Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-5267

The new CLF should be rejected after the CLFs number exceeds the threshold

XMLWordPrintable

    • False
    • None
    • False
    • NEW
    • OBSDA-549 - Reliability and performance tuning for log collection
    • NEW
    • Bug Fix

      Description of problem:

      Create clf/instance under openshift-logging namespace at first and then continue deploying CLF. Once the CLFs number exceeds the threshold(). The openshift-logging clf/instance can not be started. It should reject the new CLF rather than halt clf/instance.

      Steps to Reproduce:

      1. deploy CLF/instance under openshift-logging
      cat <<EOF |  oc apply -f -
apiVersion: "logging.openshift.io/v1"
kind: "ClusterLogging"
metadata:
  name: "instance"
  namespace: openshift-logging
spec:
  managementState: "Managed"
  collection:
    type: "vector"
    nodeSelector:
      vector: enabled
EOF

cat <<EOF |  oc apply -f -
apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name:  instance
spec:
  outputs:
  - name: cloudwatch
    type: cloudwatch
    cloudwatch:
      groupBy: logType
      region: us-east-2
    tuning:
      delivery: AtLeastOnce
    secret:
      name: cloudwatch-credentials
  pipelines:
    - name: pipe1
      inputRefs:
      - application
      - infrastructure
      - audit
      outputRefs:
      - cloudwatch
EOF
      1. continue deploying CLF under the other namespaces until you see message the "buffer exceeds the allowed node limit "
      function new_clf()
{
oc create serviceaccount clf-to-cloudwatch
oc adm policy add-cluster-role-to-user  collect-audit-logs -z clf-to-cloudwatch
oc adm policy add-cluster-role-to-user  collect-application-logs -z clf-to-cloudwatch
oc adm policy add-cluster-role-to-user  collect-infrastructure-logs -z clf-to-cloudwatch

AWS_KEY_ID="AKIAUMQAHCJOEL7LM6CN"  notsecret 
AWS_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"  notsecret 
oc create secret generic cloudwatch-credentials --from-literal=aws_secret_access_key=${AWS_KEY} --from-literal=aws_access_key_id=${AWS_KEY_ID}

cat <<EOF|oc create -f -
apiVersion: "logging.openshift.io/v1"
kind: "ClusterLogging"
metadata:
  name: "clf-to-cloudwatch"
spec:
  managementState: "Managed"
  collection:
    type: "vector"
    nodeSelector:
      vector: enabled
EOF

cat <<EOF |  oc apply -f -
apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name:  clf-to-cloudwatch
spec:
  inputs:
  - application:
      namespaces:
      - project-qa-1
    name: myLogsQA
  outputs:
  - name: cloudwatch
    type: cloudwatch
    cloudwatch:
      groupBy: logType
      region: us-east-2
    tuning:
      delivery: AtLeastOnce
    secret:
      name: cloudwatch-credentials
  pipelines:
    - name: pipe1
      inputRefs:
      - application
      - infrastructure
      - audit
      outputRefs:
      - cloudwatch
  serviceAccountName: clf-to-cloudwatch
EOF
}
for i in `seq 1 70`; do
    ns=test$i
    oc project $ns || oc new-project $ns
    new_clf 
    sleep 1s
    oc get pods
done
      1. # check the collector pods under openshift-logging

      Actual results:

      There isn't running pods under openshift-logging
      There isn't error in CLF/instance status.

      Expected results:

      The collector pods are still running under openshift-logging
      The new CLF is rejected as the CLF number exceed the threshold
      The new CLF is rejected and error message in clf.status.

      Additional info:

            Unassigned Unassigned
            rhn-support-anli Anping Li
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: