Description of problem: Old thanos-ruler secret is not deleted after tls rotation Version-Release number of selected component (if applicable): 4.6.0-0.nightly-2020-06-30-020342 How reproducible: Always Steps to Reproduce: 1.Add the following annotation to secret grpc-tls to trigger tls rotation monitoring.openshift.io/grpc-tls-forced-rotate 2. check all the grpc-tls secrets Actual results: oc get secret -n openshift-user-workload-monitoring |grep grpc-tls prometheus-user-workload-grpc-tls-ejg3eer7c6147 Opaque 3 14m thanos-ruler-grpc-tls-e15j46649rq6d Opaque 3 58m thanos-ruler-grpc-tls-ejg3eer7c6147 Opaque 3 14m Expected results: there should be only one thanos-ruler secret Additional info:
Verified with payload 4.6.0-0.nightly-2020-08-02-091622 enable user workload monitoring 1.Add the following annotation to secret grpc-tls to trigger tls rotation monitoring.openshift.io/grpc-tls-forced-rotate 2. check all the grpc-tls secrets Actual results: oc get secret -n openshift-user-workload-monitoring |grep grpc-tls prometheus-user-workload-grpc-tls-92dd7ml88car8 Opaque 3 33s thanos-ruler-grpc-tls-92dd7ml88car8 Opaque 3 30s
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196