+++ This bug was initially created as a clone of Bug #2142901 +++ Description of problem (please be detailed as possible and provide log snippets): liveness container in the cephfs provisioner and daemonset pods exposes HTTP ports to serve the metrics endpoints. We have two problems with it 1. The Metrics exposed on the HTTP port without TLS. This will be problematic for the customers as its a security problem 2. No one is consuming these metrics, and it was there only for the debugging purpose, and it was not helpful for the admins/users. Version of all relevant components (if applicable): Does this issue impact your ability to continue to work with the product (please explain in detail what is the user impact)? Is there any workaround available to the best of your knowledge? No Rate from 1 - 5 the complexity of the scenario you performed that caused this bug (1 - very simple, 5 - very complex)? Can this issue reproducible? Yes Can this issue reproduce from the UI? Deploy ODF If this is a regression, please provide more details to justify this: Steps to Reproduce: 1. Deploy ODF 2. Check liveness container running on csi pods 3. On the node where daemonset pods are running the host port 9080 and 9081 are opened and used. Expected results: The liveness sidecar container should be disabled in all csi pods and cephcsi should not use 9080 and 9081 ports on the host. Additional info:
https://github.com/red-hat-storage/rook/pull/429 is already backported to 4.10
verified that container 'liveness-prometheus' is not running on any csi pod OC version: Client Version: 4.12.0-202208031327 Kustomize Version: v4.5.4 Server Version: 4.11.0-0.nightly-2023-01-07-041900 Kubernetes Version: v1.24.6+5658434 OCS verison: ocs-operator.v4.11.4 OpenShift Container Storage 4.11.4 ocs-operator.v4.11.3 Succeeded Cluster version NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.11.0-0.nightly-2023-01-07-041900 True False 9h Cluster version is 4.11.0-0.nightly-2023-01-07-041900 Rook version: rook: v4.11.4-0.96e324244ec878d70194179a2892ec7193f6b591 go: go1.17.12 Ceph version: ceph version 16.2.8-84.el8cp (c2980f2fd700e979d41b4bad2939bb90f0fe435c) pacific (stable)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat OpenShift Data Foundation 4.10.10 Bug Fix Update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:0827