Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: 4.17.z, 4.18.z, 4.19.z, 4.20.0
Component/s: Management Console
Labels:

Work Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Important
Regression:
None

Target Backport Versions:
None
Target Version:

4.20.0
Release Blocker:
None
Sprint:
None

RH Private Keywords:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Priority Data:
PX Impact Score:

Release Note Status:
In Progress
Release Note Type:
Bug Fix
Release Note Text:

Hide
The "/metrics" endpoint was not correctly parsing a bearer token from the authorization header on internal prometheus scrape requests, which caused TokenReviews to fail and and all of these requests to be denied with a 401 response. This triggered a TargetDown alert for the console metrics endpoint. The metrics endpoint handler was updated to correctly parse a bearer token from the authorization header for TokenReview. This made the TokenReview step behave as expected, and resolved the TargetDown alert.

Show
The "/metrics" endpoint was not correctly parsing a bearer token from the authorization header on internal prometheus scrape requests, which caused TokenReviews to fail and and all of these requests to be denied with a 401 response. This triggered a TargetDown alert for the console metrics endpoint. The metrics endpoint handler was updated to correctly parse a bearer token from the authorization header for TokenReview. This made the TokenReview step behave as expected, and resolved the TargetDown alert.

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

   After installing 4.18.12 Customers see a TargetDown alert with the message 100% of the console/console targets in openshift-console namespace have been unreachable for more than 15 minutes.

In the console pod we are the seeing the following error: 

E0513 03:56:37.281535       1 middleware.go:51] TOKEN_REVIEW: 'GET /metrics' unauthorized, invalid user token, [invalid bearer token, token lookup failed]

Version-Release number of selected component (if applicable):

4.19.0
4.18.12 / 4.18.13 / 4.18.14 / 4.18.15 / 4.18.16 / 4.18.17
4.17.29 / 4.17.30 / 4.17.31 / 4.17.32 / 4.17.33 / 4.17.34

How reproducible:

    Everytime.

Steps to Reproduce:

    1. Install or upgrade to any of the listed versions above.
    2. Review active Alerts and Console Pod Logs

Potentially related to:

https://issues.redhat.com/browse/OCPBUGS-45369

https://github.com/openshift/console/pull/14664

blocks

OCPBUGS-57180 TargetDown Alert and TOKEN_REVIEW: 'GET /metrics' unauthorized, invalid user token in console pod logs

Closed

is blocked by

CONSOLE-4632 Impact statement request for OCPBUGS-56148 TargetDown Alert and TOKEN_REVIEW: 'GET /metrics' unauthorized, invalid user token in console pod logs

Closed

is cloned by

OCPBUGS-57180 TargetDown Alert and TOKEN_REVIEW: 'GET /metrics' unauthorized, invalid user token in console pod logs

Closed

is duplicated by

OCPBUGS-54181 [4.19/4.20] openshift-console targets are down for "server returned HTTP status 401 Unauthorized"

Closed

links to

KCS 7119912 - TargetDown for console/console after installing OpenShift Container Platform 4.17 or 4.18

openshift/console#15127: [WIP] OCPBUGS-56148: Fix '/metrics' endpoint token review to handle interna…

(1 links to)

Assignee:: Jon Jackson

Reporter:: Morgan Peterman

Need Info From:: None

Contributors:: None

QA Contact:: Sanket Pathak

Doc Contact:: None

Votes:: 32 Vote for this issue

Watchers:: 71 Start watching this issue

Created:: 2025/05/13 9:54 PM

Updated:: 2025/07/09 7:26 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates