Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-5240

[release-5.8] Loki Operator ServiceMonitor relies on a BearerTokenFile, in violation with UWM Prometheus specification

XMLWordPrintable

    • False
    • None
    • False
    • NEW
    • VERIFIED
    • Hide
      Before this update, the Loki operator ServiceMonitor in openshift-operators-redhat relied on static token and CA files for authentication caused the Prometheus Operator in User-Workload-Monitoring to error on such ServiceMonitor configuration. With this update, the Loki Operator ServiceMonitor in openshift-operators-redhat references a serviceaccount token secret via a LocalReference and this approach resolves the issue and the User-Workload-Monitoring Prometheus Operator can process the Loki Operator ServiceMonitor successfully enabling Prometheus to scrape the Loki Operator metrics.
      Show
      Before this update, the Loki operator ServiceMonitor in openshift-operators-redhat relied on static token and CA files for authentication caused the Prometheus Operator in User-Workload-Monitoring to error on such ServiceMonitor configuration. With this update, the Loki Operator ServiceMonitor in openshift-operators-redhat references a serviceaccount token secret via a LocalReference and this approach resolves the issue and the User-Workload-Monitoring Prometheus Operator can process the Loki Operator ServiceMonitor successfully enabling Prometheus to scrape the Loki Operator metrics.
    • Bug Fix
    • Log Storage - Sprint 250, Log Storage - Sprint 251
    • Important

      Description of problem:

      Following the changes brought by [0], the Loki ServiceMonitor continues [1] to use the legacy `.spec.endpoints.bearertokensecret`, instead of the `.spec.endpoints.bearertokensecret` highlighted in [0]. 
      
      The above is in direct violation with User Workload Monitoring (UWM) Prometheus specification, which triggers this [2] warning for every customer that relies on UWM in a cluster that has OpenShift Logging deployed as well.
      
      [0] https://github.com/openshift/elasticsearch-operator/pull/903
      [1] https://github.com/grafana/loki/blob/main/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml#L14
      
      [2]
      ~~~
      level=warn ts=2023-11-09T15:21:33.009551274Z caller=operator.go:2255 component=prometheusoperator msg="skipping servicemonitor" error="it accesses file system via bearer token file which Prometheus specification prohibits" servicemonitor=openshift-operators-redhat/elasticsearch-operator-metrics-monitor namespace=openshift-user-workload-monitoring prometheus=user-workload
      level=warn ts=2023-11-09T15:21:33.0096416Z caller=operator.go:2255 component=prometheusoperator msg="skipping servicemonitor" error="it accesses file system via bearer token file which Prometheus specification prohibits" servicemonitor=openshift-operators-redhat/loki-operator-metrics-monitor namespace=openshift-user-workload-monitoring prometheus=user-workload
      ~~~

      Actual results:

      UWM Prometheus triggers the above-highlighted warning for every customer that relies on UWM in a cluster that has OpenShift Logging deployed as well.

      Expected results:

      The Loki ServiceMonitor to be updated to use the `.spec.endpoints.bearertokensecret` specification, in compliance with the UWM Prometheus specification

            ptsiraki@redhat.com Periklis Tsirakidis
            rhn-support-rsandu Robert Sandu
            Kabir Bharti Kabir Bharti
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: