-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.20.0
-
Quality / Stability / Reliability
-
False
-
-
None
-
Moderate
-
None
-
None
-
None
-
Rejected
-
Oddish Sprint 275, Pikachu Sprint 276, Quagsire Sprint 277, Rhydon Sprint 278
-
4
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
see similar bug OCPBUGS-57585
checked in 4.20.0-0.nightly-2025-07-20-021531, openshift-marketplace marketplace-operator-metrics endpoint 8081 port exposed all the information without any authorization
should implement proper authentication
$ oc -n openshift-marketplace get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES certified-operators-7btcn 1/1 Running 0 172m 10.128.0.226 ip-10-0-25-174.us-east-2.compute.internal <none> <none> community-operators-8wn9t 1/1 Running 0 4h18m 10.128.0.205 ip-10-0-25-174.us-east-2.compute.internal <none> <none> marketplace-operator-7cf9c8998f-9wg79 1/1 Running 0 11h 10.129.0.12 ip-10-0-77-233.us-east-2.compute.internal <none> <none> redhat-marketplace-sxfxk 1/1 Running 0 3h10m 10.130.0.95 ip-10-0-43-21.us-east-2.compute.internal <none> <none> redhat-operators-kl2df 1/1 Running 0 3h32m 10.130.0.93 ip-10-0-43-21.us-east-2.compute.internal <none> <none> $ oc -n openshift-marketplace get ep Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice NAME ENDPOINTS AGE certified-operators 10.128.0.226:50051 11h community-operators 10.128.0.205:50051 11h marketplace-operator-metrics 10.129.0.12:8081,10.129.0.12:8383 11h redhat-marketplace 10.130.0.95:50051 11h redhat-operators 10.130.0.93:50051 11h $ oc -n openshift-marketplace exec marketplace-operator-7cf9c8998f-9wg79 -- curl -k https://10.129.0.12:8081/metrics | head # HELP go_gc_duration_seconds A summary of the wall-time pause (stop-the-world) duration in garbage collection cycles. # TYPE go_gc_duration_seconds summary go_gc_duration_seconds{quantile="0"} 1.2806e-05 go_gc_duration_seconds{quantile="0.25"} 3.2796e-05 go_gc_duration_seconds{quantile="0.5"} 4.6059e-05 go_gc_duration_seconds{quantile="0.75"} 6.8716e-05 go_gc_duration_seconds{quantile="1"} 0.000933347 go_gc_duration_seconds_sum 2.429422671 go_gc_duration_seconds_count 32262 # HELP go_gc_gogc_percent Heap size target percentage configured by the user, otherwise 100. This value is set by the GOGC environment variable, and the runtime/debug.SetGCPercent function. Sourced from /gc/gogc:percent.
Version-Release number of selected component (if applicable):
$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.20.0-0.nightly-2025-07-20-021531 True False 11h Cluster version is 4.20.0-0.nightly-2025-07-20-021531
How reproducible:
always
Steps to Reproduce:
1. see descriptions
Actual results:
openshift-marketplace marketplace-operator-metrics endpoint 8081 port exposed all the information without any authorization
Expected results:
should be with authorization
Additional info:
the issue also exist in 4.19 and previous versions
When the bug is fixed, please remove it from this code snippet to avoid regression.
- is cloned by
-
OCPBUGS-60159 openshift-cluster-csi-drivers vmware-vsphere-csi-driver-operator-metrics endpoint 8445 port should return 401 instead 500
-
- ASSIGNED
-
-
OCPBUGS-60258 openshift-cluster-node-tuning-operator node-tuning-operator endpoint 60000 port should return 401 without auth
-
- Verified
-
- relates to
-
OCPBUGS-59768 openshift-operator-lifecycle-manager catalog-operator-metrics/olm-operator-metrics endpoints exposed all the information without any authorization
-
- POST
-