Administering your logging deployment

Administering your logging deployment

Deploying Red Hat OpenShift Logging Operator using the web console

You can use the OKD web console to deploy the Red Hat OpenShift Logging Operator.

Prerequisites

Logging is provided as an installable component, with a distinct release cycle from the core OKD. The Red Hat OpenShift Container Platform Life Cycle Policy outlines release compatibility.

Procedure

To deploy the Red Hat OpenShift Logging Operator using the OKD web console:

Install the Red Hat OpenShift Logging Operator:

In the OKD web console, click Operators → OperatorHub.
Type Logging in the Filter by keyword field.
Choose Red Hat OpenShift Logging from the list of available Operators, and click Install.

Select stable or stable-5.y as the Update Channel.

The stable channel only provides updates to the most recent release of logging. To continue receiving updates for prior releases, you must change your subscription channel to stable-X where X is the version of logging you have installed.

Ensure that A specific namespace on the cluster is selected under Installation Mode.
Ensure that Operator recommended namespace is openshift-logging under Installed Namespace.
Select Enable Operator recommended cluster monitoring on this Namespace.
Select an option for Update approval.
- The Automatic option allows Operator Lifecycle Manager (OLM) to automatically update the Operator when a new version is available.
- The Manual option requires a user with appropriate credentials to approve the Operator update.
Select Enable or Disable for the Console plugin.
Click Install.

Verify that the Red Hat OpenShift Logging Operator is installed by switching to the Operators → Installed Operators page.
1. Ensure that Red Hat OpenShift Logging is listed in the openshift-logging project with a Status of Succeeded.

Create a ClusterLogging instance.

The form view of the web console does not include all available options. The YAML view is recommended for completing your setup.

In the collection section, select a Collector Implementation.

As of logging version 5.6 Fluentd is deprecated and is planned to be removed in a future release. Red Hat will provide bug fixes and support for this feature during the current release lifecycle, but this feature will no longer receive enhancements and will be removed. As an alternative to Fluentd, you can use Vector instead.

In the logStore section, select a type.

As of logging version 5.4.3 the OpenShift Elasticsearch Operator is deprecated and is planned to be removed in a future release. Red Hat will provide bug fixes and support for this feature during the current release lifecycle, but this feature will no longer receive enhancements and will be removed. As an alternative to using the OpenShift Elasticsearch Operator to manage the default log storage, you can use the Loki Operator.

Click Create.

Deploying the Loki Operator using the web console

You can use the OKD web console to install the Loki Operator.

Prerequisites

Supported Log Store (AWS S3, Google Cloud Storage, Azure, Swift, Minio, OpenShift Data Foundation)

Procedure

To install the Loki Operator using the OKD web console:

In the OKD web console, click Operators → OperatorHub.
Type Loki in the Filter by keyword field.
1. Choose Loki Operator from the list of available Operators, and click Install.

Select stable or stable-5.y as the Update Channel.

Ensure that All namespaces on the cluster is selected under Installation Mode.
Ensure that openshift-operators-redhat is selected under Installed Namespace.
Select Enable Operator recommended cluster monitoring on this Namespace.

This option sets the openshift.io/cluster-monitoring: "true" label in the Namespace object. You must select this option to ensure that cluster monitoring scrapes the openshift-operators-redhat namespace.
Select an option for Update approval.
- The Automatic option allows Operator Lifecycle Manager (OLM) to automatically update the Operator when a new version is available.
- The Manual option requires a user with appropriate credentials to approve the Operator update.
Click Install.
Verify that the LokiOperator installed by switching to the Operators → Installed Operators page.
1. Ensure that LokiOperator is listed with Status as Succeeded in all the projects.

Create a Secret YAML file that uses the access_key_id and access_key_secret fields to specify your credentials and bucketnames, endpoint, and region to define the object storage location. AWS is used in the following example:

apiVersion: v1
kind: Secret
metadata:
 name: logging-loki-s3
 namespace: openshift-logging
stringData:
 access_key_id: AKIAIOSFODNN7EXAMPLE
 access_key_secret: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 bucketnames: s3-bucket-name
 endpoint: https://s3.eu-central-1.amazonaws.com
 region: eu-central-1

Select Create instance under LokiStack on the Details tab. Then select YAML view. Paste in the following template, subsituting values where appropriate.

 apiVersion: loki.grafana.com/v1
 kind: LokiStack
 metadata:
   name: logging-loki (1)
   namespace: openshift-logging
 spec:
   size: 1x.small (2)
   storage:
     schemas:
     - version: v12
       effectiveDate: '2022-06-01'
     secret:
       name: logging-loki-s3 (3)
       type: s3 (4)
   storageClassName: <storage_class_name> (5)
   tenants:
     mode: openshift-logging

1	Name should be `logging-loki`.
2	Select your Loki deployment size.
3	Define the secret used for your log storage.
4	Define corresponding storage type.
5	Enter the name of an existing storage class for temporary storage. For best performance, specify a storage class that allocates block storage. Available storage classes for your cluster can be listed using `oc get storageclasses`. Apply the configuration: `oc apply -f logging-loki.yaml`

Create or edit a ClusterLogging CR:

 apiVersion: logging.openshift.io/v1
 kind: ClusterLogging
 metadata:
   name: instance
   namespace: openshift-logging
 spec:
   managementState: Managed
   logStore:
     type: lokistack
     lokistack:
       name: logging-loki
     collection:
       type: vector

Apply the configuration:
```
oc apply -f cr-lokistack.yaml
```

Installing from OperatorHub using the CLI

Instead of using the OKD web console, you can install an Operator from OperatorHub by using the CLI. Use the oc command to create or update a Subscription object.

Prerequisites

Access to an OKD cluster using an account with cluster-admin permissions.
You have installed the OpenShift CLI (oc).

Procedure

View the list of Operators available to the cluster from OperatorHub:

$ oc get packagemanifests -n openshift-marketplace

Example output

NAME                               CATALOG               AGE
3scale-operator                    Red Hat Operators     91m
advanced-cluster-management        Red Hat Operators     91m
amq7-cert-manager                  Red Hat Operators     91m
...
couchbase-enterprise-certified     Certified Operators   91m
crunchy-postgres-operator          Certified Operators   91m
mongodb-enterprise                 Certified Operators   91m
...
etcd                               Community Operators   91m
jaeger                             Community Operators   91m
kubefed                            Community Operators   91m
...

Note the catalog for your desired Operator.

Inspect your desired Operator to verify its supported install modes and available channels:
```
$ oc describe packagemanifests <operator_name> -n openshift-marketplace
```
An Operator group, defined by an OperatorGroup object, selects target namespaces in which to generate required RBAC access for all Operators in the same namespace as the Operator group.

The namespace to which you subscribe the Operator must have an Operator group that matches the install mode of the Operator, either the AllNamespaces or SingleNamespace mode. If the Operator you intend to install uses the AllNamespaces, then the openshift-operators namespace already has an appropriate Operator group in place.

However, if the Operator uses the SingleNamespace mode and you do not already have an appropriate Operator group in place, you must create one.

The web console version of this procedure handles the creation of the OperatorGroup and Subscription objects automatically behind the scenes for you when choosing SingleNamespace mode.
1. Create an OperatorGroup object YAML file, for example operatorgroup.yaml:
  
  Example OperatorGroup object
```
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: <operatorgroup_name>
  namespace: <namespace>
spec:
  targetNamespaces:
  - <namespace>
```
2. Create the OperatorGroup object:
```
$ oc apply -f operatorgroup.yaml
```

Create a Subscription object YAML file to subscribe a namespace to an Operator, for example sub.yaml:

Example Subscription object

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: <subscription_name>
  namespace: openshift-operators (1)
spec:
  channel: <channel_name> (2)
  name: <operator_name> (3)
  source: redhat-operators (4)
  sourceNamespace: openshift-marketplace (5)
  config:
    env: (6)
    - name: ARGS
      value: "-v=10"
    envFrom: (7)
    - secretRef:
        name: license-secret
    volumes: (8)
    - name: <volume_name>
      configMap:
        name: <configmap_name>
    volumeMounts: (9)
    - mountPath: <directory_name>
      name: <volume_name>
    tolerations: (10)
    - operator: "Exists"
    resources: (11)
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "128Mi"
        cpu: "500m"
    nodeSelector: (12)
      foo: bar

1	For default `AllNamespaces` install mode usage, specify the `openshift-operators` namespace. Alternatively, you can specify a custom global namespace, if you have created one. Otherwise, specify the relevant single namespace for `SingleNamespace` install mode usage.
2	Name of the channel to subscribe to.
3	Name of the Operator to subscribe to.
4	Name of the catalog source that provides the Operator.
5	Namespace of the catalog source. Use `openshift-marketplace` for the default OperatorHub catalog sources.
6	The `env` parameter defines a list of Environment Variables that must exist in all containers in the pod created by OLM.
7	The `envFrom` parameter defines a list of sources to populate Environment Variables in the container.
8	The `volumes` parameter defines a list of Volumes that must exist on the pod created by OLM.
9	The `volumeMounts` parameter defines a list of volume mounts that must exist in all containers in the pod created by OLM. If a `volumeMount` references a `volume` that does not exist, OLM fails to deploy the Operator.
10	The `tolerations` parameter defines a list of Tolerations for the pod created by OLM.
11	The `resources` parameter defines resource constraints for all the containers in the pod created by OLM.
12	The `nodeSelector` parameter defines a `NodeSelector` for the pod created by OLM.

If the cluster is in STS mode, include the following fields in the Subscription object:

kind: Subscription
# ...
spec:
  installPlanApproval: Manual (1)
  config:
    env:
    - name: ROLEARN
      value: "<role_arn>" (2)

1	Subscriptions with automatic update approvals are not recommended because there might be permission changes to make prior to updating. Subscriptions with manual update approvals ensure that administrators have the opportunity to verify the permissions of the later version and take any necessary steps prior to update.
2	Include the role ARN details.

Create the Subscription object:
```
$ oc apply -f sub.yaml
```
At this point, OLM is now aware of the selected Operator. A cluster service version (CSV) for the Operator should appear in the target namespace, and APIs provided by the Operator should be available for creation.

Deleting Operators from a cluster using the web console

Cluster administrators can delete installed Operators from a selected namespace by using the web console.

Prerequisites

You have access to an OKD cluster web console using an account with cluster-admin permissions.

Procedure

Navigate to the Operators → Installed Operators page.
Scroll or enter a keyword into the Filter by name field to find the Operator that you want to remove. Then, click on it.
On the right side of the Operator Details page, select Uninstall Operator from the Actions list.

An Uninstall Operator? dialog box is displayed.

Select Uninstall to remove the Operator, Operator deployments, and pods. Following this action, the Operator stops running and no longer receives updates.

This action does not remove resources managed by the Operator, including custom resource definitions (CRDs) and custom resources (CRs). Dashboards and navigation items enabled by the web console and off-cluster resources that continue to run might need manual clean up. To remove these after uninstalling the Operator, you might need to manually delete the Operator CRDs.

Deleting Operators from a cluster using the CLI

Cluster administrators can delete installed Operators from a selected namespace by using the CLI.

Prerequisites

You have access to an OKD cluster using an account with cluster-admin permissions.
The OpenShift CLI (oc) is installed on your workstation.

Procedure

Check the current version of the subscribed Operator (for example, jaeger) in the currentCSV field:

$ oc get subscription jaeger -n openshift-operators -o yaml | grep currentCSV

Example output

  currentCSV: jaeger-operator.v1.8.2

Delete the subscription (for example, jaeger):

$ oc delete subscription jaeger -n openshift-operators

Example output

subscription.operators.coreos.com "jaeger" deleted

Delete the CSV for the Operator in the target namespace using the currentCSV value from the previous step:

$ oc delete clusterserviceversion jaeger-operator.v1.8.2 -n openshift-operators

Example output

clusterserviceversion.operators.coreos.com "jaeger-operator.v1.8.2" deleted

Administering Logging

Administering your logging deployment

Deploying Red Hat OpenShift Logging Operator using the web console

Deploying the Loki Operator using the web console

Installing from OperatorHub using the CLI

Deleting Operators from a cluster using the web console

Deleting Operators from a cluster using the CLI