-
Task
-
Resolution: Done
-
Minor
-
Logging 5.9.0
-
False
-
None
-
False
-
NEW
-
VERIFIED
-
-
Enhancement
-
-
-
Log Storage - Sprint 250, Log Storage - Sprint 251, Log Storage - Sprint 252, Log Storage - Sprint 253, Log Storage - Sprint 254, Log Storage - Sprint 255, Log Storage - Sprint 256
The current style of S3 configuration for LokiStack when using Amazon AWS S3 can be confusing to users, because we ask for an "endpoint", but do not actually use virtual-host style access as suggested by the AWS documentation.
Because the AWS S3 URLs are well-formed, we could introduce a small additional validation into the secret handling in the Loki Operator that would detect this issue and produce a validation error.
Currently, when a user configures the endpoint as suggested by the AWS documentation:
https://bucket-name.s3.us-west-2.amazonaws.com/
and also configures "bucketnames" as "bucket-name", this leads to Loki treating this as the "subdirectory bucket-name inside the bucket called bucket-name" which causes errors in some components.
Loki does not need the "bucket-name" as part of the endpoint (not even in virtual-host mode), because it constructs the hostname internally. So we could just validate that the URL is of the pattern "https://s3.REGION.amazonaws.com" when Amazon AWS S3 is used.
Implementation notes
The validation could look something like this:
- If the storage is configured as S3
- Check if the provided "endpoint" is a parseable URL and has "http" or "https" as scheme
- If the endpoint points to ".amazonaws.com"
- Check that it is of the form "https://s3.REGION.amazonaws.com" where REGION needs to match the configured "region"
- is cloned by
-
LOG-5392 [release-5.8] Improve validation of provided S3 storage configuration
- Closed
-
LOG-5395 [release-5.9] Improve validation of provided S3 storage configuration
- Closed
-
LOG-5396 [release-5.6] Improve validation of provided S3 storage configuration
- Closed
- links to
-
RHBA-2024:137361 Logging for Red Hat OpenShift - 6.0.0