Bug 1794825 - Operator-defined namespace that requests monitoring should fully warn user of implications of enabling [openshift-4.4]
Summary: Operator-defined namespace that requests monitoring should fully warn user of...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 4.4
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.4.0
Assignee: Jakub Hadvig
QA Contact: Yadan Pei
URL:
Whiteboard:
Depends On: 1799051
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-01-24 19:17 UTC by Peter Kreuser
Modified: 2020-05-04 11:27 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Please note that installing non RedHat operators into openshift namespaces and enabling monitoring voids user support. Enabling cluster monitoring for non RedHat operators can lead to malicious metrics data overriding existing cluster metrics. See https://docs.openshift.com/container-platform/4.2/monitoring/cluster-monitoring/configuring-the-monitoring-stack.html#maintenance-and-support_configuring-monitoring for details.
Clone Of:
Environment:
Last Closed: 2020-05-04 11:26:45 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift console pull 4120 0 None closed Bug 1794825: Operator-defined namespace that requests monitoring should fully warn user of implications of enabling 2020-09-24 16:52:07 UTC
Red Hat Product Errata RHBA-2020:0581 0 None None None 2020-05-04 11:27:10 UTC

Description Peter Kreuser 2020-01-24 19:17:27 UTC
Description of problem:

The operator-defined namespace story implemented in sprint 178 included the option for the admin to enable monitoring on the namespace the operator is installed in.

The text for the checkbox that enables this as implemented reads:
[  ] Enable operator recommended cluster monitoring on this namespace
Note: Enabling monitoring will allow any operator or workload running on this namespace to contribute metrics to the cluster metric set.

There was thought that this text should convey what the implications of allowing any workload to contribute metrics are. This could happen inline in the text or some linked help or KB article. 

Story:
https://github.com/openshift/console/pull/3862


Version-Release number of selected component (if applicable):
4.4

How reproducible:
Always

Steps to Reproduce:
1.Install an operator that requests monitoring be enabled on the install namespace
2.Checkbox will be presented

Comment 4 shahan 2020-02-14 03:55:42 UTC
install operatorHub-> logging, the subscription creation form will have checkbox to allow users enable cluster monitoring in the openshift-logging namespace.
the namespace labeled with openshift.io/cluster-monitoring=true
Verified this bug
4.4.0-0.nightly-2020-02-13-212616

Comment 6 errata-xmlrpc 2020-05-04 11:26:45 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581


Note You need to log in before you can comment on or make changes to this bug.