Description of problem: Installation of the Prometheus operator fails: oc get csv --selector=operators.coreos.com/prometheus.service-telemetry NAME DISPLAY VERSION REPLACES PHASE prometheusoperator.v0.65.1 Prometheus Operator 0.65.1 prometheusoperator.0.47.0 Failed message: >- pods "prometheus-operator-59d56b5554-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, spec.containers[0].securityContext.runAsUser: Invalid value: 65534: must be in the ranges: [1000730000, 1000739999], provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount] Version-Release number of selected component (if applicable): STF 1.5 OSP 17.0.1 OCP 4.12 How reproducible: Follow step 10 from the following document -> https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/17.0/html/service_telemetry_framework_1.5/assembly-installing-the-core-components-of-stf_assembly Steps to Reproduce: 1. Enable OperatorHub.io 2. Enable Prometheus Operator with the following yaml: oc create -f - <<EOF apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: prometheus namespace: service-telemetry spec: channel: beta installPlanApproval: Automatic name: prometheus source: operatorhubio-operators sourceNamespace: openshift-marketplace EOF Actual results: Error Expected results: Success Additional info: Please note that the version of the Prometheus operator looks different from what is described in the docs: prometheusoperator.v0.65.1 vs 0.47.0
The workaround is to use community-operators rather then operatorhubio-operators which ends up installing 0.56.3 oc create -f - <<EOF apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: prometheus namespace: service-telemetry spec: channel: beta installPlanApproval: Automatic name: prometheus source: community-operators sourceNamespace: openshift-marketplace EOF
Will require a KCS article that shows how to migrate from one CatalogSource to another which will need to referenced in release notes along with documentation change log, which notes any changes in procedures.
I'm self-assigning this for now, but will change if we can find another owner on short notice. Going to target this for STF 1.5.2, but that release is very soon, so we'll see if we can sneak it in on time.
Procedure updates are now landed upstream and will be imported as part of the STF 1.5.2 release (June 22nd target release date). Migration documentation has been written in a Knowledge Base Article (KBA) and was published today at https://access.redhat.com/articles/7018389 This task is effectively complete. Moving to MODIFIED and will be closed as part of the STF 1.5.2 release. Any issues with the KBA or other related items, please file separate bugzillas for that.
*** Bug 2215413 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Release for Service Telemetry Framework 1.5.2), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2023:3785