Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-11344

Alertmanager service accounts auto mount token

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Normal
    • 4.15.0
    • 4.14
    • Monitoring
    • None
    • MON Sprint 243
    • 1
    • No
    • False
    • Hide

      None

      Show
      None
    • NA
    • Release Note Not Required
    • In Progress

    Description

      Description of problem:

      The ServiceAccounts for both in-cluster and UWM alertmanager set autoMountServiceAccountToken: true
      This should be improved and set at the pod level. Hence this will require a change in prometheus-operator and its configuration of Alertmanager pods.

       

      A similar change for Prometheus pods was implemented in https://github.com/prometheus-operator/prometheus-operator/pull/4514. 

       

      https://github.com/openshift/cluster-monitoring-operator/blob/7702f6c7d6e1409dea9197e63dafcb0decbe60b9/assets/alertmanager-user-workload/service-account.yaml#L2

      https://github.com/openshift/cluster-monitoring-operator/blob/7702f6c7d6e1409dea9197e63dafcb0decbe60b9/assets/alertmanager/service-account.yaml#L2

      Attachments

        Activity

          People

            jfajersk@redhat.com Jan Fajerski
            jfajersk@redhat.com Jan Fajerski
            Junqi Zhao Junqi Zhao
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated: