Created attachment 1700430 [details] prometheus-operator cluster-role file Description of problem: this bug is for https://issues.redhat.com/browse/MON-1084 https://github.com/coreos/prometheus-operator/pull/3155 and https://github.com/openshift/prometheus-operator/pull/77 are in 4.6.0-0.nightly-2020-07-07-141639 and later build. Tested with 4.6.0-0.nightly-2020-07-07-233934, according to https://github.com/coreos/prometheus-operator/pull/3155 crd resources should be removed from ClusterRole/prometheus-operator, but they still in the ClusterRole # oc -n openshift-monitoring get ClusterRole/prometheus-operator -oyaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole ... rules: - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - create - apiGroups: - apiextensions.k8s.io resourceNames: - alertmanagers.monitoring.coreos.com - podmonitors.monitoring.coreos.com - prometheuses.monitoring.coreos.com - prometheusrules.monitoring.coreos.com - servicemonitors.monitoring.coreos.com - thanosrulers.monitoring.coreos.com resources: - customresourcedefinitions verbs: - get - update ... ********************************** checked with # oc -n openshift-monitoring get deploy prometheus-operator -oyaml there is not "- --manage-crds=false" setting, details see the attached files ... spec: containers: - args: - --kubelet-service=kube-system/kubelet - --logtostderr=true - --config-reloader-image=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ee5afaf279a1228999c0d1b7f6f4ab168cae34bd3b1454acaa8380d3c1edacc1 - --prometheus-config-reloader=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e1543cc7d31d6f943e955dd6a82a45ea0502aba8f5085869d68c40f831e34717 - --namespaces=openshift-apiserver,openshift-apiserver-operator,openshift-authentication,openshift-authentication-operator,openshift-cloud-credential-operator,openshift-cluster-machine-approver,openshift-cluster-samples-operator,openshift-cluster-storage-operator,openshift-cluster-version,openshift-config-operator,openshift-console-operator,openshift-controller-manager,openshift-controller-manager-operator,openshift-dns,openshift-dns-operator,openshift-etcd-operator,openshift-image-registry,openshift-ingress,openshift-ingress-operator,openshift-insights,openshift-kube-apiserver,openshift-kube-apiserver-operator,openshift-kube-controller-manager,openshift-kube-controller-manager-operator,openshift-kube-scheduler,openshift-kube-scheduler-operator,openshift-kube-storage-version-migrator,openshift-kube-storage-version-migrator-operator,openshift-machine-api,openshift-machine-config-operator,openshift-marketplace,openshift-monitoring,openshift-multus,openshift-operator-lifecycle-manager,openshift-sdn,openshift-service-ca-operator,openshift-user-workload-monitoring - --prometheus-instance-namespaces=openshift-monitoring - --thanos-ruler-instance-namespaces=openshift-monitoring - --alertmanager-instance-namespaces=openshift-monitoring - --config-reloader-cpu=0 - --config-reloader-memory=0 - --web.enable-tls=true - --web.tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - --web.tls-min-version=VersionTLS12 image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5a6f7db12af24f4dcef5ac04a75c5d50d28a1712fea066c886ae0ca21d902d83 imagePullPolicy: IfNotPresent name: prometheus-operator ports: - containerPort: 8080 name: http protocol: TCP resources: requests: cpu: 5m memory: 60Mi ... Version-Release number of selected component (if applicable): 4.6.0-0.nightly-2020-07-07-233934 How reproducible: always Steps to Reproduce: 1. see the description 2. 3. Actual results: Expected results: Additional info:
Created attachment 1700431 [details] prometheus-operator deployment file
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196