Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LOG-4852: Vector collector Pods no longer picks up the log collector SAs Secret as a fallback #2284

Merged
merged 1 commit into from Dec 11, 2023
Merged

LOG-4852: Vector collector Pods no longer picks up the log collector SAs Secret as a fallback #2284

merged 1 commit into from Dec 11, 2023

Conversation

Clee2691
Copy link
Contributor

@Clee2691 Clee2691 commented Dec 8, 2023

Description

This PR addresses forwarding to an internal LokiStack where in the legacy case, if the pipelines.outputs is not default it will not apply the logcollector-token secret's token and ca.crt. For a CLF named instance it will add the logcollector service account token to be used.

/cc @cahartma @vparfonov
/assign @jcantrill

Links

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Dec 8, 2023
@openshift-ci-robot
Copy link

openshift-ci-robot commented Dec 8, 2023
edited by openshift-ci bot

@Clee2691: This pull request references LOG-4852 which is a valid jira issue.

In response to this:

Description

This PR addresses forwarding to an internal LokiStack where in the legacy case, if the pipelines.outputs is not default it will not apply the logcollector-token secret's token and ca.crt. For a CLF named instance it will add the logcollector service account token to be used.

/cc @cahartma @vparfonov
/assign @jcantrill

Links

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@Clee2691
Copy link
Contributor Author

Clee2691 commented Dec 8, 2023

/cherry-pick master

@openshift-cherrypick-robot
Copy link

@Clee2691: once the present PR merges, I will cherry-pick it on top of master in a new PR and assign it to you.

In response to this:

/cherry-pick master

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jcantrill
Copy link
Contributor

/approve

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Dec 8, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Clee2691, jcantrill

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 8, 2023
@Clee2691
Copy link
Contributor Author

Clee2691 commented Dec 8, 2023

/retest

@jcantrill
Copy link
Contributor

/hold

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 11, 2023
jcantrill
jcantrill reviewed Dec 11, 2023
View reviewed changes
internal/generator/vector/output/loki/loki.go
}
} else if secret != nil {
// Use secret of logcollector service account as backup
tlsConf := security.TLSConf{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the logic is missing something here because it's not using any of the helper functions.

  • What if my secret defines a CA to use?
  • What if I define a secret ... but I don't get any TLS Profile options here

Following "GenerateTLSConf" leads me to think it still nees to utilize that function... and then check the CA afterwards and set it like this if not defined

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The first if statement is looking for output.secret so if a user defines a secret for the output, it will be caught there. Your questions above pertain to that bit.

Line 221

if o.Secret != nil {
...
}

I'm not changing any of the original functionality as this is only using the logcollector secret as a fallback if a user does not define a secret for the output. The secret here isn't the one that is defined for the output. It is the secret automatically populated for the legacy case (constants.LogCollectorToken).

jcantrill
jcantrill reviewed Dec 11, 2023
View reviewed changes
Copy link
Contributor

@jcantrill jcantrill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/hold cancel

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 11, 2023
@jcantrill
Copy link
Contributor

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Dec 11, 2023
@openshift-merge-bot openshift-merge-bot bot merged commit 920d952 into openshift:release-5.8 Dec 11, 2023
9 of 10 checks passed
@openshift-cherrypick-robot
Copy link

@Clee2691: #2284 failed to apply on top of branch "master":

Applying: LOG-4852: Vector collector Pods no longer picks up the log collector SAs Secret as a fallback
Using index info to reconstruct a base tree...
M	internal/generator/vector/output/loki/loki.go
Falling back to patching base and 3-way merge...
Auto-merging internal/generator/vector/output/loki/loki.go
CONFLICT (content): Merge conflict in internal/generator/vector/output/loki/loki.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 LOG-4852: Vector collector Pods no longer picks up the log collector SAs Secret as a fallback
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick master

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@Clee2691 Clee2691 mentioned this pull request Dec 12, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jcantrill jcantrill jcantrill left review comments

@cahartma cahartma Awaiting requested review from cahartma

@vparfonov vparfonov Awaiting requested review from vparfonov

Assignees

@jcantrill jcantrill

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. release/5.8
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Clee2691 @openshift-ci-robot @openshift-cherrypick-robot @jcantrill