-
Bug
-
Resolution: Done
-
Major
-
Logging 5.9.0, Logging 5.8.z
-
False
-
None
-
False
-
NEW
-
VERIFIED
-
-
Release Note Not Required
-
-
-
Log Storage - Sprint 246, Log Storage - Sprint 247, Log Storage - Sprint 248
-
Important
Description of problem:
When following https://docs.openshift.com/container-platform/4.14/logging/log_storage/cluster-logging-loki.html#logging-loki-log-access_cluster-logging-loki to configure fine grained access for Loki logs, it was noticed that ClusterRoles are only created, when LokiStack is configured as log store in clusterlogging/instance
This can also be confirmed, when looking at logstore.go.
With LOG-3856 we enabled users to run elasticsearch and LokiStack in parallel to run the transition in more smooth manner for Enterprise Environment.
Therefore the missing ClusterRole are now breaking that experience as things don't behave as expected and we are missing out the required ClusterRole. Even if no transition is made and only LokiStack is being used, the ClusterRoles are also missing but should eventually be provided to manage access to logs, stored in LokiStack
Version-Release number of selected component (if applicable):
OpenShift Container Platform 4 - Cluster Logging 5.8.1
How reproducible:
Always
Steps to Reproduce:
- Setup OpenShift Container Platform 4 - Cluster Logging with LokiStack and elasticsearch both in managed state and thus keep elasticsearch the log store configured in clusterlogging/instance. If needed, review LOG-3856 for more details
Actual results:
The ClusterRole documented in https://docs.openshift.com/container-platform/4.14/logging/log_storage/cluster-logging-loki.html#logging-loki-log-access_cluster-logging-loki are not being created
Expected results:
The ClusterRole documented in https://docs.openshift.com/container-platform/4.14/logging/log_storage/cluster-logging-loki.html#logging-loki-log-access_cluster-logging-loki are being created, when LokiStack is configured/created no matter if it's defined as log store in clusterlogging/instance
Additional info:
It's possible to create the ClusterRole manually but it would be appreciated to have it managed by either ClusterLogging or LokiStack Operator.
- is cloned by
-
LOG-4987 [release-5.8] Required ClusterRole for fine grained access for Loki logs are only created when LokiStack is configured as default log store
- Closed
- is related to
-
LOG-3856 spec.logStore.type == lokistack in clusterlogging/instance is the only way to enable the LokiStack Console Plugin
- Closed
- links to
- mentioned on