Description of problem (please be detailed as possible and provide log snippets): When storageclass or PV encryption is enabled on a cluster post deployment, the ocs_advanced_feature_usage_metric does not update it's value to 1. It does not detect the use of PV encryption, unless it is enabled during deployment. The following logs were observed in the ocs-metrics-exporter pod: W1205 08:27:51.092918 1 reflector.go:324] /remote-source/app/metrics/internal/collectors/cluster-advance-feature-use.go:166: failed to list *v1.StorageClass: forbidden: User "system:serviceaccount:openshift-storage:ocs-metrics-exporter" cannot get path "/storageclasses" E1205 08:27:51.092960 1 reflector.go:138] /remote-source/app/metrics/internal/collectors/cluster-advance-feature-use.go:166: Failed to watch *v1.StorageClass: failed to list *v1.StorageClass: forbidden: User "system:serviceaccount:openshift-storage:ocs-metrics-exporter" cannot get path "/storageclasses" Version of all relevant components (if applicable): --------------------------------------------------- OCP: 4.12.0-0.nightly-2022-12-04-160656 ODF: odf-operator.v4.12.0-122.stable Does this issue impact your ability to continue to work with the product (please explain in detail what is the user impact)? No Is there any workaround available to the best of your knowledge? N/A Rate from 1 - 5 the complexity of the scenario you performed that caused this bug (1 - very simple, 5 - very complex)? 2 Can this issue reproducible? Yes Can this issue reproduce from the UI? Yes If this is a regression, please provide more details to justify this: No Steps to Reproduce: ------------------- 1. Deploy an ODF 4.12 cluster without enabling encryption during deployment 2. After deployment, create an encryption enabled storageclass 3. Check the ocs_advanced_feature_usage metric from the UI by navigating to Observe -> Metrics 4. Check the Value parameter Actual results: --------------- The Value is 0 Expected results: ----------------- Since, PV encryption is an advanced feature, the value should be 1
We already had this PR: https://github.com/red-hat-storage/ocs-operator/pull/1826 , which was supposed to fix the issue. As StorageClass is a cluster wide resource (and not a namespace constrained resource), may have to take a different approach. Taking a look
Umanga has created a PR for this: https://github.com/red-hat-storage/ocs-operator/pull/2032 This is now backported to 4.13 branch as well: https://github.com/red-hat-storage/ocs-operator/pull/2033
Added an encrypted storageclass checked the metric and it still 0. Moving to assigned.
Not a blocker for 4.13
When PV encryption storage class exists, ocs_advanced_feature_usage metric's value is set to 1. Tested with: ODF 4.14.0-161 OCP 4.14.0-0.nightly-2023-11-05-194730 =================================================================== Storage class: kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: storageclass-test-rbd-bc233ca580c64361aa uid: 82bf856a-d383-4b05-9700-c4251aefd09e resourceVersion: '239098' creationTimestamp: '2023-11-06T21:25:15Z' managedFields: - manager: kubectl-create operation: Update apiVersion: storage.k8s.io/v1 time: '2023-11-06T21:25:15Z' fieldsType: FieldsV1 fieldsV1: 'f:allowVolumeExpansion': {} 'f:parameters': 'f:csi.storage.k8s.io/controller-expand-secret-name': {} 'f:clusterID': {} 'f:imageFeatures': {} 'f:csi.storage.k8s.io/controller-expand-secret-namespace': {} .: {} 'f:csi.storage.k8s.io/provisioner-secret-namespace': {} 'f:pool': {} 'f:encrypted': {} 'f:csi.storage.k8s.io/node-stage-secret-name': {} 'f:csi.storage.k8s.io/node-stage-secret-namespace': {} 'f:encryptionKMSID': {} 'f:csi.storage.k8s.io/provisioner-secret-name': {} 'f:imageFormat': {} 'f:provisioner': {} 'f:reclaimPolicy': {} 'f:volumeBindingMode': {} provisioner: openshift-storage.rbd.csi.ceph.com parameters: csi.storage.k8s.io/provisioner-secret-namespace: openshift-storage encrypted: 'true' csi.storage.k8s.io/provisioner-secret-name: secret-test-rbd-ca5e8fb37b00464ca4397925 csi.storage.k8s.io/node-stage-secret-name: secret-test-rbd-ca5e8fb37b00464ca4397925 encryptionKMSID: vault-test-4ad7372ca055403a959db023b38be csi.storage.k8s.io/controller-expand-secret-name: secret-test-rbd-ca5e8fb37b00464ca4397925 imageFormat: '2' clusterID: openshift-storage imageFeatures: layering csi.storage.k8s.io/controller-expand-secret-namespace: openshift-storage pool: ocs-storagecluster-cephblockpool csi.storage.k8s.io/node-stage-secret-namespace: openshift-storage reclaimPolicy: Delete allowVolumeExpansion: true volumeBindingMode: Immediate ocs_advanced_usage Metric: Name container endpoint instance job managedBy namespace pod prometheus service Value ocs_advanced_feature_usage ocs-metrics-exporter metrics 10.128.2.22:8080 ocs-metrics-exporter ocs-storagecluster openshift-storage ocs-metrics-exporter-65c7d9bbbb-kgr67 openshift-monitoring/k8s ocs-metrics-exporter 1
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Red Hat OpenShift Data Foundation 4.14.0 security, enhancement & bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:6832