Bug 1853253 - Old thanos-ruler secret is not deleted after tls rotation
Summary: Old thanos-ruler secret is not deleted after tls rotation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Monitoring
Version: 4.6
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: ---
: 4.6.0
Assignee: Sergiusz Urbaniak
QA Contact: hongyan li
URL:
Whiteboard:
Depends On: 1853250
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-07-02 09:15 UTC by hongyan li
Modified: 2020-10-27 16:12 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1853250
Environment:
Last Closed: 2020-10-27 16:11:47 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-monitoring-operator pull 878 0 None closed Bug 1853253: remove expired TLS secret for Thanos Ruler 2020-07-31 13:57:15 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:12:07 UTC

Description hongyan li 2020-07-02 09:15:51 UTC
Description of problem:
Old thanos-ruler secret is not deleted after tls rotation


Version-Release number of selected component (if applicable):
 4.6.0-0.nightly-2020-06-30-020342

How reproducible:
Always

Steps to Reproduce:
1.Add the following annotation to secret grpc-tls to trigger tls rotation
    monitoring.openshift.io/grpc-tls-forced-rotate
2. check all the grpc-tls secrets

Actual results:
oc get secret -n openshift-user-workload-monitoring |grep grpc-tls
prometheus-user-workload-grpc-tls-ejg3eer7c6147   Opaque                                3      14m
thanos-ruler-grpc-tls-e15j46649rq6d               Opaque                                3      58m
thanos-ruler-grpc-tls-ejg3eer7c6147               Opaque                                3      14m


Expected results:
there should be only one thanos-ruler secret 

Additional info:

Comment 6 hongyan li 2020-08-03 02:10:44 UTC
Verified with payload
4.6.0-0.nightly-2020-08-02-091622

enable user workload monitoring
1.Add the following annotation to secret grpc-tls to trigger tls rotation
    monitoring.openshift.io/grpc-tls-forced-rotate
2. check all the grpc-tls secrets

Actual results:
oc get secret -n openshift-user-workload-monitoring |grep grpc-tls
prometheus-user-workload-grpc-tls-92dd7ml88car8   Opaque                                3      33s
thanos-ruler-grpc-tls-92dd7ml88car8               Opaque                                3      30s

Comment 8 errata-xmlrpc 2020-10-27 16:11:47 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.