Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-9087

Unable to enable observability feature for acm with tls configured

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • Critical
    • No

      Description of problem:

      While trying to enable the observability add-on for RedHat Advanced Cluster Management (RHACM) with TLS configured I have experienced a few different issues. I tried three different tests below and each one resulted in similar problem.
      Test 1:  Use a secret for the CA cert and a separate secret for the thanos-object-storage.yaml.   

steps to reproduce:
1. Create a secret that contains the CA to communicate with the S3 object.
2. Create thanos-object-storage.yaml
apiVersion: v1
kind: Secret
metadata:
  name: thanos-object-storage
  namespace: open-cluster-management-observability
type: Opaque
stringData:
  thanos.yaml: |
    type: s3
    config:
      bucket: bucketname
      endpoint: endpoint
      insecure: false
      access_key: <key>
      secret_key: <key> 

3. Once this is created apply the following yaml file
apiVersion: observability.open-cluster-management.io/v1beta2
kind: MultiClusterObservability
metadata:
  name: observability
spec:
  observabilityAddonSpec: {}
  storageConfig:
    metricObjectStorage:
      name: thanos-object-storage
      key: thanos.yaml
4. check pods to see if grafana pods come up (they should not be working due to lack of secrets) 
      Test 2: Include CA cert in the same thanos-object-storage.yaml file  

steps to reproduce:
1. Create a secret using your CA cert
2. edit the secret to include the access information needed to reach your S3 object
3. Apply the following yaml file with additional field (tlsSecretName=<edited_ca_secret>)
apiVersion: observability.open-cluster-management.io/v1beta2
kind: MultiClusterObservability
metadata:
  name: observability
spec:
  observabilityAddonSpec: {}
  storageConfig:
    metricObjectStorage:
      name: thanos-object-storage
      key: thanos.yaml
      tlsSecretName: <edited_ca_secret>
4. Check pods (all should be up)
5. Check observability instance (it is stuck installing because it cannot find the "thanos-object-storage" secret)
      Test 3: Change name of tlsSecretName to match "thanos-object-storage" because in test 2 it could not find the secret.

steps to reproduce:
1. Create a secret called "thanos-object-storage" using your CA cert 
2. edit the secret to include the access information needed to reach your S3 object
3. Apply the following yaml file with additional field (tlsSecretName=thanos-object-storage)
apiVersion: observability.open-cluster-management.io/v1beta2
kind: MultiClusterObservability
metadata:
  name: observability
spec:
  observabilityAddonSpec: {}
  storageConfig:
    metricObjectStorage:
      name: thanos-object-storage
      key: thanos.yaml
      tlsSecretName: thanos-object-storage
4. Check pods to see if grafana pods come up (they should not be working due to lack of secrets)

      Version-Release number of selected component (if applicable):

      ocp 4.12.17
rhacm 2.8.4

      How reproducible:

      Consistently

      Actual results:

      unable to find secret thanos-object-storage

      Expected results:

      Feature becomes enabled and usable

      Additional info:

              rh-ee-doolivei Douglas Camata (Inactive)
              zcast Zechariah Castillo (Inactive)
              Zechariah Castillo (Inactive)
              Xiang Yin Xiang Yin
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: