batch_size: 10000
+
+    ##
+    ## SQLite database that is used to store metadata such us metric names, dashboards, alerts,
+    ## and so on.
+    ##
+    db:
+      # SQLite connection string.
+      #
+      # Uptrace automatically creates SQLite database file in the current working directory.
+      # Make sure the directory is writable by Uptrace process.
+      dsn: 'file:${UPTRACE_DB_FILE:uptrace.sqlite3}?_foreign_keys=1&_busy_timeout=1000'
+
+    # Secret key that is used to sign JWT tokens etc.
+    secret_key: ${UPTRACE_SECRET_KEY}
+
+    # Enable to log HTTP requests and database queries.
+    debug: false

uptrace/uptrace.yaml

@@ -0,0 +1,6 @@
+uptrace:
+  config:
+    user_providers:
+      cloudflare:
+        team_url: https://wavy.cloudflareaccess.com
+        audience: 75940e2248f7135b7e3a6f9bf44bac3c1c7cae8539f98c4c7df6c08f37d92d33

uptrace/values.yaml

@@ -0,0 +1,32 @@
+replicaCount: 1
+
+image:
+  repository: uptrace/uptrace-dev
+  pullPolicy: Always
+  tag: latest
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  create: false
+
+service:
+  type: ClusterIP
+  port: 80
+
+ingress:
+  enabled: true
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: trace.poire.dev
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+   - secretName: poire.dev-wildcard-tls
+     hosts:
+       - trace.poire.dev