Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-4029

Support STS Cloudwatch authentication for logging in Managed Clusters

XMLWordPrintable

    • False
    • None
    • False
    • NEW
    • NEW

      Story

      As an administrator of cluster log forwarding for multi-admin clusters,
      I need to use a separate STS Role and Token for authenticating each of the cluster-wide logging configs, so that each instance can authenticate independently

      Acceptance Criteria

      • multiple, isolated, ClusterLogForwarder instances can authenticate with Cloudwatch using STS roles
      • Logs are written to CW based on the specific role_arn

      Notes

      • Will require each logging instance to have access to a unique webIdentityToken, specified for each aws profile or logging configuration
      • for the splunk-audit-exporter
        • we implemented a session timer to handle the specifics of expired token rotation
        • read/write mutex to allow multiple goroutines to read logs while ensuring only one at a time can write to CW
      • Based off epic for multiple-forwarders - ref: https://issues.redhat.com/browse/LOG-1343

            cahartma@redhat.com Casey Hartman
            cahartma@redhat.com Casey Hartman
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: