Bug 1806651 - Logging operator should publish sharing-config configmap into openshift-config-managed namespace
Summary: Logging operator should publish sharing-config configmap into openshift-confi...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Logging
Version: 4.4
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.4.0
Assignee: Periklis Tsirakidis
QA Contact: Qiaoling Tang
URL:
Whiteboard:
Depends On: 1803196
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-02-24 17:07 UTC by Jakub Hadvig
Modified: 2020-03-01 04:58 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-02-28 18:04:20 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-logging-operator pull 382 0 None closed [release-4.4] Bug 1806651: Move shared config map to openshift-config-managed NS 2020-07-22 13:49:08 UTC

Description Jakub Hadvig 2020-02-24 17:07:46 UTC
This bug was initially created as a copy of Bug #1803196

I am copying this bug because: 



Description of problem:
Logging operator should publish sharing-config configmap into openshift-config-managed namespace, so it's reachable for other components, like console, which needs to access to:
 - kibanaAppURL
 - kibanaInfraURL
Version-Release number of selected component (if applicable):
4.4.

How reproducible:
Always


Steps to Reproduce:
1. 
2.
3.

Actual results:
Logging operator is publishing sharing-config configmap into openshift-logging namespace. If any component needs to get hands on the configmap it needs to get additional RBAC permissions.


Expected results:
Logging operator should be publishing sharing-config configmap into openshift-config-managed namespace so no additional RBAC permissions needs to be added to component that needs the configmap.

Comment 3 Anping Li 2020-02-28 03:25:23 UTC
It seems the PR pull in regression https://bugzilla.redhat.com/show_bug.cgi?id=1807739

Comment 4 Jeff Cantrill 2020-02-28 13:53:26 UTC
*** Bug 1807739 has been marked as a duplicate of this bug. ***

Comment 5 Ben Parees 2020-02-28 15:29:35 UTC
The regression introduced by the original fix for this results in logging being undeployable.  Setting to Urgent.

Comment 6 Ben Parees 2020-02-28 15:49:00 UTC
The rolebinding was created in the wrong namespace:
https://bugzilla.redhat.com/show_bug.cgi?id=1807739#c1

despite this:
https://github.com/openshift/cluster-logging-operator/blob/release-4.4/manifests/4.4/0200_roles.yaml#L5

guessing OLM stomped your namespace and created the rolebinding in openshift-logging anyway, which is why it didn't work.

Comment 7 Ben Parees 2020-02-28 18:04:20 UTC
The attempt to handle this in 4.4 lead to a major regression (https://bugzilla.redhat.com/show_bug.cgi?id=1807739)

At this point we won't be able to address this in 4.4, but we're keeping https://bugzilla.redhat.com/show_bug.cgi?id=1803196 open to track potentially handling it in 4.5.

Comment 8 Ben Parees 2020-03-01 04:58:53 UTC
Changing the severity on this posthoc, it should not have been urgent in the first place.  (possibly should not have been a bug either).


Note You need to log in before you can comment on or make changes to this bug.