Details
-
Bug
-
Resolution: Done
-
Major
-
netobserv-ocp4.12
-
None
-
False
-
None
-
False
-
NetObserv - Sprint 231
-
Moderate
Description
This is essentially the same as NETOBSERV-665 except the behavior is slightly different due to code changes since then. It is also likely to happen more often because in Web Console, the default value, which isn't immediately visible, is not set correctly for Loki Operator 5.6.
If you install Loki Operator 5.6 and create the FlowCollector resource with TLS enabled and no changes to the CA cert configuration, flowlogs-pipeline will be stuck at ContainerCreating state. There is no other indication that there was a failure. The log is empty for flowlogs-pipeline. There is no Network Traffic panel.
The reason is because it configures the following:
tls
caCert
certFile: service-ca.crt
name: loki-ca-bundle
type: configmap
enable: true
insecureSkipVerify: false
With Loki Operator 5.6, the CA cert is different because of LokiStack and hence, the configmap name should be `lokistack-gateway-ca-bundle` instead of `loki-ca-bundle`. Note: Replace "lokistack" with the name you gave for LokiStack so if it's called "loki" then the configmap name should be `loki-gateway-ca-bundle`.
This problem is not specific to Loki Operator 5.6 as any misconfiguration of the CA cert will result in this issue. Note that editing this YAML file will not fix this issue as the pods will not terminate. You have to delete and recreate the FlowCollector resource.
Attachments
Issue Links
- relates to
-
NETOBSERV-764 Improve integration with LokiStack
-
- Closed
-
-
-
- Closed
-
-
NETOBSERV-181 Gathering infra status
-
- Closed
-
- links to
