-
Bug
-
Resolution: Done
-
Major
-
Logging 6.4.0
Description of problem:
Create CLF to forward logs to s3 output and enable networkPolicy, the networkPolicy can't be created.
CLF:
apiVersion: observability.openshift.io/v1
kind: ClusterLogForwarder
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"observability.openshift.io/v1","kind":"ClusterLogForwarder","metadata":{"annotations":{},"name":"clf-s3-output","namespace":"test"},"spec":{"collector":{"networkPolicy":{"ruleSet":"RestrictIngressEgress"}},"managementState":"Managed","outputs":[{"name":"s3-output","s3":{"authentication":{"awsAccessKey":{"keyId":{"key":"aws_access_key_id","secretName":"logging-s3-output"},"keySecret":{"key":"aws_secret_access_key","secretName":"logging-s3-output"}},"type":"awsAccessKey"},"bucket":"qitang-logging-bucket","keyPrefix":"qitang-s3-output.{.kubernetes.namespace_name||.log_type||\"none-typed-logs\"}","region":"us-east-2","tuning":{"compression":"none","deliveryMode":"AtMostOnce","maxRetryDuration":20,"maxWrite":"10M","minRetryDuration":5}},"type":"s3"}],"pipelines":[{"inputRefs":["infrastructure","audit","application"],"name":"to-s3","outputRefs":["s3-output"]}],"serviceAccount":{"name":"s3-collector"}}}
creationTimestamp: "2025-10-24T07:06:27Z"
generation: 1
name: clf-s3-output
namespace: test
resourceVersion: "176134"
uid: 9cb05033-a874-4950-9cee-05aba225036d
spec:
collector:
networkPolicy:
ruleSet: RestrictIngressEgress
managementState: Managed
outputs:
- name: s3-output
s3:
authentication:
awsAccessKey:
keyId:
key: aws_access_key_id
secretName: logging-s3-output
keySecret:
key: aws_secret_access_key
secretName: logging-s3-output
type: awsAccessKey
bucket: qitang-logging-bucket
keyPrefix: qitang-s3-output.{.kubernetes.namespace_name||.log_type||"none-typed-logs"}
region: us-east-2
tuning:
compression: none
deliveryMode: AtMostOnce
maxRetryDuration: 20
maxWrite: 10M
minRetryDuration: 5
type: s3
pipelines:
- inputRefs:
- infrastructure
- audit
- application
name: to-s3
outputRefs:
- s3-output
serviceAccount:
name: s3-collector
status:
conditions:
- lastTransitionTime: "2025-10-24T07:06:27Z"
message: 'permitted to collect log types: [application audit infrastructure]'
reason: ClusterRolesExist
status: "True"
type: observability.openshift.io/Authorized
- lastTransitionTime: "2025-10-24T07:06:27Z"
message: ""
reason: ValidationSuccess
status: "True"
type: observability.openshift.io/Valid
- lastTransitionTime: "2025-10-24T07:06:32Z"
message: ""
reason: UnknownState
status: "False"
type: Ready
inputConditions:
- lastTransitionTime: "2025-10-24T07:09:05Z"
message: input "infrastructure" is valid
reason: ValidationSuccess
status: "True"
type: observability.openshift.io/ValidInput-infrastructure
- lastTransitionTime: "2025-10-24T07:09:05Z"
message: input "audit" is valid
reason: ValidationSuccess
status: "True"
type: observability.openshift.io/ValidInput-audit
- lastTransitionTime: "2025-10-24T07:09:05Z"
message: input "application" is valid
reason: ValidationSuccess
status: "True"
type: observability.openshift.io/ValidInput-application
outputConditions:
- lastTransitionTime: "2025-10-24T07:06:27Z"
message: output "s3-output" is valid
reason: ValidationSuccess
status: "True"
type: observability.openshift.io/ValidOutput-s3-output
pipelineConditions:
- lastTransitionTime: "2025-10-24T07:06:27Z"
message: pipeline "to-s3" is valid
reason: ValidationSuccess
status: "True"
type: observability.openshift.io/ValidPipeline-to-s3
CLO log:
{"_ts":"2025-10-24T07:09:31.147077424Z","_level":"0","_component":"cluster-logging-operator","_message":"Observed a panic","ClusterLogForwarder":{"name":"clf-s3-output","namespace":"test"},"controller":"clusterlogforwarder","controllerGroup":"observability.openshift.io","controllerKind":"ClusterLogForwarder","name":"clf-s3-output","namespace":"test","reconcileID":"c004fae3-e48a-446d-b627-e98ef1167e24"}
{"_ts":"2025-10-24T07:09:31.147181152Z","_level":"0","_component":"cluster-logging-operator","_message":"Reconciler error","ClusterLogForwarder":{"name":"clf-s3-output","namespace":"test"},"_error":{"msg":"panic: unknown output type: s3 [recovered]"},"controller":"clusterlogforwarder","controllerGroup":"observability.openshift.io","controllerKind":"ClusterLogForwarder","name":"clf-s3-output","namespace":"test","reconcileID":"c004fae3-e48a-446d-b627-e98ef1167e24"}
{"_ts":"2025-10-24T07:09:31.238093046Z","_level":"0","_component":"cluster-logging-operator","_message":"Observed a panic","ClusterLogForwarder":{"name":"clf-s3-output","namespace":"test"},"controller":"clusterlogforwarder","controllerGroup":"observability.openshift.io","controllerKind":"ClusterLogForwarder","name":"clf-s3-output","namespace":"test","reconcileID":"92e57ea4-36dd-45f2-9846-e659f883ec69"}
{"_ts":"2025-10-24T07:09:31.238200608Z","_level":"0","_component":"cluster-logging-operator","_message":"Reconciler error","ClusterLogForwarder":{"name":"clf-s3-output","namespace":"test"},"_error":{"msg":"panic: unknown output type: s3 [recovered]"},"controller":"clusterlogforwarder","controllerGroup":"observability.openshift.io","controllerKind":"ClusterLogForwarder","name":"clf-s3-output","namespace":"test","reconcileID":"92e57ea4-36dd-45f2-9846-e659f883ec69"}
Version-Release number of selected component (if applicable):
cluster-logging.v6.4.0
How reproducible:
Always
Steps to Reproduce:
See above
Actual results:
networkPolicy is not created when output type is s3.
Expected results:
CLO should create the networkPolicy.