Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-2867

[fluentd] All logs are sent to application tenant when loki is used as default logstore in CLF.

XMLWordPrintable

    • False
    • None
    • False
    • NEW
    • OBSDA-7 - Adopting Loki as an alternative to Elasticsearch to support more lightweight, easier to manage/operate storage scenarios
    • VERIFIED
    • Log Collection - Sprint 222

      Description: Logs for tenants like audit and infrastructure are sent to application end point. All 3 type of logs can only be queried from application endpoint.

      How reproducible: Always

      Steps to Reproduce:
      1) Deploy Loki Operator and create LokiStack CR.
      2) Create CLF to use loki as default logstore

      apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: instance
  namespace: openshift-logging
spec:
  pipelines:
    - name: all-to-loki-logstore
      inputRefs:
      - infrastructure
      - application
      - audit
      outputRefs:
      - default

      3) Create ClusterLogging instance with Loki as logstore

      apiVersion: "logging.openshift.io/v1"
kind: "ClusterLogging"
metadata:
  name: "instance"
  namespace: openshift-logging
spec:
  managementState: "Managed"
  logStore:
    type: "lokistack"
    lokistack:
      name: lokistack-dev
  collection:
    type: "fluentd"

      4) Query all logs through logcli for application tenant (All logs present under app)

      logcli -o raw --tls-skip-verify --bearer-token="$(oc whoami -t)" --addr "https://<LOKI-ROUTE>/api/logs/v1/application" query '{log_type="application"}'
logcli -o raw --tls-skip-verify --bearer-token="$(oc whoami -t)" --addr "https://<LOKI-ROUTE>/api/logs/v1/application" query '{log_type="audit"}'
logcli -o raw --tls-skip-verify --bearer-token="$(oc whoami -t)" --addr "https://<LOKI-ROUTE>/api/logs/v1/application" query '{log_type="infrastructure"}'

      5) Query infra and audit tenant. (No logs seen)

      logcli -o raw --tls-skip-verify --bearer-token="$(oc whoami -t)" --addr "https://<LOKI-ROUTE>/api/logs/v1/audit" query '{log_type="audit"}'
logcli -o raw --tls-skip-verify --bearer-token="$(oc whoami -t)" --addr "https://<LOKI-ROUTE>/api/logs/v1/infrastructure" query '{log_type="infrastructure"}'

      Expected result:
      App logs can be queried from app endpoint only
      infra logs can be queried from infra endpoint only
      audit logs can be queried from audit endpoint only

      Actual Result:
      App, infra and audit logs are sent to app.

              rojacob@redhat.com Robert Jacob
              rhn-support-kbharti Kabir Bharti
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: