Bug 1806651

Summary: Logging operator should publish sharing-config configmap into openshift-config-managed namespace
Product: OpenShift Container Platform Reporter: Jakub Hadvig <jhadvig>
Component: LoggingAssignee: Periklis Tsirakidis <periklis>
Status: CLOSED WONTFIX QA Contact: Qiaoling Tang <qitang>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.4CC: anli, aos-bugs, bparees, bpeterse, periklis, qitang
Target Milestone: ---   
Target Release: 4.4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-02-28 18:04:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1803196    
Bug Blocks:    

Description Jakub Hadvig 2020-02-24 17:07:46 UTC 
This bug was initially created as a copy of Bug #1803196

I am copying this bug because: 



Description of problem:
Logging operator should publish sharing-config configmap into openshift-config-managed namespace, so it's reachable for other components, like console, which needs to access to:
 - kibanaAppURL
 - kibanaInfraURL
Version-Release number of selected component (if applicable):
4.4.

How reproducible:
Always


Steps to Reproduce:
1. 
2.
3.

Actual results:
Logging operator is publishing sharing-config configmap into openshift-logging namespace. If any component needs to get hands on the configmap it needs to get additional RBAC permissions.


Expected results:
Logging operator should be publishing sharing-config configmap into openshift-config-managed namespace so no additional RBAC permissions needs to be added to component that needs the configmap.
Comment 3 Anping Li 2020-02-28 03:25:23 UTC 
It seems the PR pull in regression https://bugzilla.redhat.com/show_bug.cgi?id=1807739
Comment 4 Jeff Cantrill 2020-02-28 13:53:26 UTC 
*** Bug 1807739 has been marked as a duplicate of this bug. ***
Comment 5 Ben Parees 2020-02-28 15:29:35 UTC 
The regression introduced by the original fix for this results in logging being undeployable.  Setting to Urgent.
Comment 6 Ben Parees 2020-02-28 15:49:00 UTC 
The rolebinding was created in the wrong namespace:
https://bugzilla.redhat.com/show_bug.cgi?id=1807739#c1

despite this:
https://github.com/openshift/cluster-logging-operator/blob/release-4.4/manifests/4.4/0200_roles.yaml#L5

guessing OLM stomped your namespace and created the rolebinding in openshift-logging anyway, which is why it didn't work.
Comment 7 Ben Parees 2020-02-28 18:04:20 UTC 
The attempt to handle this in 4.4 lead to a major regression (https://bugzilla.redhat.com/show_bug.cgi?id=1807739)

At this point we won't be able to address this in 4.4, but we're keeping https://bugzilla.redhat.com/show_bug.cgi?id=1803196 open to track potentially handling it in 4.5.
Comment 8 Ben Parees 2020-03-01 04:58:53 UTC 
Changing the severity on this posthoc, it should not have been urgent in the first place.  (possibly should not have been a bug either).