-
Bug
-
Resolution: Won't Do
-
Normal
-
Logging 5.8.0
-
False
-
None
-
False
-
NEW
-
NEW
-
Bug Fix
-
-
Description of problem:
When creating mulitple-CLF to only forward application logs, all the logs including audit, journal logs are mounted to the collector pods:
$ oc rsh clf-47760-6pgvc sh-5.1# ls -l /var/log/audit/ total 792 -rw-------. 1 root root 806273 Aug 29 05:29 audit.log sh-5.1# ls -l /var/log/journal/ total 0 drwxr-sr-x+ 2 root systemd-journal 28 Aug 28 23:57 cf5924b2c1f54783e90793a85ae6ae1c sh-5.1# sh-5.1# ls -l /var/log/*server/ /var/log/kube-apiserver/: total 315640 -rw-------. 1 root root 209179171 Aug 29 05:44 audit.log -rw-------. 1 root root 246488 Aug 29 00:19 termination.log /var/log/oauth-apiserver/: total 8004 -rw-------. 1 root root 7585180 Aug 29 05:44 audit.log /var/log/oauth-server/: total 356 -rw-------. 1 root root 364120 Aug 29 05:43 audit.log /var/log/openshift-apiserver/: total 13380 -rw-------. 1 root root 12745275 Aug 29 05:44 audit.log sh-5.1# $ oc get clf clf-47760 -oyaml apiVersion: logging.openshift.io/v1 kind: ClusterLogForwarder metadata: creationTimestamp: "2023-08-29T01:33:29Z" generation: 1 name: clf-47760 namespace: e2e-test-multiple-clfs-wp4m4 resourceVersion: "197543" uid: 595b7c00-6ae7-4529-af5d-7f312aa38e68 spec: outputs: - name: loki-server type: loki url: http://loki-server.e2e-test-multiple-clfs-wp4m4.svc:3100 pipelines: - inputRefs: - application name: forward-to-loki outputRefs: - loki-server serviceAccountName: clf-f5gl59i0
Version-Release number of selected component (if applicable):
openshift-logging/cluster-logging-rhel9-operator/images/v5.8.0-137
How reproducible:
Always
Steps to Reproduce:
- Create a mulitple-CLF to only forward application logs
- Check files under `/var/log` directory in collector pod
Actual results:
All the logs are mounted in collector pods.
Expected results:
Only the logs the collector pods can forward are mounted to the collector pod.
Additional info:
- relates to
-
-
- New
-
-
-
- ASSIGNED
-
- links to