Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logging OMC Addon - Helm version #1

Merged
merged 13 commits into from
Sep 28, 2023
Merged

Logging OMC Addon - Helm version #1

merged 13 commits into from
Sep 28, 2023

Conversation

JoaoBraveCoding
Copy link
Collaborator

@JoaoBraveCoding JoaoBraveCoding commented Aug 22, 2023
edited

Issue: https://issues.redhat.com/browse/LOG-4288

In this PR we introduce the base code of an OMC AddOn that configures ClusterLogForwarder to push logs to a URL using mTLS authentication. Currently, AddOn assumes that the hub Loki runs on the hub cluster on the openshift-logging namespace. The AddOn is also not responsible for generating any certificates and simply expects certain secrets to already exist, namely, it assumes that there is an mTLS secret created under the namespace of each spoke cluster with the same name as the spoke cluster and that a ConfigMap for the Loki gateway CA bundle exists under openshift-monitoring. The URL will be fetched from an AddOnDeploymentConfig resource that should live under the spoke cluster namespace. All configuration resources for the AddOn can be viewed in the ManagedClusterAddOn and ClusterManagementAddOn. The AddOn will then template a helm chart with these values to generate a set of manifests to be deployed to the spoke cluster, namely, it will deploy a Secret and ClusterLogForwarder

Note to reviewers

Under demo/ there is a README with instructions on how to install/configure RHACM and install and test the AddOn.

How to check if the AddOn is working correctly
image

Issues

  • Currently, we have to configure ClusterLogForwarder.Spec.Outputs.TLS.InsecureSkipVerify to true because of the CommonName in the Loki Gateway Certificate it has the dnsName of the gateway service which then when the spoke collectors are verifying the hub certificate they will find a mismatch in the Hostname resulting in the error Hostname mismatch
  • If a user deletes one of the deployed resources on the spoke cluster they will be recreated, however, if a user edits them they will not be overwritten. Further testing would be needed to conclude if this is specific to the helm AddOns (I suspect yes).
  • Console LogUI doesn't work out of the box, I manually enable it but then it seems like it doesn't reconcile

Improvements

  • The AddOn does some assumptions based on assuming that the hub Loki runs on the Cluster, this might not always be the case so we need to extend configuration to cover for use cases where this is not the case
  • (nit) On the hub cluster there is some copying of secrets we currently have to do with bash scripts. I think moving to a fully golang based approach would allow us to move these operations to the AddOn manager
  • Currently, the generation of certificates was delegated to cert-manager but it would be awesome if the addon could leverage OCM features for this.

@JoaoBraveCoding JoaoBraveCoding marked this pull request as ready for review August 31, 2023 16:11
@JoaoBraveCoding
Removed unused directory
e501787
@JoaoBraveCoding
Reworked demo
ac35ebc 
- Demo now doesn't care about local logs
- Multi Cluster Logging chart doesn't install policies for spoke cluster
- AddOn chart now install OpenShift Logging operator
@JoaoBraveCoding
Reworked demo to make it shorter
68fdbc9
@JoaoBraveCoding
Fixed some bugs
5eb5115
@JoaoBraveCoding
README improvements
647492a
@periklis periklis merged commit aecdf55 into main Sep 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@periklis periklis periklis approved these changes

@xperimental xperimental Awaiting requested review from xperimental

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@JoaoBraveCoding @periklis