1853253 – Old thanos-ruler secret is not deleted after tls rotation

Bug 1853253 - Old thanos-ruler secret is not deleted after tls rotation

Summary: Old thanos-ruler secret is not deleted after tls rotation

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Monitoring
Sub Component:
Version:	4.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	low
Target Milestone:	---
Target Release:	4.6.0
Assignee:	Sergiusz Urbaniak
QA Contact:	hongyan li
Docs Contact:
URL:
Whiteboard:
Depends On:	1853250
Blocks:
TreeView+	depends on / blocked

Reported:	2020-07-02 09:15 UTC by hongyan li
Modified:	2020-10-27 16:12 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1853250
Environment:
Last Closed:	2020-10-27 16:11:47 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift cluster-monitoring-operator pull 878	0	None	closed	Bug 1853253: remove expired TLS secret for Thanos Ruler	2020-07-31 13:57:15 UTC
Red Hat Product Errata	RHBA-2020:4196	0	None	None	None	2020-10-27 16:12:07 UTC

Description hongyan li 2020-07-02 09:15:51 UTC

Description of problem:
Old thanos-ruler secret is not deleted after tls rotation


Version-Release number of selected component (if applicable):
 4.6.0-0.nightly-2020-06-30-020342

How reproducible:
Always

Steps to Reproduce:
1.Add the following annotation to secret grpc-tls to trigger tls rotation
    monitoring.openshift.io/grpc-tls-forced-rotate
2. check all the grpc-tls secrets

Actual results:
oc get secret -n openshift-user-workload-monitoring |grep grpc-tls
prometheus-user-workload-grpc-tls-ejg3eer7c6147   Opaque                                3      14m
thanos-ruler-grpc-tls-e15j46649rq6d               Opaque                                3      58m
thanos-ruler-grpc-tls-ejg3eer7c6147               Opaque                                3      14m


Expected results:
there should be only one thanos-ruler secret 

Additional info:

Comment 6 hongyan li 2020-08-03 02:10:44 UTC

Verified with payload
4.6.0-0.nightly-2020-08-02-091622

enable user workload monitoring
1.Add the following annotation to secret grpc-tls to trigger tls rotation
    monitoring.openshift.io/grpc-tls-forced-rotate
2. check all the grpc-tls secrets

Actual results:
oc get secret -n openshift-user-workload-monitoring |grep grpc-tls
prometheus-user-workload-grpc-tls-92dd7ml88car8   Opaque                                3      33s
thanos-ruler-grpc-tls-92dd7ml88car8               Opaque                                3      30s

Comment 8 errata-xmlrpc 2020-10-27 16:11:47 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196

Note You need to log in before you can comment on or make changes to this bug.