Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-4368

[release-5.7] sts cloudwatch issues after upgrading from 5.5

XMLWordPrintable

    • False
    • None
    • False
    • NEW
    • VERIFIED
    • Hide
      When multiple roles are used to authenticate via sts with cloudwatch forwarding, a recent update caused the credentials to be non-unique. With this change, multiple combinations of sts roles and static credentials can once again be used to authenticate with aws cloudwatch.
      Show
      When multiple roles are used to authenticate via sts with cloudwatch forwarding, a recent update caused the credentials to be non-unique. With this change, multiple combinations of sts roles and static credentials can once again be used to authenticate with aws cloudwatch.
    • Bug Fix
    • Log Collection - Sprint 239

      Description of problem:

      Clone of the fix for 5.6

      After updating the openshift logging operator from channel stable-5.5, the operator is mounting all secrets with AWS role ARN to the same collector-sts-token volume which makes it non-unique.

      How reproducible:

      Customer is using fluentd & forwarding logs from namespaces to CloudWatch from an STS enabled cluster (not using ES)

      Steps to Reproduce:

      1. deploy STS enabled cluster
      2.  install CLO 5.7
      3. successfully deploy ClusterLogForwarding from CloudWatch using fluentd 

      Actual results:

      Multiple roles are no longer authenticated 

      Expected results:

      Work the same as in the 5.5 version, allowing multiple roles to authenticate

              cahartma@redhat.com Casey Hartman
              rhn-support-ncarmich Noreen Carmichael
              Kabir Bharti Kabir Bharti
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: