Skip to content

Inability to use a private VPC S3 endpoint with Loki #19243

New issue
New issue
Open
#19247
Open
Inability to use a private VPC S3 endpoint with Loki#19243
#19247
Labels
cloudstorage/s3sig/operator
@averi

Description

@averi
averi
opened on Sep 19, 2025

Describe the bug

When configuring Loki 6.2 in Openshift using the Loki operator a secret has to be created to contain AWS credentials for S3, one of the fields is endpoint, as soon as you specify a private VPC S3 endpoint the operator fails to reconcile with:

  message: 'Invalid object storage secret contents: endpoint for AWS S3 must include
    correct region: https://s3.us-east-1.amazonaws.com'

To Reproduce

Steps to reproduce the behavior:

  1. Create a LokiStack resource which contains:
    secret:
    name: logging-loki-s3
    type: s3
  2. In the OCP secret itself use a private VPC S3 endpoint such as https://bucket.vpce-*-us-east-1c.s3.us-east-1.vpce.amazonaws.com
  3. oc get lokistacks.loki.grafana.com -o yaml, notice the aforementioned error, operator won't reconcile

Expected behavior

Ability to specify a private VPC S3 endpoint.

Environment:

  • Infrastructure: Openshift 4.18 in AWS
  • Deployment tool: Loki operator

Metadata

Metadata

Assignees

No one assigned

    Labels

    cloudstorage/s3sig/operator

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions