Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

secretRef without key does not fail the config generation #1506

Closed
a-thaler opened this issue Oct 8, 2024 · 0 comments · Fixed by #1535
Closed

secretRef without key does not fail the config generation #1506

a-thaler opened this issue Oct 8, 2024 · 0 comments · Fixed by #1535
Assignees
@TeodorSAP
Labels
area/logs LogPipeline kind/bug Categorizes issue or PR as related to a bug.

Comments

@a-thaler
Copy link
Collaborator

a-thaler commented Oct 8, 2024
edited
Loading

Description
When creating a LogPipeline using secretRefs without specifying a key, the pipeline gets accepted and the "ConfigurationGenerated" status gets true. Later on the log delivery fails as no authorization is provided..

Example pipeline:

apiVersion: telemetry.kyma-project.io/v1alpha1
kind: LogPipeline
metadata:
  name: test
spec:
  input:
    application:
      containers:
        exclude:
        - istio-proxy
      keepOriginalBody: true
      namespaces: {}
  output:
    http:
      dedot: true
      host:
        valueFrom:
          secretKeyRef:
            key: ingest-endpoint
            name: cls
            namespace: observability
      password:
        valueFrom:
          secretKeyRef:
            key: ingest-password
            name: cls
            namespace: observability
      tls: {}
      uri: /customindex/kyma
      user:
        valueFrom:
          secretKeyRef:
            name: cls
            namespace: observability
status:
  conditions:
  - lastTransitionTime: "2024-10-08T15:33:37Z"
    message: Fluent Bit agent DaemonSet is ready
    reason: AgentReady
    status: "True"
    type: AgentHealthy
  - lastTransitionTime: "2024-10-08T15:34:47Z"
    message: LogPipeline specification is successfully applied to the configuration
      of Fluent Bit agent
    observedGeneration: 2
    reason: AgentConfigured
    status: "True"
    type: ConfigurationGenerated
  - lastTransitionTime: "2024-10-08T15:36:18Z"
    message: 'Backend is not reachable or rejecting logs. All logs are dropped. See
      troubleshooting: https://kyma-project.io/#/telemetry-manager/user/02-logs?id=no-logs-arrive-at-the-backend'
    observedGeneration: 2
    reason: AllTelemetryDataDropped
    status: "False"
    type: TelemetryFlowHealthy
  unsupportedMode: false

In the status you see that the configuration is accepted by the telemetry-manager.
I would expect the validation to fail as a "secretKeyRef" without key is meaningless.

Please also verify that the other pipeline types are working as expected.

I observed another scenario where the referenced secret got deleted after the pipeline was running, now the LogPipeline continues to push to a non-existent endpoint instead of failing with configuration problems. Please validate this scenario as well.
@a-thaler a-thaler added area/logs LogPipeline kind/bug Categorizes issue or PR as related to a bug. labels Oct 8, 2024
@TeodorSAP TeodorSAP self-assigned this Oct 15, 2024
@TeodorSAP TeodorSAP mentioned this issue Oct 17, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TeodorSAP TeodorSAP

Labels
area/logs LogPipeline kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Cover additional Secretref validation scenarios TeodorSAP/telemetry-manager
2 participants
@a-thaler @TeodorSAP