Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1626520

Summary: Prometheus with default serviceaccount cannot list all nodes in the cluster
Product: OpenShift Container Platform Reporter: Mauricio Magnani <mmagnani>
Component: MonitoringAssignee: Paul Gier <pgier>
Status: CLOSED NOTABUG QA Contact: Junqi Zhao <juzhao>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.10.0CC: minden, mmagnani
Target Milestone: ---   
Target Release: 3.10.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-11-07 15:50:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mauricio Magnani 2018-09-07 14:17:17 UTC 
### Description of problem ###

I'm not sure if this is bug.

Per default the prometheus serviceaccount gets the view clusterrole, which is not able to view/list/watch nodes in the cluster. However prometheus tries to acquire node objects in the cluster and creates following error messages:
~~~
 k8s.io/kube-state-metrics/collectors/node.go:130: Failed to list *v1.Node: nodes is forbidden: User "system:serviceaccount:openshift-metrics:default" cannot list nodes at the cluster scope: User "system:serviceaccount:openshift-metrics:default" cannot list all nodes in the cluster
~~~

After adding a cluster role with the right to view nodes the mistake is gone.

If prometheus is deployed with ansible.
It's a permanent mistake, because prometheus (with the default serviceaccount) continuously tries to view nodes.

### Version-Release number ###

 openshift-ansible-3.10.21-1.git.0.6446011.el7.noarch
Comment 1 Frederic Branczyk 2018-09-07 14:24:11 UTC 
Assigning to Paul Gier. This should be a simple change in the ClusterRole adding this permission.
Comment 4 Red Hat Bugzilla 2023-09-15 00:12:05 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days