-
Bug
-
Resolution: Done
-
Blocker
-
Logging 5.4.0
-
False
-
None
-
False
-
NEW
-
OBSDA-108 - Distribute an alternate Vector Log Collector
-
VERIFIED
-
Logging (Core) - Sprint 220, Log Collection - Sprint 221
Version of components:
Logging 5.4
Server Version: 4.11.0-0.nightly-2022-04-07-053433
Kubernetes Version: v1.23.3+37c5e75
Description of the problem:
When a user provided token added to a secret is used in ClusterLogForwarder instance to send logs to a LokiStack instance, the required Vector auth config with bearer token is not generated. The config should be generated even when a empty key token is used in a secret.
Steps to reproduce the issue.
1 Deploy 5.4 ClusterLogging, Elasticsearch and LokiStack operators.
2 Create the LokiStack instance.
3 Create a ClusterLogging instance.
apiVersion: "logging.openshift.io/v1" kind: "ClusterLogging" metadata: name: "instance" namespace: "openshift-logging" annotations: logging.openshift.io/preview-vector-collector: enabled spec: managementState: "Managed" logStore: type: "elasticsearch" retentionPolicy: application: maxAge: 10h infra: maxAge: 10h audit: maxAge: 10h elasticsearch: nodeCount: 1 storage: {} resources: limits: memory: "4Gi" requests: memory: "1Gi" proxy: resources: limits: memory: 256Mi requests: memory: 256Mi redundancyPolicy: "ZeroRedundancy" visualization: type: "kibana" kibana: replicas: 1 collection: logs: type: "vector" vector: {}
4 Create a secret with the logcollector token.
oc -n openshift-logging create secret generic lokistack-gateway-bearer-token --from-literal=token="eyJhbGciOiJSUzI1NiIsImtpZCI6IktRZVVOVFI4X0o0eFNiMkp6V0NCdDRxUnMxUW10WHBKbDJCcDZ2T0Q5RFkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJvcGVuc2hpZnQtbG9nZ2luZyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJsb2djb2xsZWN0b3ItdG9rZW4teGNmcjYiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoibG9nY29sbGVjdG9yIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNDI0ODY3ODctOGZjNS00ZjBmLTg5MmEtY2RhMDc0ZGE5NzljIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Om9wZW5zaGlmdC1sb2dnaW5nOmxvZ2NvbGxlY3RvciJ9.TcoO6tc8ADekTtFfwljD6HH9Asti_oD_umXQOC-tjpX10xhushofu129TOU6nMgNRJJ02dOi4svxDU85_wBQel8aojkARmBf0IXYWYZy51xOBxzkNbXdUEvmRgQxXMrOK30Qj634IyvxLiaR6sEc2QJR5iQGHZMdvgWW69bAUjZz0d7mkQFEosKr1GBNnq8v1ApxynjQuNHYa2U4UNgCwLNIKmOLELGJe7xlCociP6DC6YnmxX3cczViWPK2SB7PlJCOfywEJQmH9eVO_V9Sc54q08zl2fCNYN8zsk7Ytsm7b9I2T8DuvUEfBWWpblHTQvS0HCpbe4k2hnA_1TL-AAiPtjDk0OhJxhD4tpWGP9FBglaWq6qLg-WJDZKGxPw1EHYz_znvbU4asfJLZj9b2KURpdfaNbXqfN7jh9JR0GedOE7wroT5QzV0oGuSEYuP8tqOGvYx8SKjAl1g2-JEVbW7oFn1UwiURwNU5s7n_bi2efjiz1Fesooq-m6Rv27-irIP3KrfWd6NHraq-P3p1VXl4unkYk4yu9tQ-Te45W2eqHlgEbcRP8SxntcjbgLdV4zjSNG-sVCavczsVl8SdoqeYiOQRqnquAmwZs7qE6WBj85cV3ELkYjip7R3Bbs8cKwD2TggVLkfscs6z9JqNAf5pIZsfzujmP77swGp3HA"
5 Create a ClusterLogForwarder instance with secret for connecting to the LokiStack output.
apiVersion: logging.openshift.io/v1 kind: ClusterLogForwarder metadata: name: instance namespace: openshift-logging spec: outputs: - name: loki-app type: loki url: http://lokistack-instance-gateway-http.openshift-logging.svc:8080/api/logs/v1/application/ secret: name: lokistack-gateway-bearer-token - name: loki-infra type: loki url: http://lokistack-instance-gateway-http.openshift-logging.svc:8080/api/logs/v1/infrastructure/ secret: name: lokistack-gateway-bearer-token - name: loki-audit type: loki url: http://lokistack-instance-gateway-http.openshift-logging.svc:8080/api/logs/v1/audit/ secret: name: lokistack-gateway-bearer-token pipelines: - name: send-app-logs inputRefs: - application outputRefs: - loki-app - name: send-infra-logs inputRefs: - infrastructure outputRefs: - loki-infra - name: send-audit-logs inputRefs: - audit outputRefs: - loki-audit
6 Extract and check the generated vector config.
[sinks.loki_app] type = "loki" inputs = ["send-app-logs"] endpoint = "http://lokistack-instance-gateway-http.openshift-logging.svc:8080/api/logs/v1/application/"[sinks.loki_app.encoding] codec = "json"[sinks.loki_app.labels] kubernetes_container_name = "{{kubernetes.container_name}}" kubernetes_host = "${VECTOR_SELF_NODE_NAME}" kubernetes_namespace_name = "{{kubernetes.pod_namespace}}" kubernetes_pod_name = "{{kubernetes.pod_name}}" log_type = "{{log_type}}"[sinks.loki_infra] type = "loki" inputs = ["send-infra-logs"] endpoint = "http://lokistack-instance-gateway-http.openshift-logging.svc:8080/api/logs/v1/infrastructure/"[sinks.loki_infra.encoding] codec = "json"[sinks.loki_infra.labels] kubernetes_container_name = "{{kubernetes.container_name}}" kubernetes_host = "${VECTOR_SELF_NODE_NAME}" kubernetes_namespace_name = "{{kubernetes.pod_namespace}}" kubernetes_pod_name = "{{kubernetes.pod_name}}" log_type = "{{log_type}}"[sinks.loki_audit] type = "loki" inputs = ["send-audit-logs"] endpoint = "http://lokistack-instance-gateway-http.openshift-logging.svc:8080/api/logs/v1/audit/"[sinks.loki_audit.encoding] codec = "json"[sinks.loki_audit.labels] kubernetes_container_name = "{{kubernetes.container_name}}" kubernetes_host = "${VECTOR_SELF_NODE_NAME}" kubernetes_namespace_name = "{{kubernetes.pod_namespace}}" kubernetes_pod_name = "{{kubernetes.pod_name}}" log_type = "{{log_type}}"[sinks.prometheus_output] type = "prometheus_exporter" inputs = ["internal_metrics"] address = "0.0.0.0:24231" default_namespace = "collector"
Expected results:
1 The user provided token is added to Vector config.
2 An empty token value can be provided in a secret. Useful when connecting to a Loki server which does not require any auth. However the presence of a token doesn't affect the connection to a server without auth, Vector is able to send logs to the service.
