Flowcollector config spec.loki.url requires https instead of http

dhgautam99 · web-flow · commit a311343dd982 · 2023-06-23T13:52:55.000+05:30
spec.loki.url in flowcollector custom resource uses https protocol and port 8080 is a secured port. The certificates injected here are signed by openshift-service-serving-signer. Same can be validated using below command from the node where loki-gateway pod is scheduled.
$ crictl ps | grep gateway
$ crictl inspect &lt;container-id&gt; | grep -i pid
$ nsenter -t &lt;pid-of-loki-gateway-container&gt; -n openssl s_client -connect localhost:8080

Usage of http causes 404 error in Network Traffic menu:
~~~
Error: Request failed with status code 400
[400] Loki message: Client sent an HTTP request to an HTTPS server.
~~~

Fix: After changing http to https, the network flows can be seen in Network Traffic menu.
diff --git a/modules/network-observability-flowcollector-view.adoc b/modules/network-observability-flowcollector-view.adoc
@@ -48,7 +48,7 @@ spec:
     logTypes: FLOW                            <3>
     conversationHeartbeatInterval: 30s
   loki:                                       <4>
-    url: 'http://loki-gateway-http.netobserv.svc:8080/api/logs/v1/network'
+    url: 'https://loki-gateway-http.netobserv.svc:8080/api/logs/v1/network'
     statusUrl: 'https://loki-query-frontend-http.netobserv.svc:3100/'
     authToken: FORWARD
     tls:
@@ -87,4 +87,4 @@ spec:
 <2> You can set the Sampling specification, `spec.agent.ebpf.sampling`, to manage resources. Lower sampling values might consume a large amount of computational, memory and storage resources. You can mitigate this by specifying a sampling ratio value. A value of 100 means 1 flow every 100 is sampled. A value of 0 or 1 means all flows are captured. The lower the value, the increase in returned flows and the accuracy of derived metrics. By default, eBPF sampling is set to a value of 50, so 1 flow every 50 is sampled. Note that more sampled flows also means more storage needed. It is recommend to start with default values and refine empirically, to determine which setting your cluster can manage.
 <3> The optional specifications `spec.processor.logTypes`, `spec.processor.conversationHeartbeatInterval`, and `spec.processor.conversationEndTimeout` can be set to enable conversation tracking. When enabled, conversation events are queryable in the web console. The values for `spec.processor.logTypes` are as follows: `FLOWS` `CONVERSATIONS`, `ENDED_CONVERSATIONS`, or `ALL`. Storage requirements are highest for `ALL` and lowest for `ENDED_CONVERSATIONS`.
 <4> The Loki specification, `spec.loki`, specifies the Loki client. The default values match the Loki install paths mentioned in the Installing the Loki Operator section. If you used another installation method for Loki, specify the appropriate client information for your install.
-<5> The `spec.quickFilters` specification defines filters that show up in the web console. The `Application` filter keys,`src_namespace` and `dst_namespace`, are negated (`!`), so the `Application` filter shows all traffic that _does not_ originate from, or have a destination to, any `openshift-` or `netobserv` namespaces. For more information, see Configuring quick filters below.
+<5> The `spec.quickFilters` specification defines filters that show up in the web console. The `Application` filter keys,`src_namespace` and `dst_namespace`, are negated (`!`), so the `Application` filter shows all traffic that _does not_ originate from, or have a destination to, any `openshift-` or `netobserv` namespaces. For more information, see Configuring quick filters below.
