Uploaded image for project: 'Observability Documentation'
  1. Observability Documentation
  2. OBSDOCS-1015

Add a guide to create trust ODF CA for Lokistack

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      OpenShift Data Foundation(ODF), it uses the OCP Service CA. By default, the lokistack doesn't trust the OCP Service CA. It is better to provide a step to trust the Service CA when the storage type is ODF.

      Suggest adding https://docs.openshift.com/container-platform/4.15/observability/logging/log_storage/installing-log-storage.html#logging-loki-storage-odf_installing-log-storage.

      step 4: Enable Object Storage ODF in lokistack.

      cat << EOF | oc apply -f -
apiVersion: loki.grafana.com/v1
kind: LokiStack
metadata:
  name: lokistack-sample
  namespace: openshift-logging
spec:
  managementState: Managed
  size: 1x.extra-small
  storage:
    secret:
      name: s3-secret
      type: s3
    tls:
      caName: openshift-service-ca.crt
  storageClassName: gp2
  tenants:
    mode: openshift-logging
EOF

      Note: If the ODF is not in same cluster or you are using ODF route URL, you can create a configmap and bind to the lokistack.
      oc create configmap lokistack-odf-ca --from-file=service-ca.crt=odf.crt

            bdooley@redhat.com Brian Dooley
            rhn-support-anli Anping Li
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: