Uploaded image for project: 'Network Observability'
  1. Network Observability
  2. NETOBSERV-793

flowlogs-pipeline is stuck at ContainerCreating when CA cert is misconfigured


    • Bug
    • Resolution: Done
    • Major
    • netobserv-1.2
    • netobserv-ocp4.12
    • None
    • False
    • None
    • False
    • NetObserv - Sprint 231
    • Moderate


      This is essentially the same as NETOBSERV-665 except the behavior is slightly different due to code changes since then. It is also likely to happen more often because in Web Console, the default value, which isn't immediately visible, is not set correctly for Loki Operator 5.6.

      If you install Loki Operator 5.6 and create the FlowCollector resource with TLS enabled and no changes to the CA cert configuration, flowlogs-pipeline will be stuck at ContainerCreating state. There is no other indication that there was a failure. The log is empty for flowlogs-pipeline. There is no Network Traffic panel.

      The reason is because it configures the following:

            certFile: service-ca.crt
            name: loki-ca-bundle
            type: configmap
          enable: true
          insecureSkipVerify: false

      With Loki Operator 5.6, the CA cert is different because of LokiStack and hence, the configmap name should be `lokistack-gateway-ca-bundle` instead of `loki-ca-bundle`.  Note: Replace "lokistack" with the name you gave for LokiStack so if it's called "loki" then the configmap name should be `loki-gateway-ca-bundle`.

      This problem is not specific to Loki Operator 5.6 as any misconfiguration of the CA cert will result in this issue. Note that editing this YAML file will not fix this issue as the pods will not terminate. You have to delete and recreate the FlowCollector resource.




            jtakvori Joel Takvorian
            stlee@redhat.com Steven Lee
            Amogh Rameshappa Devapura Amogh Rameshappa Devapura
            0 Vote for this issue
            6 Start watching this issue