-
Bug
-
Resolution: Done
-
Critical
-
Logging 5.9.0
-
False
-
None
-
False
-
NEW
-
OBSDA-527 - Enable Grafana support for cloud providers in Loki
-
VERIFIED
-
Release Note Not Required
-
-
-
Log Storage - Sprint 249, Log Storage - Sprint 250
Description:
LokiStack CR cannot stand up on STS cluster when ODF storage is used as object storage due to invalid storage secret
LokiStack CR:
apiVersion: loki.grafana.com/v1 kind: LokiStack metadata: annotations: loki.grafana.com/credentials-request-secret-ref: logging-loki-aws-creds creationTimestamp: '2024-02-14T08:08:46Z' generation: 1 name: logging-loki namespace: openshift-logging resourceVersion: '130906' uid: f2a85f85-d4e5-4af0-9a15-6984ad9f7aba spec: managementState: Managed rules: enabled: true namespaceSelector: matchLabels: openshift.io/cluster-monitoring: 'true' selector: matchLabels: openshift.io/cluster-monitoring: 'true' size: 1x.demo storage: schemas: - effectiveDate: '2023-10-15' version: v13 secret: name: logging-loki-odf type: s3 storageClassName: openshift-storage.noobaa.io tenants: mode: openshift-logging status: components: {} conditions: - lastTransitionTime: '2024-02-14T08:08:51Z' message: Missing OpenShift cloud credentials secret reason: MissingManagedAuthenticationSecret status: 'False' type: Degraded - lastTransitionTime: '2024-02-14T08:08:51Z' message: 'Invalid object storage secret contents: missing secret field: region' reason: InvalidObjectStorageSecret status: 'True' type: Degraded storage: {}
Object storage secret:
kind: Secret apiVersion: v1 metadata: name: logging-loki-odf namespace: openshift-logging data: bucketnames: "${BUCKET_NAME}" endpoint: "https://${BUCKET_HOST}:${BUCKET_PORT}" type: Opaque
Steps to reproduce:
1) Deploy Loki Operator and Cluster Logging Operator v5.9.0
2) Deploy OpenShift Data Foundation operator and provision a StorageSystem CR.
3) Once nooba is initialized, check 'openshift-storage.noobaa.io' storageClass should exist on cluster
4) Create ObjectBucketClaim under openshift-logging namespace
5) Create object storage secret and provision LokiStack CR
Version: 5.9.0
How reproducible: Always
Expected Result: Loki components should be up and running without errors
Actual Result: LokiStack is degraded due to invalid secret
Additional info:
$ oc get sc NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE gp2-csi ebs.csi.aws.com Delete WaitForFirstConsumer true 165m gp3-csi (default) ebs.csi.aws.com Delete WaitForFirstConsumer true 165m ocs-storagecluster-ceph-rbd openshift-storage.rbd.csi.ceph.com Delete Immediate true 30m ocs-storagecluster-cephfs openshift-storage.cephfs.csi.ceph.com Delete Immediate true 30m openshift-storage.noobaa.io openshift-storage.noobaa.io/obc Delete Immediate false 19m
Issue under LokiStack:
status:
components: {}
conditions:
- lastTransitionTime: '2024-02-14T08:08:51Z'
message: Missing OpenShift cloud credentials secret
reason: MissingManagedAuthenticationSecret
status: 'False'
type: Degraded
- lastTransitionTime: '2024-02-14T08:08:51Z'
message: 'Invalid object storage secret contents: missing secret field: region'
reason: InvalidObjectStorageSecret
status: 'True'
type: Degraded
storage: {}