Description of problem: Whenever a service monitor references an invalid secret or configmap's key, the prometheus operator wouldn't update the Prometheus configuration. It shouldn't be a big issue for the infra Prometheus because we pretty control what goes in but it's more problematic for user workload monitoring (basically a bad service monitor can DoS the service). Version-Release number of selected component (if applicable): 4.6 How reproducible: Always Steps to Reproduce: 1. Enable user workload monitoring 2. Create a secret + a service monitor that references this secret but with an invalid key apiVersion: v1 data: {} kind: Secret metadata: name: demo namespace: default type: Opaque apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: demo namespace: default spec: endpoints: - port: web bearerTokenSecret: key: missing name: demo selector: matchLabels: app: demo 3. Create a valid service monitor apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: demo2 namespace: default spec: endpoints: - port: web selector: matchLabels: app: demo2 Actual results: The second service monitor isn't present in the Prometheus configuration. Expected results: The second service monitor should be present in the Prometheus configuration. Additional info: https://github.com/prometheus-operator/prometheus-operator/issues/3327
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196