Bug 1853253

Summary: Old thanos-ruler secret is not deleted after tls rotation
Product: OpenShift Container Platform Reporter: hongyan li <hongyli>
Component: MonitoringAssignee: Sergiusz Urbaniak <surbania>
Status: CLOSED ERRATA QA Contact: hongyan li <hongyli>
Severity: low Docs Contact:
Priority: medium    
Version: 4.6CC: alegrand, anpicker, erooth, juzhao, kakkoyun, lcosic, mloibl, pkrupa, spasquie, surbania
Target Milestone: ---Keywords: UpcomingSprint
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1853250 Environment:
Last Closed: 2020-10-27 16:11:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1853250    
Bug Blocks:    

Description hongyan li 2020-07-02 09:15:51 UTC 
Description of problem:
Old thanos-ruler secret is not deleted after tls rotation


Version-Release number of selected component (if applicable):
 4.6.0-0.nightly-2020-06-30-020342

How reproducible:
Always

Steps to Reproduce:
1.Add the following annotation to secret grpc-tls to trigger tls rotation
    monitoring.openshift.io/grpc-tls-forced-rotate
2. check all the grpc-tls secrets

Actual results:
oc get secret -n openshift-user-workload-monitoring |grep grpc-tls
prometheus-user-workload-grpc-tls-ejg3eer7c6147   Opaque                                3      14m
thanos-ruler-grpc-tls-e15j46649rq6d               Opaque                                3      58m
thanos-ruler-grpc-tls-ejg3eer7c6147               Opaque                                3      14m


Expected results:
there should be only one thanos-ruler secret 

Additional info:
Comment 6 hongyan li 2020-08-03 02:10:44 UTC 
Verified with payload
4.6.0-0.nightly-2020-08-02-091622

enable user workload monitoring
1.Add the following annotation to secret grpc-tls to trigger tls rotation
    monitoring.openshift.io/grpc-tls-forced-rotate
2. check all the grpc-tls secrets

Actual results:
oc get secret -n openshift-user-workload-monitoring |grep grpc-tls
prometheus-user-workload-grpc-tls-92dd7ml88car8   Opaque                                3      33s
thanos-ruler-grpc-tls-92dd7ml88car8               Opaque                                3      30s
Comment 8 errata-xmlrpc 2020-10-27 16:11:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196