Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-4302

CLO raises error message "URL not secure: , but output gcp-logging has TLS configuration parameters" if add tls.securityProfile to CLF when forwarding to googlecloudlogging/cloudwatch.

XMLWordPrintable

    • False
    • None
    • False
    • NEW
    • VERIFIED
    • Log Collection - Sprint 238, Log Collection - Sprint 239

      Description of problem:

      When forwarding to google cloud logging or cloudwatch, setting tls.securityProfile to the outputs, the CLO raises many error messages and collector pods can't be deployed:

      $ oc logs cluster-logging-operator-548c6ccb64-pkpqx
{"_ts":"2023-07-05T05:07:10.070609666Z","_level":"0","_component":"cluster-logging-operator","_message":"Error reconciling clusterlogging instance","_error":{"msg":"URL not secure: , but output gcp-logging has TLS configuration parameters"}}
{"_ts":"2023-07-05T05:07:25.355609321Z","_level":"0","_component":"cluster-logging-operator","_message":"Error reconciling clusterlogging instance","_error":{"msg":"URL not secure: , but output gcp-logging has TLS configuration parameters"}}
{"_ts":"2023-07-05T05:08:49.339087028Z","_level":"0","_component":"cluster-logging-operator","_message":"Error reconciling clusterlogging instance","_error":{"msg":"URL not secure: , but output gcp-logging has TLS configuration parameters"}}
{"_ts":"2023-07-05T05:10:38.666463009Z","_level":"0","_component":"cluster-logging-operator","_message":"Error reconciling clusterlogging instance","_error":{"msg":"URL not secure: , but output gcp-logging has TLS configuration parameters"}}
{"_ts":"2023-07-05T05:11:44.773735651Z","_level":"0","_component":"cluster-logging-operator","_message":"Error reconciling clusterlogging instance","_error":{"msg":"URL not secure: , but output gcp-logging has TLS configuration parameters"}}

      example of CLF:

      $ oc get clf instance -oyaml
apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  annotations:
    logging.openshift.io/preview-tls-security-profile: enabled
  creationTimestamp: "2023-07-05T01:41:36Z"
  generation: 1
  name: instance
  namespace: openshift-logging
  resourceVersion: "65433"
  uid: 30f71e32-6ca2-424d-a866-2050298d01ab
spec:
  inputs:
  - application:
      namespaces:
      - test
    name: myAppLogData
  outputs:
  - googleCloudLogging:
      logId: qitang-574fg-53903
      projectId: xxxxxxxxx
    name: gcp-logging
    secret:
      name: gcp-secret
    tls:
      securityProfile:
        type: Modern
    type: googleCloudLogging
  pipelines:
  - inputRefs:
    - myAppLogData
    name: test-google-cloud-logging
    outputRefs:
    - gcp-logging
status:
  conditions:
  - lastTransitionTime: "2023-07-05T01:47:40Z"
    message: 'validation failed: URL not secure: , but output gcp-logging has TLS
      configuration parameters'
    reason: Invalid
    status: "False"
    type: Ready

      Version-Release number of selected component (if applicable):

      cluster-logging.v5.7.3

      cluster-logging.v5.8.0

      How reproducible:

      Always

      Steps to Reproduce:

      1. create CLF with above yaml file
      2. create CL with:
      apiVersion: "logging.openshift.io/v1"
kind: "ClusterLogging"
metadata:
  name: "instance"
  namespace: "openshift-logging"
spec:
  managementState: "Managed"
  collection:
    type: "vector"

      Actual results:

      No collector pods, CLO raises error.

      Expected results:

      No error, collector pods should be deployed.

      Additional info:

            vparfono Vitalii Parfonov
            qitang@redhat.com Qiaoling Tang
            Qiaoling Tang Qiaoling Tang
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: