- Need to edit 2 steps in the Quick Start point of About Logging 6.0 documentation.
- Here is the documentation link: https://docs.openshift.com/container-platform/4.17/observability/logging/logging-6.0/log6x-about.html#quick-start
- This is the last and important change in the Quick start process.
- In step 5 and step 8 changes are required:
----
5. Bind the ClusterRole to the service account:
~~~
$ oc adm policy add-cluster-role-to-user logging-collector-logs-writer -z collector
~~~
8. Add additional roles to the collector service account:
~~~
$ oc project openshift-logging
$ oc adm policy add-cluster-role-to-user collect-application-logs -z collector
$ oc adm policy add-cluster-role-to-user collect-audit-logs -z collector
$ oc adm policy add-cluster-role-to-user collect-infrastructure-logs -z collector
~~~
----
- In these steps, commands are properly mentioned.
- However, the project name is not mentioned in the commands.
- So we need to mention project name in the above commands.
Reason:
1. If for any reason the user has changed the namespace in the middle, then, it will create the resource in the wrong namespace.
2. If the credentials are shared, and two people using the same cluster at the same time, then, the second person could change to work in a different namespace.
- Hence we need to explicitly mention the `-n openshift-logging` in the above commands.
- Here are the new required changes:
----
5. Bind the ClusterRole to the service account:
~~~
$ oc adm policy add-cluster-role-to-user logging-collector-logs-writer -z collector -n openshift-logging
~~~
8. Add additional roles to the collector service account:
~~~
$ oc adm policy add-cluster-role-to-user collect-application-logs -z collector -n openshift-logging
$ oc adm policy add-cluster-role-to-user collect-audit-logs -z collector -n openshift-logging
$ oc adm policy add-cluster-role-to-user collect-infrastructure-logs -z collector -n openshift-logging
~~~
----
- One step needs to be added to the Quick Start point of About Logging 6.0 documentation.
- Here is the documentation link: https://docs.openshift.com/container-platform/4.17/observability/logging/logging-6.0/log6x-about.html#quick-start
- Here Step 2 is mentioned as "Create a LokiStack custom resource (CR) in the openshift-logging namespace:"
- But before creating `LokiStack` custom resource (CR), it is necessary to create an `object storage secret`.
- Without creating a secret we can not create `Lokistack` customer resource.
- We need to mention that `object storage secret` name in the `LokiStack custom resource (CR)` under `spec.storage.secret.name` section.
- So it is required to add this step in our documentation.
- Hence adding Step 2 in the documentation:
-----------------
2. Create a secret to access an existing object storage bucket:
Example command for AWS
~~~
$ oc create secret generic logging-loki-s3 \
--from-literal=bucketnames="<bucket_name>" \
--from-literal=endpoint="<aws_bucket_endpoint>" \
--from-literal=access_key_id="<aws_access_key_id>" \
--from-literal=access_key_secret="<aws_access_key_secret>" \
--from-literal=region="<aws_region_of_your_bucket>" \
-n openshift-logging
~~~
------------------
- Inside `About Logging 6.0` [1] section in `Quick Start` [2] , the step number: 4, Create a ClusterRole for the collector: is not required.
[1] https://docs.openshift.com/container-platform/4.16/observability/logging/logging-6.0/log6x-about.html
[2] https://docs.openshift.com/container-platform/4.16/observability/logging/logging-6.0/log6x-about.html#quick-start
- In step 4, it has been mentioned that the user needs to create the ClusterRole `logging-collector-logs-writer` but this ClusterRole is created automatically by the Loki operator and it is not required to create it manually.
- This ClusterRole was also made available with the `Loki Operator 5.9` version.
- Here is jira [3] for reference:
[3] https://issues.redhat.com/browse/LOG-5967
- Hence step 4 needs to be omitted from documentation:
------
4. Create a ClusterRole for the collector:
~~~
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: logging-collector-logs-writer
rules:
- apiGroups:
- loki.grafana.com
resourceNames:
- logs
resources:
- application
- audit
- infrastructure
verbs:
- create
~~~
