Description of problem: The secret used to establish a secure connection with OLM's pprof endpoint is hardcoded to the openshift-operator-lifecycle-manager namespace. This cannot work if OLM is not running in that namespace, as is the case on HyperShift clusters. Version-Release number of selected component (if applicable): 4.10 How reproducible: Always Steps to Reproduce: 1.No steps needed, view hardcoded value here: https://github.com/openshift/operator-framework-olm/blob/master/cmd/collect-profiles/main.go#L34 Actual results: Expected PPROF secret namespace cannot be configured. Expected results: Expected PPROF secret namespace can be configured. Additional info:
[cloud-user@preserve-olm-env jian]$ oc -n openshift-operator-lifecycle-manager exec deploy/catalog-operator -- olm --version OLM version: 0.19.0 git commit: 6d684d4d9a85f9577fbb8f2da5846e820af69626 [cloud-user@preserve-olm-env jian]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.10.0-0.nightly-2021-10-23-225921 True False 7h57m Cluster version is 4.10.0-0.nightly-2021-10-23-225921 [cloud-user@preserve-olm-env jian]$ oc get CronJob -n openshift-operator-lifecycle-manager NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE collect-profiles */15 * * * * False 0 4m56s 8h [cloud-user@preserve-olm-env jian]$ oc get pods -n openshift-operator-lifecycle-manager NAME READY STATUS RESTARTS AGE catalog-operator-7dbf8cb576-hq6zm 1/1 Running 0 8h collect-profiles-27252555--1-dj7pf 0/1 Completed 0 35m collect-profiles-27252570--1-gxp8t 0/1 Completed 0 20m collect-profiles-27252585--1-ll4m5 0/1 Completed 0 5m19s olm-operator-6f75bf9687-r6h7c 1/1 Running 0 8h package-server-manager-d6799ddbd-2bq2k 1/1 Running 0 8h packageserver-5c7c6777cb-js6v6 1/1 Running 0 8h packageserver-5c7c6777cb-qz8h9 1/1 Running 0 8h The cronjob works well, LGTM, verify it.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056