-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NETOBSERV-844 Unable to have a working statusUrl in FlowCollector with Loki Operator 5.6 #307
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -68,7 +68,18 @@ spec: | |
# Uncomment lines below for typical installation with loki-operator (5.6+ needed) | ||
# url: 'https://loki-gateway-http.netobserv.svc:8080/api/logs/v1/network/' | ||
# statusUrl: 'https://loki-query-frontend-http.netobserv.svc:3100/' | ||
# authToken: HOST | ||
# authToken: FORWARD | ||
# statusTls: | ||
# enable: true | ||
# caCert: | ||
# certFile: service-ca.crt | ||
# name: loki-ca-bundle | ||
# type: configmap | ||
# userCert: | ||
# certFile: tls.crt | ||
# certKey: tls.key | ||
# name: loki-query-frontend-http | ||
# type: secret | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
tls: | ||
enable: false | ||
caCert: | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -30,6 +30,7 @@ const configFile = "config.yaml" | |
const configVolume = "config-volume" | ||
const configPath = "/opt/app-root/" | ||
const lokiCerts = "loki-certs" | ||
const lokiStatusCerts = "loki-status-certs" | ||
const tokensPath = "/var/run/secrets/tokens/" | ||
|
||
type builder struct { | ||
|
@@ -184,6 +185,18 @@ func buildArgs(desired *flowslatest.FlowCollectorSpec) []string { | |
args = append(args, "--loki-ca-path", helper.GetCACertPath(&desired.Loki.TLS, lokiCerts)) | ||
} | ||
} | ||
|
||
statusTLS := helper.LokiStatusTLS(&desired.Loki) | ||
if statusTLS.Enable { | ||
if statusTLS.InsecureSkipVerify { | ||
args = append(args, "-loki-status-skip-tls") | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. is this a typo it should be There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think we should harmonize everything with a single minus character as it's already the case for most of these args. I will also fix the existing Thanks for pointing that ! |
||
} else { | ||
args = append(args, "--loki-status-ca-path", helper.GetCACertPath(&statusTLS, lokiStatusCerts)) | ||
args = append(args, "--loki-status-user-cert-path", helper.GetUserCertPath(&statusTLS, lokiStatusCerts)) | ||
args = append(args, "--loki-status-user-key-path", helper.GetUserKeyPath(&statusTLS, lokiStatusCerts)) | ||
} | ||
} | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. can we extend unit-test to cover this newly added field ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
if helper.LokiUseHostToken(&desired.Loki) { | ||
args = append(args, "-loki-token-path", tokenPath(&desired.Loki)) | ||
} | ||
|
@@ -226,6 +239,11 @@ func (b *builder) podTemplate(cmDigest string) *corev1.PodTemplateSpec { | |
volumes, volumeMounts = helper.AppendCertVolumes(volumes, volumeMounts, &b.desired.Loki.TLS, lokiCerts, b.cWatcher) | ||
} | ||
|
||
statusTLS := helper.LokiStatusTLS(&b.desired.Loki) | ||
if b.desired != nil && statusTLS.Enable && !statusTLS.InsecureSkipVerify { | ||
volumes, volumeMounts = helper.AppendCertVolumes(volumes, volumeMounts, &statusTLS, lokiStatusCerts, b.cWatcher) | ||
} | ||
|
||
if helper.LokiUseHostToken(&b.desired.Loki) { | ||
volumes, volumeMounts = helper.AppendTokenVolume(volumes, volumeMounts, constants.PluginName, constants.PluginName) | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FORWARD
is recommended in the doc; we should also recommend it in the sample