-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
Logging 6.4.0
-
None
-
Incidents & Support
-
False
-
-
False
-
NEW
-
NEW
-
Bug Fix
-
-
-
Important
Description of problem:
Create below CLF:
apiVersion: observability.openshift.io/v1
kind: ClusterLogForwarder
metadata:
name: http-to-http
namespace: e2e-test-logfwdhttp-sg46r
spec:
collector:
networkPolicy:
ruleSet: RestrictIngressEgress
inputs:
- name: httpserver
receiver:
http:
format: kubeAPIAudit
port: 8443
type: http
type: receiver
managementState: Managed
outputs:
- http:
headers:
h1: v1
h2: v2
method: POST
url: https://fluentdtest.e2e-test-logfwdhttp-sg46r.svc:24224/logs/audit
name: httpout-audit
tls:
ca:
key: ca-bundle.crt
secretName: to-fluentd-65131
certificate:
key: tls.crt
secretName: to-fluentd-65131
key:
key: tls.key
secretName: to-fluentd-65131
keyPassphrase:
key: passphrase
secretName: to-fluentd-65131
type: http
pipelines:
- inputRefs:
- httpserver
name: audit-logs
outputRefs:
- httpout-audit
serviceAccount:
name: clf-ij4l7i7t
Then log into OCP console, and go to Observe–> Targets, all collector pods' targets are down.
NetworkPolicy:
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: creationTimestamp: "2025-11-21T08:38:25Z" generation: 3 labels: app.kubernetes.io/component: collector app.kubernetes.io/instance: http-to-http app.kubernetes.io/managed-by: cluster-logging-operator app.kubernetes.io/name: vector app.kubernetes.io/part-of: cluster-logging app.kubernetes.io/version: 6.4.0 name: collector-http-to-http namespace: e2e-test-logfwdhttp-sg46r ownerReferences: - apiVersion: observability.openshift.io/v1 controller: true kind: ClusterLogForwarder name: http-to-http uid: b9bfa92a-6336-4599-b73a-9b7ae1d2efce resourceVersion: "65295" uid: eb468754-428f-4609-8237-8696054978af spec: egress: - ports: - port: dns protocol: UDP - port: 6443 protocol: TCP - port: 24224 protocol: TCP ingress: - ports: - port: metrics protocol: TCP - port: 8443 protocol: TCP podSelector: matchLabels: app.kubernetes.io/component: collector app.kubernetes.io/instance: http-to-http app.kubernetes.io/managed-by: cluster-logging-operator app.kubernetes.io/name: vector app.kubernetes.io/part-of: cluster-logging policyTypes: - Ingress - Egress
Version-Release number of selected component (if applicable):
cluster-logging.v6.4.0
How reproducible:
Always
Steps to Reproduce:
- Create CLF, enable http or syslog receiver and `RestrictIngressEgress` networkpolicy
- Check metrics/targets in OCP Console
Actual results:
Vector metrics can't be scraped by prometheus when CLF has inputs.receiver and networkpolicy ruleSet is `RestrictIngressEgress`.
Expected results:
Metrics should be scrapped.
Additional info:
- No issue when networkpolicy ruleSet is `AllowAllIngressEgress`
- No issue when there is no inputs.receiver in the CLF
