The console is not creating the role bindings to let monitoring scrape metrics for operators when the `operatorframework.io/cluster-monitoring=true` is set. See https://github.com/openshift/enhancements/blob/master/enhancements/olm/olm-managed-operator-metrics.md#rbac-requirements ``` The operatorframework.io/cluster-monitoring=true annotation. When this annotation is set to true, the OpenShift Console will update the namespace that the operator is being deployed to with the openshift.io/cluster-monitoring=true label. When this annotation is present, the UI will update the OpenShift Monitoring Prometheus Operator ServiceAccount with the appropriate RBAC privileges for the given namespace as well, allowing operators to be scraped by the OpenShift Monitoring Prometheus Operator. ```
install logging enabled monitoring on console. [hasha@localhost ~]$ oc get role openshift-logging-prometheus -n openshift-logging -oyaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: creationTimestamp: "2020-05-28T01:47:59Z" managedFields: - apiVersion: rbac.authorization.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:rules: {} manager: Mozilla operation: Update time: "2020-05-28T01:47:59Z" name: openshift-logging-prometheus namespace: openshift-logging resourceVersion: "67233" selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/openshift-logging/roles/openshift-logging-prometheus uid: fa021303-f1ff-48d5-8308-418aaa142b28 rules: - apiGroups: - "" resources: - services - endpoints - pods verbs: - get - list - watch [hasha@localhost ~]$ oc get rolebinding openshift-logging-prometheus -n openshift-logging -oyaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: creationTimestamp: "2020-05-28T01:48:00Z" managedFields: - apiVersion: rbac.authorization.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:roleRef: f:apiGroup: {} f:kind: {} f:name: {} f:subjects: {} manager: Mozilla operation: Update time: "2020-05-28T01:48:00Z" name: openshift-logging-prometheus namespace: openshift-logging resourceVersion: "67238" selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/openshift-logging/rolebindings/openshift-logging-prometheus uid: e7532b0e-542a-4abc-9f4b-320418677f8a roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: openshift-logging-prometheus subjects: - kind: ServiceAccount name: prometheus-operator namespace: openshift-monitoring 4.5.0-0.nightly-2020-05-27-174108
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409