Bug 2102242 - [4.10] openshift-cluster-storage-operator prometheus rbac is missing on IBM Cloud
Summary: [4.10] openshift-cluster-storage-operator prometheus rbac is missing on IBM C...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Storage
Version: 4.7
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.10.z
Assignee: Jonathan Dobson
QA Contact: Wei Duan
Depends On: 2102438
Blocks: 2102760
TreeView+ depends on / blocked
Reported: 2022-06-29 14:05 UTC by John McMeeking
Modified: 2022-07-11 15:28 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2022-07-11 15:27:55 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cluster-storage-operator pull 293 0 None open [release-4.10] Add missing ibm cloud annotations to prometheus rbac 2022-06-29 22:24:15 UTC
Red Hat Product Errata RHBA-2022:5513 0 None None None 2022-07-11 15:28:03 UTC

Description John McMeeking 2022-06-29 14:05:12 UTC
Description of problem:

Please cherry-pick https://github.com/openshift/cluster-storage-operator/pull/267 to active releases (4.7 to 4.10). We (IBM) have some customer reports of this on the Red Hat OpenShift on IBM Cloud offering.

Version-Release number of selected component (if applicable):

4.7 through 4.10

How reproducible:


Steps to Reproduce:
1. Deploy an 4.7 through 4.10 cluster in the Red Hat OpenShift on IBM Cloud service.
2. list roles and and rolebindings in the openshift-cluster-storage-operator namespace

Actual results:

No prometheus role or rolebinding is listed.

Expected results:

prometheus role and rolebinding are listed

Master Log:

Node Log (of failed PODs):

PV Dump:

PVC Dump:

StorageClass Dump (if StorageClass used by PV/PVC):

Additional info:

Comment 1 John McMeeking 2022-06-29 14:10:50 UTC
Is something similar required in 4.6?  I didn't see the manifest in release-4.6.

Comment 2 Jonathan Dobson 2022-06-29 22:32:24 UTC
(In reply to John McMeeking from comment #1)
> Is something similar required in 4.6?  I didn't see the manifest in
> release-4.6.

This manifest didn't exist until bug 1904578 added it in 4.7, I don't think it makes sense to backport to 4.6.

Comment 4 Chao Yang 2022-07-01 10:14:03 UTC

oc get roles/prometheus -o json | jq .metadata.annotations
  "include.release.openshift.io/ibm-cloud-managed": "true",
  "include.release.openshift.io/self-managed-high-availability": "true",
e.release.openshift.io/single-node-developer": "true"

oc get rolebindings/prometheus -o json | jq .metadata.annotations
  "include.release.openshift.io/ibm-cloud-managed": "true",
  "include.release.openshift.io/self-managed-high-availability": "true",
  "include.release.openshift.io/single-node-developer": "true"

oc -n openshift-monitoring exec -c prometheus prometheus-k8s-0 -- curl -k -H "Authorization: Bearer $token" 'https://prometheus-k8s.openshift-monitoring.svc:9091/api/v1/query?query=kube_persistentvolume_info' | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   401    0   401    0     0  21105      0 --:--:-- --:--:-- --:--:-- 21105
  "status": "success",
  "data": {
    "resultType": "vector",
    "result": [
        "metric": {
          "__name__": "kube_persistentvolume_info",
          "container": "kube-rbac-proxy-main",
          "endpoint": "https-main",
          "job": "kube-state-metrics",
          "namespace": "openshift-monitoring",
          "persistentvolume": "pvc-23807fc2-d227-423c-b63d-f061fe456817",
          "service": "kube-state-metrics",
          "storageclass": "ibmc-vpc-block-10iops-tier"
        "value": [

Comment 7 errata-xmlrpc 2022-07-11 15:27:55 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.10.22 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.