Loading...

XML

Word

Printable

Type: Task
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Story Points:
1
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
oauth-proxy-replacement-post-ga
Docs QE Status:
NEW
QE Status:
NEW
Intelligence Requested:
Market:

Sprint:
MON Sprint 253, MON Sprint 254

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

After we have replaced all oauth-proxy occurrences in the monitoring stack, we need to make sure that all references to oauth-proxy are removed from the cluster monitoring operator. Examples:

https://github.com/openshift/cluster-monitoring-operator/blob/1bbf0f0a3a8f9a5227077df683b908b69a9ac26b/pkg/manifests/config.go#L137
https://github.com/openshift/cluster-monitoring-operator/blob/1bbf0f0a3a8f9a5227077df683b908b69a9ac26b/manifests/image-references#L33-L36
https://github.com/openshift/cluster-monitoring-operator/blob/1bbf0f0a3a8f9a5227077df683b908b69a9ac26b/jsonnet/main.jsonnet#L74
Because oauth-proxy couldn't live-reload the trusted CA bundles, CMO had to generate "hashed" configmaps (e.g. alertmanager-trusted-ca-bundle-xxx) and mount them into Alertmanager, Prometheus, ... While the pods still need the trusted CA bundle for remote write, webhooks and so on, these "hashed" configmaps aren't needed anymore since components use the trusted CA bundle configmaps generated by the service CA operator.

depends on

MON-3380 Replace oauth-proxy container with kube-rbac-proxy in Prometheus pod

Closed

MON-3381 Replace oauth-proxy container with kube-rbac-proxy in Alertmanager pods

Closed

MON-3700 Replace oauth-proxy container with kube-rbac-proxy in ThanosRuler

Closed

MON-3379 Replace OAuth-proxy container with kube-rbac-proxy in Thanos-Querier pod

Closed

links to

openshift/cluster-monitoring-operator#2308: MON-3701: remove references to OAuth proxy

openshift/cluster-monitoring-operator#2310: MON-3701: clean-up injection of trusted CA bundle for main Alertmanager

openshift/cluster-monitoring-operator#2323: MON-3701: clean-up injection of trusted CA bundle for k8s Prometheus

openshift/cluster-monitoring-operator#2324: MON-3701: follow-up of PR #2308

openshift/cluster-monitoring-operator#2325: MON-3701: remove trusted CA bundle from Thanos Querier

openshift/cluster-monitoring-operator#2360: MON-3701: clean-up tests

openshift/cluster-monitoring-operator#2361: MON-3701: clean-up injection of CA bundle for user Alertmanager

openshift/cluster-monitoring-operator#2362: MON-3701: clean-up injection of CA bundle for user Prometheus

(7 links to)

Assignee:: Simon Pasquier

Reporter:: Simon Pasquier

Contributors:: Daniel Mellado Area, Jan Fajerski

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2024/02/01 3:49 PM

Updated:: 2024/05/29 12:40 PM

Resolved:: 2024/05/29 12:40 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates