NETOBSERV-309 skip TLS checks & add TenantID

[jpinsonneau]

Following conversation with @memodi, this PR force skip TLS checks on both FLP & console plugin until implementation and allow configuration of Loki tenant ID

[memodi]

/ok-to-test

[github-actions]

New image: ["quay.io/netobserv/network-observability-operator:6536b7c"]. It will expire after two weeks.

[jotak]

this could also be promoted right now as a CR config, like you did for TenantID.

[jpinsonneau]

I can do that if you prefer but the goal is to remove this after TLS implementation

[jotak]

I don't think it has to be removed, it happens commonly that people want to just quick try software without securing everything, so this is still a good option to have IMO, especially as people can "bring their own Loki". What matters more is that it defaults to false.

[memodi]

New image: ["quay.io/netobserv/network-observability-operator:6536b7c"]. It will expire after two weeks.

@jpinsonneau - after deploying NOO off this PR and above image, I am no longer seeing cert error on console side, however for FLP post request I am seeing below error:
time=2022-06-14T20:12:01Z level=info component=client error=Post "http://lokistack-sample-distributor-http.network-observability:3100/loki/api/v1/push": proxyconnect tcp: dial tcp :0: connect: connection refused fields.level=warn fields.msg=error sending batch, will retry host=lokistack-sample-distributor-http.network-observability:3100 module=export/loki status=-1

when I do push manually it succeeds:
$ oc exec -it flowlogs-pipeline-55flk -- curl -w "%{http_code}\\n" -k -XPOST https://lokistack-sample-distributor-http.network-observability:3100/loki/api/v1/push --data-raw \ '{"streams": [{ "stream": { "foo": "bar2" }, "values": [ [ "1655238630742828000", "fizzbuzz" ] ] }]}' -H "X-Scope-OrgID: netobserv" -H "Content-Type: application/json" 204

[memodi]

Following up on my comment above: #120 (comment):

I am getting same error when I try to work with zero-click loki server:
time=2022-06-14T20:51:16Z level=info component=client error=Post "http://loki:3100/loki/api/v1/push": proxyconnect tcp: dial tcp :0: connect: connection refused fields.level=warn fields.msg=error sending batch, will retry host=loki:3100 module=export/loki status=-1

not sure if there needs to be some updates to be made to FLP to be able to work with NOO created off this PR

[jpinsonneau]

@jpinsonneau - after deploying NOO off this PR and above image, I am no longer seeing cert error on console side, however for FLP post request I am seeing below error: time=2022-06-14T20:12:01Z level=info component=client error=Post "http://lokistack-sample-distributor-http.network-observability:3100/loki/api/v1/push": proxyconnect tcp: dial tcp :0: connect: connection refused fields.level=warn fields.msg=error sending batch, will retry host=lokistack-sample-distributor-http.network-observability:3100 module=export/loki status=-1

Hm sorry about that ! It seems HTTPClientConfig ProxyURL is used even if it's not set on our side. Since the proxy is not resolved, the query fails.
I have tried to set nil or "" but it doesn't work as is.

We didn't had this in the PoC because we used a map[string]interface{}

I'm still looking for a solution

[jotak]

@jpinsonneau Could it be related to @OlivierCazade 's netobserv/flowlogs-pipeline#229 ? (missing omitempty in FLP)

[jpinsonneau]

@jpinsonneau Could it be related to @OlivierCazade 's netobserv/flowlogs-pipeline#229 ? (missing omitempty in FLP)

No it actually comes from prometheus http_config file

[jpinsonneau]

/retest

[memodi]

/ok-to-test

[github-actions]

New image: ["quay.io/netobserv/network-observability-operator:ba70519"]. It will expire after two weeks.

[memodi]

@jpinsonneau - I don't know if this PR needs rebase after this PR was merged, since I am running into below error on FLP side:

time=2022-06-16T21:41:14Z level=debug msg=findStageType: stage = decode
time=2022-06-16T21:41:14Z level=fatal msg=failed to initialize pipeline invalid stage type: unknown

[jpinsonneau]

@jpinsonneau - I don't know if this PR needs rebase after this PR was merged, since I am running into below error on FLP side

Yeah seems to ! Let's rebase

[jpinsonneau]

/ok-to-test

[jpinsonneau]

@memodi I have tested today with latest flowlogs-pipeline version and it works fine 👍

[github-actions]

New image: ["quay.io/netobserv/network-observability-operator:474f67e"]. It will expire after two weeks.

[memodi]

@memodi I have tested today with latest flowlogs-pipeline version and it works fine 👍

Yes, it works for me too. Thank you. Although I couldn't see any flows on Netflow Table and always ends up in 503 error after trying to load :D

I had extra small LokiStack, not sure if Loki from Loki-operator has poor performance than what we install with zero-click Loki config,

[jpinsonneau]

Performances are better on my side with LokiStack @memodi
I use gp2 AWS s3 bucket witth extra small config. Do you have a running cluster so I can check what happens ?

[memodi]

/ok-to-test

[memodi]

/retest

[memodi]

/ok-to-test

[jotak]

/lgtm
cc @OlivierCazade once this is merged we'll need to rebase and fix conflicts on the TLS branch work

[jpinsonneau]

/retest

[jotak]

/lgtm

[jpinsonneau]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jpinsonneau

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jpinsonneau]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment