How to configure Loki Object Storage CA certificate in RHOCP 4

Solution Verified - Updated -

Issue

  • How to configure the Certificate Authority (CA) certificate for the ObjectStorage endpoint in the LokiStack?
  • After installing the Network Observability Operator using the SSL/TLS protocol, an error with the CA trust certificate occurs while Loki Operator attempts to save data on a S3 bucket using a customized certificate.

  • Errors while flushing to the ObjectStorage backend:

    msg="failed to flush" err="failed to flush chunks: store put chunk: RequestError: send request failed\ncaused by: Put \"https://objectstorage.example.com:1234/loki-storage/backend\": tls: failed to verify certificate: x509: certificate signed by unknown authority

    msg="failed to flush" err="failed to flush chunks: store put chunk: RequestError: send request failed\ncaused by: Put \"https://objectstorage.example.com:1234/loki-storage/backend\": tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead

  • Error message in the LokiStack status:

        message: 'Invalid object storage CA configmap contents: key not present or data
      empty: service-ca.crt'

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4
  • Red Hat OpenShift Logging (RHOL)
    • 5.5 and later
  • LokiStack
  • Network Observability Operator

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content