Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-62858

HyperShift ServiceMonitor mTLS auth for cluster-version-operator metrics

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 4.18.z, 4.19.z
    • Cluster Version Operator
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Important
    • None
    • Rejected
    • OTA 278
    • 1
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      When installing a 4.18 or 4.19 cluster in ROSA HCP, metrics scraping of the cluster-version-operator fails. It is failing because CVO requires bearer token based authentication of the /metrics endpoint now. I've spun this ticket out of OCPBUGS-62851, to track a new --serving-client-certificate-authorities-file CVO option that would allow HyperShift to pass the CVO a list of trusted client-signing CAs, to match the approach they already use for other ServiceMonitors.

      Version-Release number of selected component

      4.20, 4.19.9 and later, and 4.18.23 and later.

      How reproducible

      Every time

      Steps to Reproduce

      1. Install the latest 4.18 or 4.19 cluster
      2. Check the openshift-observability-operator stack looking for cluster_operator_up, cluster_version, or other CVO-served metrics.

      Actual results

      Target scraping failing with 401s.

      Expected results

      Successfully-scraped CVO metrics like cluster_operator_up.

              trking W. Trevor King
              jbranham.openshift Josh Branham
              None
              None
              XiuJuan Wang XiuJuan Wang
              None
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: