Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-11344

Alertmanager service accounts auto mount token

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • 4.15.0
    • 4.14
    • Monitoring
    • None
    • No
    • MON Sprint 243
    • 1
    • False
    • Hide

      None

      Show
      None
    • NA
    • Release Note Not Required
    • In Progress

      Description of problem:

      The ServiceAccounts for both in-cluster and UWM alertmanager set autoMountServiceAccountToken: true
      This should be improved and set at the pod level. Hence this will require a change in prometheus-operator and its configuration of Alertmanager pods.

       

      A similar change for Prometheus pods was implemented in https://github.com/prometheus-operator/prometheus-operator/pull/4514. 

       

      https://github.com/openshift/cluster-monitoring-operator/blob/7702f6c7d6e1409dea9197e63dafcb0decbe60b9/assets/alertmanager-user-workload/service-account.yaml#L2

      https://github.com/openshift/cluster-monitoring-operator/blob/7702f6c7d6e1409dea9197e63dafcb0decbe60b9/assets/alertmanager/service-account.yaml#L2

              jfajersk@redhat.com Jan Fajerski
              jfajersk@redhat.com Jan Fajerski
              Junqi Zhao Junqi Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: