-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
Logging 5.9.0
-
False
-
None
-
False
-
NEW
-
NEW
-
Bug Fix
-
-
Description of problem:
Deploy lokistack and enable per-tenant mTLS authentication, when querying the loki route with custom ca, always get some tls error:
logcli --ca-cert=rootCA.crt --cert=tls.crt --key=tls.key --addr "https://$loki_route/api/logs/v1/$tenant_name" query '{log_type="infrastructure"}' 2024/04/18 15:15:59 https://lokistack-hub-openshift-logging.apps.xxxx.com/api/logs/v1/loki-tenant/loki/api/v1/query_range?direction=BACKWARD&end=1713424559285236000&limit=30&query=%7Blog_type%3D%22infrastructure%22%7D&start=1713420959285236000 2024/04/18 15:16:00 error sending request Get "https://lokistack-hub-openshift-logging.apps.xxxx.com/api/logs/v1/loki-tenant/loki/api/v1/query_range?direction=BACKWARD&end=1713424559285236000&limit=30&query=%7Blog_type%3D%22infrastructure%22%7D&start=1713420959285236000": tls: failed to verify certificate: x509: certificate is valid for lokistack-hub-gateway-http.openshift-logging.svc, lokistack-hub-gateway-http.openshift-logging.svc.cluster.local, not lokistack-hub-openshift-logging.apps.xxxx.com 2024/04/18 15:16:00 Query failed: run out of attempts while querying the server
Version-Release number of selected component (if applicable):
loki-operator.v5.9.1
How reproducible:
Always
Steps to Reproduce:
- Follow the steps in https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitem?id=OCP-71867
- Try query loki route by providing ca-cert, cert and key.
Actual results:
Got some errors when querying the route.
Expected results:
No error
Additional info:
No issue when querying with `logcli --tls-skip-verify --cert=tls.crt --key=tls.key`
