Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-5242

[release-5.6] Loki Operator ServiceMonitor relies on a BearerTokenFile, in violation with UWM Prometheus specification

    XMLWordPrintable

Details

    • False
    • None
    • False
    • NEW
    • VERIFIED
    • Hide
      Before this update, the Loki operator ServiceMonitor in openshift-operators-redhat relied on static token and CA files for authentication caused the Prometheus Operator in User-Workload-Monitoring to error on such ServiceMonitor configuration. With this update, the Loki Operator ServiceMonitor in openshift-operators-redhat references a serviceaccount token secret via a LocalReference and this approach resolves the issue and the User-Workload-Monitoring Prometheus Operator can process the Loki Operator ServiceMonitor successfully enabling Prometheus to scrape the Loki Operator metrics.
      Show
      Before this update, the Loki operator ServiceMonitor in openshift-operators-redhat relied on static token and CA files for authentication caused the Prometheus Operator in User-Workload-Monitoring to error on such ServiceMonitor configuration. With this update, the Loki Operator ServiceMonitor in openshift-operators-redhat references a serviceaccount token secret via a LocalReference and this approach resolves the issue and the User-Workload-Monitoring Prometheus Operator can process the Loki Operator ServiceMonitor successfully enabling Prometheus to scrape the Loki Operator metrics.
    • Bug Fix
    • Log Storage - Sprint 250, Log Storage - Sprint 251
    • Important

    Description

      Description of problem:

      Following the changes brought by [0], the Loki ServiceMonitor continues [1] to use the legacy `.spec.endpoints.bearertokensecret`, instead of the `.spec.endpoints.bearertokensecret` highlighted in [0]. 

The above is in direct violation with User Workload Monitoring (UWM) Prometheus specification, which triggers this [2] warning for every customer that relies on UWM in a cluster that has OpenShift Logging deployed as well.

[0] https://github.com/openshift/elasticsearch-operator/pull/903
[1] https://github.com/grafana/loki/blob/main/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml#L14

[2]
~~~
level=warn ts=2023-11-09T15:21:33.009551274Z caller=operator.go:2255 component=prometheusoperator msg="skipping servicemonitor" error="it accesses file system via bearer token file which Prometheus specification prohibits" servicemonitor=openshift-operators-redhat/elasticsearch-operator-metrics-monitor namespace=openshift-user-workload-monitoring prometheus=user-workload
level=warn ts=2023-11-09T15:21:33.0096416Z caller=operator.go:2255 component=prometheusoperator msg="skipping servicemonitor" error="it accesses file system via bearer token file which Prometheus specification prohibits" servicemonitor=openshift-operators-redhat/loki-operator-metrics-monitor namespace=openshift-user-workload-monitoring prometheus=user-workload
~~~

      Actual results:

      UWM Prometheus triggers the above-highlighted warning for every customer that relies on UWM in a cluster that has OpenShift Logging deployed as well.

      Expected results:

      The Loki ServiceMonitor to be updated to use the `.spec.endpoints.bearertokensecret` specification, in compliance with the UWM Prometheus specification

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. LOG-5165 Loki Operator ServiceMonitor relies on a BearerTokenFile, in violation with UWM Prometheus specification

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          links to

          GitHub openshift/loki#275: [release-5.6] Backport PR grafana/loki#12164 and grafana/loki#12216

          GitHub openshift/openshift-docs#73273: DOCS OBSDOCS-848 - Logging 5.6.17 Release Notes

          Web Link RHSA-2024:127993 Logging for Red Hat OpenShift - 5.6.17

          Activity

            People

              ptsiraki@redhat.com Periklis Tsirakidis
              rhn-support-rsandu Robert Sandu
              Kabir Bharti Kabir Bharti
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: