NETOBSERV-101 R&D: Kube enricher write path for downstream operator #22
Conversation
jpinsonneau
force-pushed
the
authorization
branch
from
b9daca5 to
8611185
Compare
There was a problem hiding this comment.
LGTM but didn't work because I don't have enough resources to run the Loki operator:
$ oc get pods -n openshift-logging
NAME READY STATUS RESTARTS AGE
lokistack-compactor-0 0/1 Pending 0 15m
lokistack-distributor-778cfd5765-6mm6w 0/1 Pending 0 15m
lokistack-distributor-778cfd5765-9xj4x 0/1 Pending 0 15m
lokistack-gateway-b4bcc8d88-wbrlq 0/2 Pending 0 15m
lokistack-index-gateway-0 1/1 Running 0 15m
lokistack-index-gateway-1 0/1 Pending 0 14m
lokistack-ingester-0 0/1 Pending 0 15m
lokistack-querier-5b48fc868d-sgw9h 0/1 Pending 0 15m
lokistack-querier-5b48fc868d-zsjqt 0/1 Pending 0 15m
lokistack-query-frontend-7b9b7c77b4-4z8c7 0/1 Pending 0 15m
lokistack-query-frontend-7b9b7c77b4-p46lw 0/1 Pending 0 15m
Describing one of the pending pods:
Warning FailedScheduling 6m51s (x10 over 15m) default-scheduler 0/4 nodes are available: 1 node(s) had taint {node-role.kubernetes.io/master: }, that the pod didn't tolerate, 3 Insufficient cpu, 3 Insufficient memory.
Maybe could we document a minimum size for the cluster?
| ``` | ||
| `issuerCAPath` can be left empty if you want to use server default API CA file. Else use relative path in gateway pod. | ||
| Then create a `LokiStack` in `openshift-logging` namespace from: | ||
| Administrator view -> Operators -> Installed Operators -> Loki Operator -> LokiStack -> Create LokiStack |
There was a problem hiding this comment.
I can put a yaml in our examples but we will need to maintain it on their api changes
| Then create a `LokiStack` in `openshift-logging` namespace from: | ||
| Administrator view -> Operators -> Installed Operators -> Loki Operator -> LokiStack -> Create LokiStack | ||
| - ensure the name is `lokistack` | ||
| - set `Object Storage` -> `Secret`. Check [documentation](https://loki-operator.dev/docs/object_storage.md/). |
There was a problem hiding this comment.
Any secret in particular? The command for creating the secret has been removed from the previous section
There was a problem hiding this comment.
The object storage secret from documentation examples. Since it's different for each storage, I prefer to be generic here
| Create gateway and gateway-status routes: | ||
| ```bash | ||
| oc -n openshift-logging apply -f examples/gateway_routes.yaml | ||
| oc apply -f examples/loki-role.yaml |
There was a problem hiding this comment.
Off-topic: Should this be created automatically by the operator?
There was a problem hiding this comment.
This will be in followup https://issues.redhat.com/browse/NETOBSERV-473
| tenantID: application | ||
| sendAuthToken: true | ||
| url: 'https://lokistack-gateway-http.openshift-logging.svc.cluster.local:8080/api/logs/v1/application/' | ||
| ``` |
There was a problem hiding this comment.
Shall we add these fields into the config/samples/flows_v1alpha1_flowcollector.yaml file?
There was a problem hiding this comment.
When we will automatically deploy loki-operator from our operator, these will be forced to use the loki stack instance so the user will not have to set them.
If the user manage it's instance manually, I guess it's better to keep this separate (at least in another yaml file).
Note: I'm still looking at tenantID to add a network tenant in loki-operator.
Yes I can refer loki operator documentation. Did you try |
jpinsonneau
force-pushed
the
authorization
branch
from
b914741 to
796dc04
Compare
This PR adds a configuration to allow
flowlogs-pipelineservice account to write to loki gatewayThe
hack_loki.mdwill need to be updated if we automatically deploy loki-operator from netobserv-operatorRelated PRs:
netobserv/network-observability-operator#120
netobserv/network-observability-operator#135
netobserv/loki-client-go#1netobserv/flowlogs-pipeline#260netobserv/network-observability-console-plugin#183