Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: Logging 6.4.0
Affects Version/s: Logging 6.4.0
Component/s: Log Collection
Labels:
- devel_ack+

Activity Type:
Incidents & Support
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
Network Policy for CLO
Docs QE Status:
NEW
QE Status:
NEW
Release Note Type:
Release Note Not Required
Intelligence Requested:
Market:

Sprint:
Logging - Sprint 278
Severity:
Important

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Description of problem:

When networkPolicy.ruleSet is RestrictIngressEgress, collector pods keep raising below error:

2025-10-11T03:39:29.179098Z  WARN vector::kubernetes::reflector: Watcher Stream received an error. Retrying. error=WatchFailed(ReadEvents(Custom { kind: Other, error: Service(hyper::Error(Body, Kind(TimedOut))) }))
2025-10-11T03:39:47.007582Z ERROR kube_client::client::builder: failed with error client error (Connect)
2025-10-11T03:39:47.007612Z  WARN vector::kubernetes::reflector: Watcher Stream received an error. Retrying. error=WatchStartFailed(Service(hyper_util::client::legacy::Error(Connect, ConnectError("dns error", Custom { kind: Uncategorized, error: "failed to lookup address information: Name or service not known" }))))
2025-10-11T03:39:47.813574Z ERROR kube_client::client::builder: failed with error client error (Connect)
2025-10-11T03:39:47.813599Z  WARN vector::kubernetes::reflector: Watcher Stream received an error. Retrying. error=WatchStartFailed(Service(hyper_util::client::legacy::Error(Connect, ConnectError("dns error", Custom { kind: Uncategorized, error: "failed to lookup address information: Name or service not known" }))))
2025-10-11T03:39:48.163546Z ERROR kube_client::client::builder: failed with error client error (Connect)

Version-Release number of selected component (if applicable):

cluster-logging.v6.4.0

How reproducible:

Always

Steps to Reproduce:

1. Create CLF and set networkPolicy.ruleSet to RestrictIngressEgress, e.g.:

apiVersion: observability.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: clf-74397
  namespace: openshift-logging
spec:
  collector:
    networkPolicy:
      ruleSet: RestrictIngressEgress
  managementState: Managed
  outputs:
  - lokiStack:
      authentication:
        token:
          from: serviceAccount
      dataModel: Viaq
      target:
        name: loki-74397
        namespace: openshift-logging
    name: lokistack
    tls:
      ca:
        key: ca-bundle.crt
        secretName: lokistack-secret-74397
    type: lokiStack
  pipelines:
  - inputRefs:
    - infrastructure
    - audit
    - application
    name: forward-to-lokistack
    outputRefs:
    - lokistack
  serviceAccount:
    name: logcollector-74397

2. Wait for several minutes, then check collector pods' log

Actual results:

Collector pods keep raising errors when networkPolicy.ruleSet is `RestrictIngressEgress`.

Expected results:

No error in collector pods.

Additional info:

duplicates

LOG-7887 Can't forward logs to cloudwatch/azureMonitor when `networkPolicy.ruleSet` is `RestrictIngressEgress`.

Closed

links to

openshift/cluster-logging-operator#3135: LOG-7827: Vector pods keep raising 'Watcher Stream received an error' when networkPolicy.ruleSet is RestrictIngressEgress

Assignee:: Calvin Lee

Reporter:: Qiaoling Tang

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/10/11 5:48 AM

Updated:: 2025/10/16 7:00 AM

Resolved:: 2025/10/16 6:58 AM

Details

Description

Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates