diff --git a/modules/logging-release-notes-6-3-0.adoc b/modules/logging-release-notes-6-3-0.adoc deleted file mode 100644 index d5868b1f0228..000000000000 --- a/modules/logging-release-notes-6-3-0.adoc +++ /dev/null @@ -1,73 +0,0 @@ -// Module included in the following assemblies: -// -// * about/logging-release-notes.adoc - -:_mod-docs-content-type: REFERENCE -[id="logging-release-notes-6-3-0_{context}"] -= Logging 6.3.0 release notes - -This release of {LoggingProductName} is supported on {ocp-product-title} 4.17 and later. This release includes new features and bug fixes. - -[id="openshift-logging-release-notes-6-3-0-enhancements_{context}"] -== New features and enhancements - -[id="log-collection_{context}"] -=== Log collection - -* With this release, you can configure multiple {aws-first} outputs with distinct identity and access management (IAM) roles in the `clusterLogForwarder` resource. (https://issues.redhat.com/browse/LOG-6790[LOG-6790]) - -* With this release, you can configure affinity rules to control collector scheduling. (https://issues.redhat.com/browse/LOG-6858[LOG-6858]) - -* With this release, the default values of Splunk metadata keys (that is, index, indexed fields, source, and message payload) are predefined for log forwarders. The values are based on the log type. As a user, you can override these values. (https://issues.redhat.com/browse/LOG-6859[LOG-6859]) - -[id="log-storage_{context}"] -=== Log storage - -* With this release, you can use the `forcepathstyle` field in the S3 secret. Use this field to configure Loki to use either path style or virtual host style for the S3 access. By default, only {aws-short} endpoints use the virtual host style URL, while others use path-style. (https://issues.redhat.com/browse/LOG-7024?[LOG-7024]) - -[id="logging-release-notes-6-3-0-technology-preview-features_{context}"] -== Technology preview features - -:FeatureName: The OpenTelemetry Protocol (OTLP) output log forwarder -include::snippets/technology-preview.adoc[] - -[id="logging-release-notes-6-3-0-bug-fixes_{context}"] -== Bug fixes - -* Before this update, collector pods would enter a crash loop due to a configuration error when attempting token-based authentication with an Elasticsearch output. With this update, token authentication with an Elasticsearch output generates a valid configuration. (https://issues.redhat.com/browse/LOG-5991[LOG-5991]) - -//* Before this update, alerting rules created by the {loki-op} incorrectly used the `message` field to display the message related to the alert. With this update, the alerting rules correctly use the `description` field. (https://issues.redhat.com/browse/LOG-6380[LOG-6380]) - -* Before this update, because of a lack of filtering based on the namespace in the Prometheus rules endpoint, user alerts were visible in unrelated namespaces. With this update, rule label filters have been added to the handler configuration. As a result, alert visibility is now restricted to the original namespace. (https://issues.redhat.com/browse/LOG-6148[LOG-6148]) - -//* Before this update, `ClusterLogForwarder` CR status updates failed due to an incorrect patching method. As a consequence, the {clo} failed to update objects, which caused log data inconsistencies. With this release, `ClusterLogForwarder` CR status uses the `Patch()` method instead of the `Update()` method. As a result, the {clo} no longer fails to update the object, which improves log forwarding stability. (https://issues.redhat.com/browse/LOG-6539[LOG-6539]) - -//* Before this update, the Vector collector could not forward OpenShift Virtual Network (OVN) and auditd logs. With this update, OpenTelemetry Protocol (OTLP) semantic conventions table has been improved to support OVN logs and auditd logs in observability pipelines. As a result, OVN and auditd logs are successfully forwarded. (https://issues.redhat.com/browse/LOG-6711[LOG-6711]) - -//* Before this update, an empty OpenTelemetry (OTEL) tuning configuration caused a validation error, which resulted in a build failure for the `ClusterLogForwarder` CR. With this update, the validation rules allow empty OTEL tuning configurations. (https://issues.redhat.com/browse/LOG-6806[LOG-6806]) - -* Before this update, the Loki API documentation did not specify the required attributes for the `lokistack.spec.tenants.openshift.otlp` resource. With this update, the Loki API documentation has been updated to include the missing information. (https://issues.redhat.com/browse/LOG-6810[LOG-6810]) - -* Before this update, the loki-gateway did not enforce fine-grained authorization on the `/series` endpoint for the `application` tenant. As a consequence, users could get unauthorized access to the stream metadata information from different log streams. With this update, the `/series` endpoint uses the `match` parameter instead of the `query` parameter to filter the series metadata that is returned for a request. As a result, the loki-gateway correctly enforces fine-grained authorization for the `/series` endpoint for the `application` tenant. (https://issues.redhat.com/browse/LOG-6892[LOG-6892]) - -//* Before this update, Loki ingesters that got into an `UNHEALTHY` state due to networking issues remained so, even when the network recovered. With this update, the {loki-op} adds a configuration option to perform service discovery more often. As a result, `UNHEALTHY` ingesters are permitted to rejoin the group. (https://issues.redhat.com/browse/LOG-6987[LOG-6987]) - -//* Before this update, when using the OTEL data model, the Loki distributor returned parsing errors when it received logs without the `responseStatus.code` field. As a consequence, users saw parsing errors in Loki audit logs. With this release, empty `k8s.audit.event.response.code` Loki attributes in logs are ignored. As a result, users do not see parsing errors in Loki audit logs. (https://issues.redhat.com/browse/LOG-7028[LOG-7028]) - -//* Before this update, merging data from the `message` field into the root of a syslog event caused inconsistencies with the ViaQ data model. These inconsistencies could overwrite system information, duplicate data, or corrupt the log event. This update makes syslog parsing and merging consistent with the other output types and resolves the issue. (https://issues.redhat.com/browse/LOG-7189[LOG-7189]) - -* Before this update, restarting Vector collector pods in {ocp-product-title} clusters created a high volume of requests to the `KubeAPI`. As a result, the control plane could become unavailable. With this update, when restarting the collector pods, users can enable kube caching with the `use-apiserver-cache` attribute and configure the DaemonSet rollout strategy with the `max-unavailable-rollout` attribute . As a result, the control plane remains stable during collector pod restarts, which reduces API request timeouts. (https://issues.redhat.com/browse/LOG-7196[LOG-7196]) -+ -[IMPORTANT] -==== -Using the `use-apiserver-cache` and `max-unavailable-rollout` attributes is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. - -For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope]. -==== - -* Before this update, a `ClusterLogForwarder` CR that was configured for a `LokiStack` output with the OTEL data model incorrectly passed validation without the `tech preview` annotation. With this update, a `ClusterLogForwarder` CR that is configured for a `LokiStack` output with the OTEL data model correctly fails validation unless the `tech preview` annotation is included. (https://issues.redhat.com/browse/LOG-7279[LOG-7279]) - -[id="logging-release-notes-6-3-0-known-issues_{context}"] -== Known issues - -* When you forward logs to a syslog output, the produced message format is inconsistent between Fluentd and Vector log collectors. Vector messages are within quotation marks; Fluentd messages are not. As a consequence, users might experience issues with their tool integrations when they migrate from Fluentd to Vector. (link:https://issues.redhat.com/browse/LOG-7007[LOG-7007]) diff --git a/modules/logging-release-notes-6-4-0.adoc b/modules/logging-release-notes-6-4-0.adoc new file mode 100644 index 000000000000..ff356f3744a6 --- /dev/null +++ b/modules/logging-release-notes-6-4-0.adoc @@ -0,0 +1,128 @@ +// Module included in the following assemblies: +// +// * about/logging-release-notes.adoc + +:_mod-docs-content-type: REFERENCE +[id="logging-release-notes-6-4-0_{context}"] += Logging 6.4.0 release notes + +This release of {LoggingProductName} is supported on {ocp-product-title} 4.18 and later. This release includes new features and bug fixes. + +This release includes link:https://access.redhat.com/errata/RHBA-2025:21335[RHBA-2025:21335]. + +[id="openshift-logging-release-notes-6-4-0-enhancements_{context}"] +== New features and enhancements + +[id="log-collection_{context}"] +=== Log collection + +* With this release, the Vector collector has been updated to be based on Vector version 0.47.0. +(https://issues.redhat.com/browse/LOG-7166[LOG-7166]) + + +* With this release, the permissions required by the {CLO} have been reduced to only those required for deploying the log collector. Permissions for functions that are no longer supported by the operator have been removed. (https://issues.redhat.com/browse/LOG-7473[LOG-7473]) + +* This release provides changes to log collector deployments to promote Technology Preview configuration options introduced in link:https://issues.redhat.com/browse/LOG-7196[LOG-7196] to General Availability. +The change enables caching of kube API server calls and introduces a `ClusterLogForwarder` field to tune collector rollout strategy. +Administrators managing clusters with large numbers of nodes can now modify the collector upgrade behavior so that the collector requests do not overwhelm the Kubernetes API server. You can control the behavior by setting `MaxUnavailable` field for collectors during upgrade.(https://issues.redhat.com/browse/LOG-7587[LOG-7587]) + +* With this release, an alert has been added to notify administrators of deprecated features that will be removed in future releases. As a result, you can make adjustments as needed. (link:https://issues.redhat.com/browse/LOG-7596[LOG-7596]) + +* With this release, you can forward logs to {aws-short} S3-compatible services using a new `s3` output type. +The output supports custom endpoints and multiple authentication methods. +It also provides flexible options for log organization that you can configure with dynamic key prefix templating, and tuning of log compression and batching. (link:https://issues.redhat.com/browse/LOG-7683[LOG-7683]) + +* With this release, cross-account log forwarding is available for both CloudWatch and S3 outputs using the AWS AssumeRole functionality. +This feature enables centralized logging by using a secure, two-step authentication process. +By doing so, it upholds the principle of least privilege and maintains strong security boundaries, promoting a clear separation of concerns in the target account. +(link:https://issues.redhat.com/browse/LOG-7687[LOG-7687]) + +* With this release, {clo} optionally provides permissive `NetworkPolicy` resources to override any restrictive network policies present in an {ocp-product-title} cluster. +For more information, see link:https://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.4/html/configuring_logging/cluster-logging-collector#network_policies-to-override-restrictive-network-in-a-cluster_cluster-logging-collector[Network policies to override restrictive network in a cluster]. + +[id="log-storage_{context}"] +=== Log storage + +* With this release, a new alert has been added to the LokiStack to inform users if LokiStack components have not reached the ready state. (link:https://issues.redhat.com/browse/LOG-5470[LOG-5470]) + +* With this release, the statistics page has been improved to help users better understand the performance of a query. (link:https://issues.redhat.com/browse/LOG-7746[LOG-7746]) + +* With this release, {loki-op} can deploy and manage a set of network policies that restrict the communications to and from the Loki components to enhance security. +For more information, see link:https://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.3/html/configuring_logging/configuring-lokistack-storage#loki-network-policies-for-added-security_configuring-the-log-store[Loki network policies for added security]. + +[id="logging-release-notes-6-4-0-technology-preview-features_{context}"] +== Technology preview features + +:FeatureName: The OpenTelemetry Protocol (OTLP) output log forwarder +include::snippets/technology-preview.adoc[] + + +[id="logging-release-notes-6-4-0-bug-fixes_{context}"] +== Bug fixes + +* Before this update, the sample code for creating an `AlertingRule` resource in the web user interface did not contain all the description annotations. +With this update, the missing description annotation have been added. (link:https://issues.redhat.com/browse/LOG-6782[LOG-6782]) + +* Before this update, the {CLO} generated configuration that did not account for unmatched log events, and produced a warning message when the collector started. +With this update, unmatched log events are accounted for and an error alert is produced if unmatched messages are detected. The warning message has been removed. (link:https://issues.redhat.com/browse/LOG-6807[LOG-6807]) + +* Before this update, user action of generating an info-level log message containing the keyword `error` was incorrectly highlighted as errors in the {ocp-product-title} web console. +With this update, the web console no longer highlights info-level logs containing the `error` keyword as errors. +(link:https://issues.redhat.com//browse/LOG-7222[LOG-7222]) + +* Before this update, the `clusterLogForwarder` API did not validate the URL scheme for Kafka outputs. +This could cause users to configure a Kafka output with an invalid URL that was missing the required `tcp://` or `tls://` prefix, leading to a silent failure where logs were not forwarded as expected. +With this update, new validation has been added to the API. +The clusterLogForwarder now rejects configurations with a Kafka URL that does not have a tcp or tls scheme, preventing the misconfiguration and ensuring logs can be forwarded successfully. (link:https://issues.redhat.com/browse/LOG-7340[LOG-7340]) + +* Before this update, the `vector_buffer_byte_size` and `vector_buffer_events` metrics incorrectly reported negative values under certain system load and timing conditions. +This led to unreliable monitoring, potentially masking buffer issues. +With this update, a concurrent, centralized state tracker ensures that these metrics are always reported as non-negative values. +This ensures that the metrics correctly report buffer sizes helping with accurate monitoring. (link:https://issues.redhat.com/browse/LOG-7436[LOG-7436]) + +* Before this fix, Vector could not recover from silently closed TCP connections. +With this update, Vector uses `keepalive` probes to detect and automatically re-establish unresponsive TCP connections. (link:https://issues.redhat.com/browse/LOG-7502[LOG-7502]) + +* Before this update, the `ClusterLogForwarder` API required the URL for OTLP endpoints to terminate with `v1/logs`. With this update, this requirement has been relaxed to allow any URL that specifies an `http` or `https` protocol. (link:https://issues.redhat.com/browse/LOG-7582[LOG-7582]) + +* Before this update, any request that exceeded a Kafka broker's `message.max.size` value would be rejected because the collector's tuning did not correctly set an allowable producer configuration. +With this update, you can set the collector's kafka client configuration to allow message sizes that are equal to or smaller than the `MaxSize` value. (link:https://issues.redhat.com/browse/LOG-7608[LOG-7608]) + +* Before this update, the prune filter failed to remove the `.openshift.sequence` field from the log record. With this update, the field is correctly pruned from the log record. (link:https://issues.redhat.com/browse/LOG-7620[LOG-7620]) + +* Before this update, the prune filter failed to remove the `.kubernetes.container_iostream` field from the log record. With this fix, the field is now correctly pruned from the log record. (link:https://issues.redhat.com/browse/LOG-7622[LOG-7622]) + + +[id="logging-release-notes-6-4-0-deprecation-notice_{context}"] +== Deprecation notice + +In this release, the 'observability.openshift.io/max-unavailable-rollout' annotation is deprecated and will be removed in a future release. +The annotation has been replaced by the `spec.collector.maxUnavailable` field in the `ClusterLogForwarder` resource. +For more information, see link:https://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.4/html/configuring_logging/cluster-logging-collector#configuring-pod-rollout-strategy_cluster-logging-collector[Configuring pod rollout strategy]. + + +[id="logging-release-notes-6-4-0-removal-notice_{context}"] +== Removal notice + +In this release, the `observability.openshift.io/use-apiserver-cache` annotation has been removed. +With this release, kube-api caching is now always enabled. +For more information, see link:https://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.4/html/configuring_logging/cluster-logging-collector#configuring-pod-rollout-strategy_cluster-logging-collector[Configuring pod rollout strategy]. + + +[id="logging-release-notes-6-4-0-known-issues_{context}"] +== Known issues + +* When network policies are enabled in {loki-op} and a S3-compatible object storage, for example Minio or {odf-first}, is used, the network policies do not allow access to the object storage. +(link:https://issues.redhat.com/browse/LOG-8075[LOG-8075]) + +* When network policies are enabled in {loki-op} and Swift is used as an object storage, the network policies do not allow access to the object storage. +(link:https://issues.redhat.com/browse/LOG-8083[LOG-8083]) + +* When network policies are enabled in {loki-op} and a cluster-wide proxy is configured, the network policies do not allow access to object storage. +(link:https://issues.redhat.com/browse/LOG-8084[LOG-8084]) + +* When network policies are enabled in {CLO} and the Loki output is used without specifying a port in the `url` field, the egress network policy is created with the wrong port number. +(link:https://issues.redhat.com/browse/LOG-8091[LOG-8091]) + +* When network policies are enabled in {CLO} and an HTTP output is used together with an HTTP proxy, the egress network policy does not allow access to the HTTP proxy. +(link:https://issues.redhat.com/browse/LOG-8109[LOG-8109]) diff --git a/release_notes/logging-release-notes.adoc b/release_notes/logging-release-notes.adoc index 9934d6b1e49e..64e254b83b97 100644 --- a/release_notes/logging-release-notes.adoc +++ b/release_notes/logging-release-notes.adoc @@ -1,10 +1,10 @@ :_mod-docs-content-type: ASSEMBLY include::_attributes/common-attributes.adoc[] [id="logging-release-notes"] -= Logging 6.3 release notes += Logging 6.4 release notes :context: logging-release-notes toc::[] -include::modules/logging-release-notes-6-3-0.adoc[leveloffset=+1] \ No newline at end of file +include::modules/logging-release-notes-6-4-0.adoc[leveloffset=+1] \ No newline at end of file