Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-23483

Silencing of Alert in Developer Console not working until OpenShift Container Platform 4.14

XMLWordPrintable

    • Important
    • No
    • Rejected
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      Setting up and configure User Workload Monitoring according to https://docs.openshift.com/container-platform/4.13/monitoring/enabling-monitoring-for-user-defined-projects.html works as expected. Yet when trying to silence an alert a "Forbidden" message is being reported.

$ oc get clusterversion
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.13.0-0.nightly-2023-09-23-231516   True        False         2m20s   Cluster version is 4.13.0-0.nightly-2023-09-23-231516

$ oc create secret generic htpass-secret --from-file=htpasswd=htpasswd -n openshift-config

$ bat aws-htpasswd-auth-provider.yaml
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
  name: cluster
spec:
  identityProviders:
  - name: my_htpasswd_provider 
    mappingMethod: claim 
    type: HTPasswd
    htpasswd:
      fileData:
        name: htpass-secret 

$ oc apply -f aws-htpasswd-auth-provider.yaml

$ bat /tmp/mon1.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: cluster-monitoring-config
  namespace: openshift-monitoring
data:
  config.yaml: |
    enableUserWorkload: true

$ oc apply -f /tmp/mon1.yaml

$ oc policy add-role-to-user monitoring-rules-edit user1 -n project-100
$ oc policy add-role-to-user monitoring-edit user1 -n project-100
$ oc policy add-role-to-user alert-routing-edit user1 -n project-100

$ bat /tmp/mon.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: user-workload-monitoring-config
  namespace: openshift-user-workload-monitoring
data:
  config.yaml: |
    alertmanager:
      enabled: true 
      enableAlertmanagerConfig: true

$ oc apply -f /tmp/mon.yaml

$ oc policy add-role-to-user cluster-monitoring-view user1 -n project-100
$ oc policy add-role-to-user monitoring-rules-edit user1 -n project-100

Deployment the sample from the documentation below
- https://docs.openshift.com/container-platform/4.13/monitoring/managing-metrics.html#deploying-a-sample-service_managing-metrics
- https://docs.openshift.com/container-platform/4.13/monitoring/managing-alerts.html#creating-alerting-rules-for-user-defined-projects_managing-alerts

Shows the steps executed and in the attached Screenshot, the error reported is being shown.

Doing the same with OpenShift Container Platform 4.14 it all works as expected and the user is able to silence the alert.

$ oc get clusterversion
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.14.0-0.nightly-2023-09-24-044110   True        False         66s     Cluster version is 4.14.0-0.nightly-2023-09-24-044110

$ oc create secret generic htpass-secret --from-file=htpasswd=htpasswd -n openshift-config

$ bat aws-htpasswd-auth-provider.yaml
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
  name: cluster
spec:
  identityProviders:
  - name: my_htpasswd_provider 
    mappingMethod: claim 
    type: HTPasswd
    htpasswd:
      fileData:
        name: htpass-secret 

$ oc apply -f aws-htpasswd-auth-provider.yaml

$ bat /tmp/mon1.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: cluster-monitoring-config
  namespace: openshift-monitoring
data:
  config.yaml: |
    enableUserWorkload: true

$ oc apply -f /tmp/mon1.yaml

$ oc policy add-role-to-user monitoring-rules-edit user1 -n project-100
$ oc policy add-role-to-user monitoring-edit user1 -n project-100
$ oc policy add-role-to-user alert-routing-edit user1 -n project-100

$ bat /tmp/mon.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: user-workload-monitoring-config
  namespace: openshift-user-workload-monitoring
data:
  config.yaml: |
    alertmanager:
      enabled: true 
      enableAlertmanagerConfig: true

$ oc apply -f /tmp/mon.yaml

$ oc policy add-role-to-user cluster-monitoring-view user1 -n project-100
$ oc policy add-role-to-user monitoring-rules-edit user1 -n project-100

Deployment the sample from the documentation below
- https://docs.openshift.com/container-platform/4.13/monitoring/managing-metrics.html#deploying-a-sample-service_managing-metrics
- https://docs.openshift.com/container-platform/4.13/monitoring/managing-alerts.html#creating-alerting-rules-for-user-defined-projects_managing-alerts

Attached is the Screenshot, showing that silencing was working.

      Version-Release number of selected component (if applicable):

      - OpenShift Container Platform 4.13 and 4.12

      How reproducible:

      - Always

      Steps to Reproduce:

      1. Show problem description

      Actual results:

      In OpenShift Container Platform 4.13, when trying to silence an alert as project administrator, Forbidden message is reported and silencing is not working.

      Expected results:

      Behavior expected like in OpenShift Container Platform 4.14, where the project administrator is able to silence alert with the same setup.

      Additional info:

      Initial thinking was, that it may be related to https://issues.redhat.com/browse/OCPBUGS-17347 but given this is a different part of the OpenShift Container Platform 4 - Dev Console it's not really possible.

            viraj-1 Vikram Raj
            rhn-support-sreber Simon Reber
            Sanket Pathak Sanket Pathak
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: