-
Bug
-
Resolution: Done
-
Blocker
-
Logging 5.8.0
Description of problem:
The fixed value app.kubernetes.io/instance=collector is used in the service spec.selector. The value should be a mutable value.
The .spec.selector."app.kubernetes.io/instance" should be "http-to-cloudwatch"" in case below.
$oc get svc httpserver -o json |jq '.spec.selector' { "app.kubernetes.io/instance": "collector", "component": "collector", "provider": "openshift" }
$oc get pods http-to-cloudwatch-pgkhk -o json |jq '.metadata.labels' { "app.kubernetes.io/component": "collector", "app.kubernetes.io/instance": "http-to-cloudwatch", "app.kubernetes.io/managed-by": "cluster-logging-operator", "app.kubernetes.io/name": "vector", "app.kubernetes.io/part-of": "cluster-logging", "app.kubernetes.io/version": "5.8.0", "component": "collector", "controller-revision-hash": "8f799", "implementation": "vector", "logging-infra": "http-to-cloudwatch", "pod-security.kubernetes.io/enforce": "privileged", "pod-template-generation": "2", "provider": "openshift", "security.openshift.io/scc.podSecurityLabelSync": "false", "vector.dev/exclude": "true" }
How reproducible:
Always
Steps to Reproduce:
1) oc project ${hosted_cluster_project}
2) Create secret to cloudwatch output
oc create secret generic cloudwatch-credentials \
--from-literal=aws_access_key_id="${AWS_ACCESS_KEY_ID}" \
--from-literal=aws_secret_access_key="${AWS_SECRET_ACCESS_KEY}"
3) Enable inputs.receiver
oc -n ${hosted_cluster_project} create serviceaccount clf-collector
oc adm policy add-cluster-role-to-user collect-audit-logs -z clf-collector
cat <<EOF | oc apply -f -
apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
name: http-to-cloudwatch
namespace: ${hosted_cluster_project}
spec:
inputs:
- name: input-http
receiver:
http:
format: kubeAPIAudit
receiverPort:
name: httpserver
port: 443
targetPort: 8443
outputs:a
- name: cloudwatch
type: cloudwatch
cloudwatch:
groupBy: logType
region: us-east-2
secret:
name: cloudwatch-credentials
pipelines:
- name: to-cloudwatch
inputRefs:
- input-http
outputRefs:
- cloudwatch
serviceAccountName: clf-collector
EOF
4) Check the service and endpoint
oc get svc httpserver NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE httpserver ClusterIP 172.30.48.203 <none> 443/TCP 108m
Actual Results:
Endpoint can not be found.
$ oc get endpoints httpserver NAME ENDPOINTS AGE httpserver <none> 109m
Expected Results
Endpoints point to correct pods IPs.
