Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-4368

[release-5.7] sts cloudwatch issues after upgrading from 5.5

    XMLWordPrintable

Details

    • False
    • None
    • False
    • NEW
    • VERIFIED
    • Hide
      When multiple roles are used to authenticate via sts with cloudwatch forwarding, a recent update caused the credentials to be non-unique. With this change, multiple combinations of sts roles and static credentials can once again be used to authenticate with aws cloudwatch.
      Show
      When multiple roles are used to authenticate via sts with cloudwatch forwarding, a recent update caused the credentials to be non-unique. With this change, multiple combinations of sts roles and static credentials can once again be used to authenticate with aws cloudwatch.
    • Bug Fix
    • Log Collection - Sprint 239

    Description

      Description of problem:

      Clone of the fix for 5.6

      After updating the openshift logging operator from channel stable-5.5, the operator is mounting all secrets with AWS role ARN to the same collector-sts-token volume which makes it non-unique.

      How reproducible:

      Customer is using fluentd & forwarding logs from namespaces to CloudWatch from an STS enabled cluster (not using ES)

      Steps to Reproduce:

      1. deploy STS enabled cluster
      2.  install CLO 5.7
      3. successfully deploy ClusterLogForwarding from CloudWatch using fluentd 

      Actual results:

      Multiple roles are no longer authenticated 

      Expected results:

      Work the same as in the 5.5 version, allowing multiple roles to authenticate

      Attachments

        Activity

          People

            cahartma@redhat.com Casey Hartman
            rhn-support-ncarmich Noreen Carmichael
            Kabir Bharti Kabir Bharti
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: