Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-34530

"alertmanager-trusted-ca-bundle configmap not injected in alertmanager-user-workload pods

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • 4.16.z
    • 4.15.z
    • Monitoring
    • Moderate
    • No
    • MON Sprint 255
    • 1
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, the `alertmanager-trusted-ca-bundle` configmap was not injected into the user-defined Alertmanager container, which prevented the verification of HTTPS web servers receiving alert notifications. With this update, the trusted CA bundle configmap is mounted into the Alertmanager container at the `/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem` path. (link:https://issues.redhat.com/browse/OCPBUGS-34530[*OCPBUGS-34530*])
      Show
      * Previously, the `alertmanager-trusted-ca-bundle` configmap was not injected into the user-defined Alertmanager container, which prevented the verification of HTTPS web servers receiving alert notifications. With this update, the trusted CA bundle configmap is mounted into the Alertmanager container at the `/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem` path. (link: https://issues.redhat.com/browse/OCPBUGS-34530 [* OCPBUGS-34530 *])
    • Bug Fix
    • Done

      This is a clone of issue OCPBUGS-33645. The following is the description of the original issue:

      Description of problem:

      After enabling separate alertmanager instance for user-defined alert routing, the alertmanager-user-workload pods are initialized but the configmap alertmanager-trusted-ca-bundle is not injected in the pods.
[-] https://docs.openshift.com/container-platform/4.15/observability/monitoring/enabling-alert-routing-for-user-defined-projects.html#enabling-a-separate-alertmanager-instance-for-user-defined-alert-routing_enabling-alert-routing-for-user-defined-projects

      Version-Release number of selected component (if applicable):

      RHOCP 4.13, 4.14 and 4.15

      How reproducible:

      100%

      Steps to Reproduce:

      1. Enable user-workload monitoring using[a]
2. Enable separate alertmanager instance for user-defined alert routing using [b]
3. Check if alertmanager-trusted-ca-bundle configmap is injected in alertmanager-user-workload pods which are running in openshift-user-workload-monitoring project.
$ oc describe pod alertmanager-user-workload-0 -n openshift-user-workload-monitoring | grep alertmanager-trusted-ca-bundle

[a] https://docs.openshift.com/container-platform/4.15/observability/monitoring/enabling-monitoring-for-user-defined-projects.html#enabling-monitoring-for-user-defined-projects_enabling-monitoring-for-user-defined-projects

[b] https://docs.openshift.com/container-platform/4.15/observability/monitoring/enabling-alert-routing-for-user-defined-projects.html#enabling-a-separate-alertmanager-instance-for-user-defined-alert-routing_enabling-alert-routing-for-user-defined-projects

      Actual results:

      alertmanager-user-workload pods are NOT injected with alertmanager-trusted-ca-bundle configmap.

      Expected results:

      alertmanager-user-workload pods should be injected with alertmanager-trusted-ca-bundle configmap.

      Additional info:

      Similar configmap is injected fine in alertmanager-main pods which are running in openshift-monitoring project.

            spasquie@redhat.com Simon Pasquier
            openshift-crt-jira-prow OpenShift Prow Bot
            Junqi Zhao Junqi Zhao
            Eliska Romanova Eliska Romanova
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: