Robsta86
commented
6 months ago Not sure if it helps with your specific problem in regards with the FIPS-compliant endpoint, however this config works for us:
storage:
bucketNames:
chunks: ${bucket}
ruler: ${bucket}
admin: ${bucket}
type: s3
s3:
region: ${aws_region}
schema_config:
configs:
- from: "2024-01-12"
index:
period: 24h
prefix: loki_index_
store: boltdb-shipper
object_store: s3
schema: v12
storage_config:
aws:
s3: s3://${aws_region}/${bucket}
sse_encryption: true
sse:
type: SSE-KMS
kms_key_id: ${kms_key}
tsdb_shipper:
active_index_directory: /var/loki/tsdb-index
shared_store: s3
aravindhkudiyarasan
kaiyuanlim
Describe the bug We are still encountering the error "WebIdentityErr: failed to retrieve credentials\ncaused by: SerializationError:" in Loki when we explicitly specify the S3 endpoint in the Loki configuration. This is because we need to use the FIPS-compliant S3 endpoint when deploying Loki in GovCloud environments. Unfortunately, using the s3 endpoint in Loki config with serviceAccount:true appears to be causing the below error message.
Existing Bugs:- 1) https://github.com/grafana/loki/issues/9131 2) https://github.com/grafana/helm-charts/issues/1550 3) https://github.com/grafana/loki/issues/7403 4) https://community.grafana.com/t/loki-write-pods-does-not-get-into-ready-state/111798
Kindly fix it on emergency.
Loki Config: |
WORKING:-
NOT_WORKING:-
To Reproduce Steps to reproduce the behavior:
Expected behavior Loki Should connect to s3 buckets with specified endpoint.
Environment:
Error:-
{"caller":"table_manager.go:143","err":"WebIdentityErr: failed to retrieve credentials\ncaused by: SerializationError: failed to unmarshal error message\n\tstatus code: 405, request id: \ncaused by: UnmarshalError: failed to unmarshal error message\n\t00000000 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 |.<C|\n00000030 6f 64 65 3e 4d 65 74 68 6f 64 4e 6f 74 41 6c 6c |ode>MethodNotAll|\n00000040 6f 77 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 |owed<Mess|\n00000050 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 |age>The specifie|\n00000060 64 20 6d 65 74 68 6f 64 20 69 73 20 6e 6f 74 20 |d method is not |\n00000070 61 6c 6c 6f 77 65 64 20 61 67 61 69 6e 73 74 20 |allowed against |\n00000080 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f |this resource.</|\n00000090 4d 65 73 73 61 67 65 3e 3c 4d 65 74 68 6f 64 3e |Message>|\n000000a0 50 4f 53 54 3c 2f 4d 65 74 68 6f 64 3e 3c 52 65 |POST<Re|\n000000b0 73 6f 75 72 63 65 54 79 70 65 3e 53 45 52 56 49 |sourceType>SERVI|\n000000c0 43 45 3c 2f 52 65 73 6f 75 72 63 65 54 79 70 65 |CE</ResourceType|\n000000d0 3e 3c 52 65 71 75 65 73 74 49 64 3e 44 51 48 51 |>DQHQ|\n000000e0 52 31 46 48 47 53 48 59 36 45 43 5a 3c 2f 52 65 |R1FHGSHY6ECZ</Re|\n000000f0 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e |questId>|\n00000100 62 53 79 72 63 55 72 44 53 31 48 71 48 76 47 4d |bSyrcUrDS1HqHvGM|\n00000110 39 32 69 62 48 73 58 76 39 4a 4b 57 48 41 66 4d |92ibHsXv9JKWHAfM|\n00000120 41 31 33 67 7a 79 69 4e 76 69 61 38 6e 69 70 76 |A13gzyiNvia8nipv|\n00000130 50 4d 59 6c 74 5a 35 71 6c 69 2b 48 45 43 72 6b |PMYltZ5qli+HECrk|\n00000140 41 78 42 64 4e 69 2f 45 48 57 77 3d 3c 2f 48 6f |AxBdNi/EHWw=</Ho|\n00000150 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e |stId>|\n\ncaused by: unknown error response tag, {{ Error} []}","index-store":"boltdb-shipper-2023-11-01","level":"error","msg":"failed to upload table","table":"loki_index_backup_19782","ts":"2024-02-29T09:56:11.318328359Z"}