Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-36312

"alertmanager-trusted-ca-bundle configmap not injected in alertmanager-user-workload pods

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • 4.15.z
    • 4.15.z
    • Monitoring
    • Moderate
    • No
    • MON Sprint 255
    • 1
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, the `alertmanager-trusted-ca-bundle` config map was not injected into the user-defined Alertmanager container, which prevented the verification of HTTPS web servers receiving alert notifications. With this update, the trusted CA bundle config map is mounted into the Alertmanager container at the `/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem` path. (link:https://issues.redhat.com/browse/OCPBUGS-34530[*OCPBUGS-34530*])
      Show
      * Previously, the `alertmanager-trusted-ca-bundle` config map was not injected into the user-defined Alertmanager container, which prevented the verification of HTTPS web servers receiving alert notifications. With this update, the trusted CA bundle config map is mounted into the Alertmanager container at the `/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem` path. (link: https://issues.redhat.com/browse/OCPBUGS-34530 [* OCPBUGS-34530 *])
    • Bug Fix
    • Done

      This is a clone of issue OCPBUGS-34530. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-33645. The following is the description of the original issue:

      Description of problem:

      After enabling separate alertmanager instance for user-defined alert routing, the alertmanager-user-workload pods are initialized but the configmap alertmanager-trusted-ca-bundle is not injected in the pods.
[-] https://docs.openshift.com/container-platform/4.15/observability/monitoring/enabling-alert-routing-for-user-defined-projects.html#enabling-a-separate-alertmanager-instance-for-user-defined-alert-routing_enabling-alert-routing-for-user-defined-projects

      Version-Release number of selected component (if applicable):

      RHOCP 4.13, 4.14 and 4.15

      How reproducible:

      100%

      Steps to Reproduce:

      1. Enable user-workload monitoring using[a]
2. Enable separate alertmanager instance for user-defined alert routing using [b]
3. Check if alertmanager-trusted-ca-bundle configmap is injected in alertmanager-user-workload pods which are running in openshift-user-workload-monitoring project.
$ oc describe pod alertmanager-user-workload-0 -n openshift-user-workload-monitoring | grep alertmanager-trusted-ca-bundle

[a] https://docs.openshift.com/container-platform/4.15/observability/monitoring/enabling-monitoring-for-user-defined-projects.html#enabling-monitoring-for-user-defined-projects_enabling-monitoring-for-user-defined-projects

[b] https://docs.openshift.com/container-platform/4.15/observability/monitoring/enabling-alert-routing-for-user-defined-projects.html#enabling-a-separate-alertmanager-instance-for-user-defined-alert-routing_enabling-alert-routing-for-user-defined-projects

      Actual results:

      alertmanager-user-workload pods are NOT injected with alertmanager-trusted-ca-bundle configmap.

      Expected results:

      alertmanager-user-workload pods should be injected with alertmanager-trusted-ca-bundle configmap.

      Additional info:

      Similar configmap is injected fine in alertmanager-main pods which are running in openshift-monitoring project.

            spasquie@redhat.com Simon Pasquier
            openshift-crt-jira-prow OpenShift Prow Bot
            Junqi Zhao Junqi Zhao
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: