Uploaded image for project: 'Cluster Observability Operator'
  1. Cluster Observability Operator
  2. COO-1493

Prometheus and alertmanager pod failed to be created when monitoringstack with createClusterRoleBindings: NoClusterRoleBindings

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • 1.4.0 RC
    • 1.3.1
    • monitoring-stack
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Critical
    • None
    • None
    • None
    • None
    • None
    • None

      Install coo 1.3.1 
      Create monitoringstack with createClusterRoleBindings: NoClusterRoleBindings, refer attached ms.yaml
      monitoringstack created and reconciled, prometheus and alertmanager pod failed to be created
      No error in logs of pod observability-operator and obo-prometheus-operator

      Create default monitoringstack and change createClusterRoleBindings as NoClusterRoleBindings, no such issue

      hongyli@hongyli-mac observability-operator % oc -n e2e-tests2 get pod
No resources found in e2e-tests2 namespace.
hongyli@hongyli-mac observability-operator % oc -n e2e-tests2 get monitoringstack 
NAME            AGE
crb-no-policy   5h8m
hongyli@hongyli-mac observability-operator % oc -n e2e-tests2 get monitoringstack crb-no-policy -oyaml apiVersion: monitoring.rhobs/v1alpha1
kind: MonitoringStack
metadata:
  creationTimestamp: "2026-01-13T06:10:43Z"
  finalizers:
  - monitoring.observability.openshift.io/finalizer
  generation: 1
  name: crb-no-policy
  namespace: e2e-tests2
  resourceVersion: "41456"
  uid: 96b000e4-0024-4ece-9511-6a476a682a0b
spec:
  alertmanagerConfig:
    disabled: false
    replicas: 2
  createClusterRoleBindings: NoClusterRoleBindings
  logLevel: info
  namespaceSelector:
    matchLabels:
      monitoring.rhobs/stack: crb-no-policy
  prometheusConfig:
    replicas: 2
  resourceSelector: {}
  resources: {}
  retention: 120h
status:
  conditions:
  - lastTransitionTime: "2026-01-13T06:14:34Z"
    message: Resource discovery is operational
    observedGeneration: 1
    reason: None
    status: "True"
    type: ResourceDiscovery
  - lastTransitionTime: "2026-01-13T06:14:34Z"
    message: ""
    reason: PrometheusNotAvailable
    status: "False"
    type: Available
  - lastTransitionTime: "2026-01-13T06:14:34Z"
    message: Monitoring Stack is successfully reconciled
    observedGeneration: 1
    reason: MonitoringStackReconciled
    status: "True"
    type: Reconciled

      logs of prometheus operator

      % oc logs obo-prometheus-operator-76f4457fcc-4fbcq 
......
ts=2026-01-13T06:10:43.628152436Z level=info caller=/workspace/pkg/prometheus/server/operator.go:855 msg="sync prometheus" component=prometheus-controller key=e2e-tests/crb-no-policy
ts=2026-01-13T06:10:43.827694299Z level=info caller=/cachi2/output/deps/gomod/pkg/mod/k8s.io/client-go@v0.34.2/rest/warnings.go:110 msg="Warning: would violate PodSecurity \"restricted:latest\": seccompProfile (pod or containers \"init-config-reloader\", \"prometheus\", \"config-reloader\", \"thanos-sidecar\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"
ts=2026-01-13T06:10:43.827878695Z level=info caller=/workspace/pkg/prometheus/server/operator.go:855 msg="sync prometheus" component=prometheus-controller key=e2e-tests/crb-no-policy
ts=2026-01-13T06:10:43.930806576Z level=info caller=/workspace/pkg/alertmanager/operator.go:612 msg="sync alertmanager" component=alertmanager-controller key=e2e-tests/crb-no-policy
ts=2026-01-13T06:10:43.952824059Z level=info caller=/workspace/pkg/alertmanager/operator.go:859 msg="config secret not found, using default Alertmanager configuration" component=alertmanager-controller alertmanager=crb-no-policy namespace=e2e-tests secret=alertmanager-crb-no-policy
ts=2026-01-13T06:10:44.133231977Z level=info caller=/workspace/pkg/alertmanager/operator.go:731 msg="StatefulSet not found" component=alertmanager-controller key=e2e-tests/alertmanager-crb-no-policy
ts=2026-01-13T06:10:44.14653022Z level=info caller=/cachi2/output/deps/gomod/pkg/mod/k8s.io/client-go@v0.34.2/rest/warnings.go:110 msg="Warning: would violate PodSecurity \"restricted:latest\": seccompProfile (pod or containers \"init-config-reloader\", \"prometheus\", \"config-reloader\", \"thanos-sidecar\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"
ts=2026-01-13T06:10:44.147566846Z level=info caller=/workspace/pkg/prometheus/server/operator.go:855 msg="sync prometheus" component=prometheus-controller key=e2e-tests/crb-no-policy
ts=2026-01-13T06:10:44.228349474Z level=info caller=/cachi2/output/deps/gomod/pkg/mod/k8s.io/client-go@v0.34.2/rest/warnings.go:110 msg="Warning: would violate PodSecurity \"restricted:latest\": seccompProfile (pod or containers \"init-config-reloader\", \"alertmanager\", \"config-reloader\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"
ts=2026-01-13T06:10:44.228701125Z level=info caller=/workspace/pkg/alertmanager/operator.go:612 msg="sync alertmanager" component=alertmanager-controller key=e2e-tests/crb-no-policy
ts=2026-01-13T06:10:44.229075024Z level=info caller=/workspace/pkg/alertmanager/operator.go:731 msg="StatefulSet not found" component=alertmanager-controller key=e2e-tests/alertmanager-crb-no-policy
ts=2026-01-13T06:10:44.233715456Z level=info caller=/workspace/pkg/alertmanager/operator.go:859 msg="config secret not found, using default Alertmanager configuration" component=alertmanager-controller alertmanager=crb-no-policy namespace=e2e-tests secret=alertmanager-crb-no-policy
ts=2026-01-13T06:10:44.490940677Z level=info caller=/cachi2/output/deps/gomod/pkg/mod/k8s.io/client-go@v0.34.2/rest/warnings.go:110 msg="Warning: would violate PodSecurity \"restricted:latest\": seccompProfile (pod or containers \"init-config-reloader\", \"alertmanager\", \"config-reloader\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"
ts=2026-01-13T06:10:44.491188963Z level=info caller=/workspace/pkg/alertmanager/operator.go:612 msg="sync alertmanager" component=alertmanager-controller key=e2e-tests/crb-no-policy
ts=2026-01-13T06:10:44.52537029Z level=info caller=/workspace/pkg/alertmanager/operator.go:859 msg="config secret not found, using default Alertmanager configuration" component=alertmanager-controller alertmanager=crb-no-policy namespace=e2e-tests secret=alertmanager-crb-no-policy
ts=2026-01-13T06:10:44.686453966Z level=info caller=/workspace/pkg/alertmanager/operator.go:612 msg="sync alertmanager" component=alertmanager-controller key=e2e-tests/crb-no-policy
ts=2026-01-13T06:10:44.691398093Z level=info caller=/workspace/pkg/alertmanager/operator.go:859 msg="config secret not found, using default Alertmanager configuration" component=alertmanager-controller alertmanager=crb-no-policy namespace=e2e-tests secret=alertmanager-crb-no-policy

        1. ms.yaml
          0.4 kB

              jfajersk@redhat.com Jan Fajerski
              hongyli@redhat.com Hongyan Li
              None
              None
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: