Loading...

XML

Word

Printable

Type: Bug
Resolution: Obsolete
Priority: Undefined
Fix Version/s: Logging 5.9.0
Affects Version/s: Logging 5.9.0
Component/s: Log Collection
Labels:
- devel_ack+

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
Log Collector tuning
Docs QE Status:
NEW
QE Status:
NEW
Release Note Type:
Bug Fix
Intelligence Requested:
Market:

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Description of problem:

Create clf/instance under openshift-logging namespace at first and then continue deploying CLF. Once the CLFs number exceeds the threshold(). The openshift-logging clf/instance can not be started. It should reject the new CLF rather than halt clf/instance.

Steps to Reproduce:

deploy CLF/instance under openshift-logging

cat <<EOF |  oc apply -f -
apiVersion: "logging.openshift.io/v1"
kind: "ClusterLogging"
metadata:
  name: "instance"
  namespace: openshift-logging
spec:
  managementState: "Managed"
  collection:
    type: "vector"
    nodeSelector:
      vector: enabled
EOF

cat <<EOF |  oc apply -f -
apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name:  instance
spec:
  outputs:
  - name: cloudwatch
    type: cloudwatch
    cloudwatch:
      groupBy: logType
      region: us-east-2
    tuning:
      delivery: AtLeastOnce
    secret:
      name: cloudwatch-credentials
  pipelines:
    - name: pipe1
      inputRefs:
      - application
      - infrastructure
      - audit
      outputRefs:
      - cloudwatch
EOF

continue deploying CLF under the other namespaces until you see message the "buffer exceeds the allowed node limit "

function new_clf()
{
oc create serviceaccount clf-to-cloudwatch
oc adm policy add-cluster-role-to-user  collect-audit-logs -z clf-to-cloudwatch
oc adm policy add-cluster-role-to-user  collect-application-logs -z clf-to-cloudwatch
oc adm policy add-cluster-role-to-user  collect-infrastructure-logs -z clf-to-cloudwatch

AWS_KEY_ID="AKIAUMQAHCJOEL7LM6CN"  notsecret 
AWS_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"  notsecret 
oc create secret generic cloudwatch-credentials --from-literal=aws_secret_access_key=${AWS_KEY} --from-literal=aws_access_key_id=${AWS_KEY_ID}

cat <<EOF|oc create -f -
apiVersion: "logging.openshift.io/v1"
kind: "ClusterLogging"
metadata:
  name: "clf-to-cloudwatch"
spec:
  managementState: "Managed"
  collection:
    type: "vector"
    nodeSelector:
      vector: enabled
EOF

cat <<EOF |  oc apply -f -
apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name:  clf-to-cloudwatch
spec:
  inputs:
  - application:
      namespaces:
      - project-qa-1
    name: myLogsQA
  outputs:
  - name: cloudwatch
    type: cloudwatch
    cloudwatch:
      groupBy: logType
      region: us-east-2
    tuning:
      delivery: AtLeastOnce
    secret:
      name: cloudwatch-credentials
  pipelines:
    - name: pipe1
      inputRefs:
      - application
      - infrastructure
      - audit
      outputRefs:
      - cloudwatch
  serviceAccountName: clf-to-cloudwatch
EOF
}
for i in `seq 1 70`; do
    ns=test$i
    oc project $ns || oc new-project $ns
    new_clf 
    sleep 1s
    oc get pods
done

# check the collector pods under openshift-logging

Actual results:

There isn't running pods under openshift-logging
There isn't error in CLF/instance status.

Expected results:

The collector pods are still running under openshift-logging
The new CLF is rejected as the CLF number exceed the threshold
The new CLF is rejected and error message in clf.status.

Additional info:

Assignee:: Unassigned

Reporter:: Anping Li

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2024/03/22 10:40 AM

Updated:: 2024/03/22 2:50 PM

Resolved:: 2024/03/22 2:50 PM

Details

Description

Description of problem:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Attachments

Easy Agile Planning Poker

Activity

People

Dates