Details
-
Bug
-
Resolution: Done
-
Blocker
-
Logging 5.7.0
Description
When forward logs over http using fluentd. the generated TLS Parameters are wrong, ca_cert should be tls_ca_cert_path;key should be tls_private_key_path;cert should be tls_client_cert_path.
<label @HTTPOUT_AUDIT>
<match **>
@type http
endpoint https://fluentdserver-fluentdserver.apps.anli103.qe.devcluster.openshift.com/logs/audit
http_method post
encoding "application/x-ndjson"
headers {"h1":"v1","h2":"v2"}
key '/var/run/ocp-collector/secrets/fluentdserver/tls.key'
cert '/var/run/ocp-collector/secrets/fluentdserver/tls.crt'
ca_cert '/var/run/ocp-collector/secrets/fluentdserver/ca-bundle.crt'
.....
</label>
Step to reproduce:
1. Create fluentd_only clustrelogging instance.
2. Forward logs over http using tls
oc -n openshift-logging create secret generic fluentdserver --from-file=ca-bundle.crt=ca.crt --from-file=tls.crt=tls.crt --from-file=tls.key=tls.key --from-literal=passphrase=aosqe2021
apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
name: instance
namespace: openshift-logging
spec:
outputs:
- http:
headers:
h1: v1
h2: v2
method: POST
name: httpout-app
secret:
name: fluentdserver
tls:
insecureSkipVerify: false
type: http
url: https://fluentdserver-fluentdserver.apps.anli103.qe.devcluster.openshift.com/logs/app
- http:
headers:
h1: v1
h2: v2
method: POST
name: httpout-infra
secret:
name: fluentdserver
tls:
insecureSkipVerify: false
type: http
url: https://fluentdserver-fluentdserver.apps.anli103.qe.devcluster.openshift.com/logs/infra
- http:
headers:
h1: v1
h2: v2
method: POST
name: httpout-audit
secret:
name: fluentdserver
tls:
insecureSkipVerify: false
type: http
url: https://fluentdserver-fluentdserver.apps.anli103.qe.devcluster.openshift.com/logs/audit
pipelines:
- inputRefs:
- application
name: app-logs
outputRefs:
- httpout-app
- inputRefs:
- infrastructure
name: infra-logs
outputRefs:
- httpout-infra
- inputRefs:
- audit
name: audit-logs
outputRefs:
- httpout-audit
