Bug 1802434

Summary: Operator service monitor should specify a CA to ensure secure communication
Product: OpenShift Container Platform Reporter: Maru Newby <mnewby>
Component: Service CatalogAssignee: Maru Newby <mnewby>
Status: CLOSED ERRATA QA Contact: Fan Jia <jfan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.4   
Target Milestone: ---   
Target Release: 4.4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-04 11:36:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Maru Newby 2020-02-13 06:22:14 UTC 
The service monitor for the service cat apiserver operator is configured for insecure communication:

https://github.com/openshift/cluster-svcat-apiserver-operator/blob/master/manifests/0000_90_cluster-svcat-apiserver-operator_02-operator-servicemonitor.yaml#L18
Comment 2 Fan Jia 2020-02-17 00:48:45 UTC 
test env:
cv:4.4.0-0.nightly-2020-02-15-201600
test result:
# oc get ServiceMonitor openshift-service-catalog-apiserver-operator -o yaml
spec:
  endpoints:
    tlsConfig:
      caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt

The function about service catalog is all ok.
Comment 4 errata-xmlrpc 2020-05-04 11:36:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581