Uploaded image for project: 'Cluster Observability Operator'
  1. Cluster Observability Operator
  2. COO-534

SA prometheus-k8s is forbidden to watch and list *v1.Pod

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • 1.0.0
    • operator
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • None

      Install COO with latest upstream image to namespace openshift-operators and added label, prometheus-k8s failed to find the target for no permission

      % oc label ns openshift-operators openshift.io/cluster-monitoring=true
% oc -n openshift-monitoring logs prometheus-k8s-0
......
ts=2024-11-13T11:54:59.798Z caller=klog.go:108 level=warn component=k8s_client_runtime func=Warningf msg="github.com/prometheus/prometheus/discovery/kubernetes/kubernetes.go:556: failed to list *v1.Pod: pods is forbidden: User \"system:serviceaccount:openshift-monitoring:prometheus-k8s\" cannot list resource \"pods\" in API group \"\" in the namespace \"openshift-operators\""
ts=2024-11-13T11:54:59.798Z caller=klog.go:116 level=error component=k8s_client_runtime func=ErrorDepth msg="github.com/prometheus/prometheus/discovery/kubernetes/kubernetes.go:556: Failed to watch *v1.Pod: failed to list *v1.Pod: pods is forbidden: User \"system:serviceaccount:openshift-monitoring:prometheus-k8s\" cannot list resource \"pods\" in API group \"\" in the namespace \"openshift-operators\""

              jfajersk@redhat.com Jan Fajerski
              hongyli@redhat.com Hongyan Li
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: