红帽全球峰会此内容没有您所选择的语言版本。
Chapter 1. Logging 6.4 release notes
1.1. Logging 6.4.0 release notes
复制链接链接已复制到粘贴板!
This release of OpenShift Logging is supported on OpenShift Container Platform 4.18 and later. This release includes new features and bug fixes.
This release includes RHBA-2025:21335.
1.1.1. New features and enhancements
复制链接链接已复制到粘贴板!
1.1.1.1. Log collection
复制链接链接已复制到粘贴板!
- With this release, the Vector collector has been updated to be based on Vector version 0.47.0. (LOG-7166)
- With this release, the permissions required by the Red Hat OpenShift Logging Operator have been reduced to only those required for deploying the log collector. Permissions for functions that are no longer supported by the operator have been removed. (LOG-7473)
-
This release provides changes to log collector deployments to promote Technology Preview configuration options introduced in LOG-7196 to General Availability. The change enables caching of kube API server calls and introduces a
ClusterLogForwarderfield to tune collector rollout strategy. Administrators managing clusters with large numbers of nodes can now modify the collector upgrade behavior so that the collector requests do not overwhelm the Kubernetes API server. You can control the behavior by settingMaxUnavailablefield for collectors during upgrade.(LOG-7587) - With this release, an alert has been added to notify administrators of deprecated features that will be removed in future releases. As a result, you can make adjustments as needed. (LOG-7596)
-
With this release, you can forward logs to AWS S3-compatible services using a new
s3output type. The output supports custom endpoints and multiple authentication methods. It also provides flexible options for log organization that you can configure with dynamic key prefix templating, and tuning of log compression and batching. (LOG-7683) - With this release, cross-account log forwarding is available for both CloudWatch and S3 outputs using the AWS AssumeRole functionality. This feature enables centralized logging by using a secure, two-step authentication process. By doing so, it upholds the principle of least privilege and maintains strong security boundaries, promoting a clear separation of concerns in the target account. (LOG-7687)
-
With this release, Red Hat OpenShift Logging Operator optionally provides permissive
NetworkPolicyresources to override any restrictive network policies present in an OpenShift Container Platform cluster. For more information, see Network policies to override restrictive network in a cluster.
1.1.1.2. Log storage
复制链接链接已复制到粘贴板!
- With this release, a new alert has been added to the LokiStack to inform users if LokiStack components have not reached the ready state. (LOG-5470)
- With this release, the statistics page has been improved to help users better understand the performance of a query. (LOG-7746)
- With this release, Loki Operator can deploy and manage a set of network policies that restrict the communications to and from the Loki components to enhance security. For more information, see Loki network policies for added security.
1.1.2. Technology preview features
复制链接链接已复制到粘贴板!
Important
The OpenTelemetry Protocol (OTLP) output log forwarder is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.
1.1.3. Bug fixes
复制链接链接已复制到粘贴板!
-
Before this update, the sample code for creating an
AlertingRuleresource in the web user interface did not contain all the description annotations. With this update, the missing description annotation have been added. (LOG-6782) - Before this update, the Red Hat OpenShift Logging Operator generated configuration that did not account for unmatched log events, and produced a warning message when the collector started. With this update, unmatched log events are accounted for and an error alert is produced if unmatched messages are detected. The warning message has been removed. (LOG-6807)
-
Before this update, user action of generating an info-level log message containing the keyword
errorwas incorrectly highlighted as errors in the OpenShift Container Platform web console. With this update, the web console no longer highlights info-level logs containing theerrorkeyword as errors. (LOG-7222) -
Before this update, the
clusterLogForwarderAPI did not validate the URL scheme for Kafka outputs. This could cause users to configure a Kafka output with an invalid URL that was missing the requiredtcp://ortls://prefix, leading to a silent failure where logs were not forwarded as expected. With this update, new validation has been added to the API. The clusterLogForwarder now rejects configurations with a Kafka URL that does not have a tcp or tls scheme, preventing the misconfiguration and ensuring logs can be forwarded successfully. (LOG-7340) -
Before this update, the
vector_buffer_byte_sizeandvector_buffer_eventsmetrics incorrectly reported negative values under certain system load and timing conditions. This led to unreliable monitoring, potentially masking buffer issues. With this update, a concurrent, centralized state tracker ensures that these metrics are always reported as non-negative values. This ensures that the metrics correctly report buffer sizes helping with accurate monitoring. (LOG-7436) -
Before this fix, Vector could not recover from silently closed TCP connections. With this update, Vector uses
keepaliveprobes to detect and automatically re-establish unresponsive TCP connections. (LOG-7502) -
Before this update, the
ClusterLogForwarderAPI required the URL for OTLP endpoints to terminate withv1/logs. With this update, this requirement has been relaxed to allow any URL that specifies anhttporhttpsprotocol. (LOG-7582) -
Before this update, any request that exceeded a Kafka broker’s
message.max.sizevalue would be rejected because the collector’s tuning did not correctly set an allowable producer configuration. With this update, you can set the collector’s kafka client configuration to allow message sizes that are equal to or smaller than theMaxSizevalue. (LOG-7608) -
Before this update, the prune filter failed to remove the
.openshift.sequencefield from the log record. With this update, the field is correctly pruned from the log record. (LOG-7620) -
Before this update, the prune filter failed to remove the
.kubernetes.container_iostreamfield from the log record. With this fix, the field is now correctly pruned from the log record. (LOG-7622)
1.1.4. Deprecation notice
复制链接链接已复制到粘贴板!
In this release, the 'observability.openshift.io/max-unavailable-rollout' annotation is deprecated and will be removed in a future release. The annotation has been replaced by the spec.collector.maxUnavailable field in the ClusterLogForwarder resource. For more information, see Configuring pod rollout strategy.
1.1.5. Removal notice
复制链接链接已复制到粘贴板!
In this release, the observability.openshift.io/use-apiserver-cache annotation has been removed. With this release, kube-api caching is now always enabled. For more information, see Configuring pod rollout strategy.
1.1.6. Known issues
复制链接链接已复制到粘贴板!
- When network policies are enabled in Loki Operator and a S3-compatible object storage, for example Minio or Red Hat OpenShift Data Foundation (ODF), is used, the network policies do not allow access to the object storage. (LOG-8075)
- When network policies are enabled in Loki Operator and Swift is used as an object storage, the network policies do not allow access to the object storage. (LOG-8083)
- When network policies are enabled in Loki Operator and a cluster-wide proxy is configured, the network policies do not allow access to object storage. (LOG-8084)
-
When network policies are enabled in Red Hat OpenShift Logging Operator and the Loki output is used without specifying a port in the
urlfield, the egress network policy is created with the wrong port number. (LOG-8091) - When network policies are enabled in Red Hat OpenShift Logging Operator and an HTTP output is used together with an HTTP proxy, the egress network policy does not allow access to the HTTP proxy. (LOG-8109)
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}