Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-33645

"alertmanager-trusted-ca-bundle configmap not injected in alertmanager-user-workload pods

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • 4.17.0
    • 4.15.z
    • Monitoring
    • Moderate
    • No
    • MON Sprint 254
    • 1
    • False
    • Hide

      None

      Show
      None
    • Hide
      Before this update, the trusted CA bundle configmap was not injected into the user-defined Alertmanager container, which prevented verification of HTTPS web servers receiving alert notifications. With this update, the trusted CA bundle configmap is mounted into the Alertmanager container at /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem.
      Show
      Before this update, the trusted CA bundle configmap was not injected into the user-defined Alertmanager container, which prevented verification of HTTPS web servers receiving alert notifications. With this update, the trusted CA bundle configmap is mounted into the Alertmanager container at /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem.
    • Bug Fix
    • In Progress

      Description of problem:

      After enabling separate alertmanager instance for user-defined alert routing, the alertmanager-user-workload pods are initialized but the configmap alertmanager-trusted-ca-bundle is not injected in the pods.
[-] https://docs.openshift.com/container-platform/4.15/observability/monitoring/enabling-alert-routing-for-user-defined-projects.html#enabling-a-separate-alertmanager-instance-for-user-defined-alert-routing_enabling-alert-routing-for-user-defined-projects

      Version-Release number of selected component (if applicable):

      RHOCP 4.13, 4.14 and 4.15

      How reproducible:

      100%

      Steps to Reproduce:

      1. Enable user-workload monitoring using[a]
2. Enable separate alertmanager instance for user-defined alert routing using [b]
3. Check if alertmanager-trusted-ca-bundle configmap is injected in alertmanager-user-workload pods which are running in openshift-user-workload-monitoring project.
$ oc describe pod alertmanager-user-workload-0 -n openshift-user-workload-monitoring | grep alertmanager-trusted-ca-bundle

[a] https://docs.openshift.com/container-platform/4.15/observability/monitoring/enabling-monitoring-for-user-defined-projects.html#enabling-monitoring-for-user-defined-projects_enabling-monitoring-for-user-defined-projects

[b] https://docs.openshift.com/container-platform/4.15/observability/monitoring/enabling-alert-routing-for-user-defined-projects.html#enabling-a-separate-alertmanager-instance-for-user-defined-alert-routing_enabling-alert-routing-for-user-defined-projects

      Actual results:

      alertmanager-user-workload pods are NOT injected with alertmanager-trusted-ca-bundle configmap.

      Expected results:

      alertmanager-user-workload pods should be injected with alertmanager-trusted-ca-bundle configmap.

      Additional info:

      Similar configmap is injected fine in alertmanager-main pods which are running in openshift-monitoring project.

            spasquie@redhat.com Simon Pasquier
            rhn-support-dgautam Dhruv Gautam
            Junqi Zhao Junqi Zhao
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: