Fix ServiceMonitor RBAC for authenticated metrics endpoints#3681
Conversation
|
Fyi I've been trying to test this change downstream here, but getting an openshift cluster today has been a challenge (due to limited shared cluster availability) |
|
/hold I have to fix something |
openshift-ci
Bot
added
the
do-not-merge/hold
Add additional permission to allow Prometheus in OCP to access authenticated metrics without HTTP 500 errors.
anik120
force-pushed
the
servicemonitor-rbac
branch
from
fb9bf79 to
c371878
Compare
|
/hold cancel |
openshift-ci
Bot
removed
the
do-not-merge/hold
|
Fyi for reviewers: I've added another commit that skips the metrics e2e tests for now. They were using a very hacky (pod proxy) method to fetch the metrics, which doesn't work anymore in Openshift since the metrics endpoints are secure by default in Openshift. I have to redesign the test suite structure to work with the authentication mechanism, which I plan on doing soon after as a follow up |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: grokspawn The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
Bot
added
the
approved
openshift-merge-bot
Bot
merged commit ca9fb30
into
operator-framework:master
2 participants
Add /metrics nonResourceURL permission to allow Prometheus in OCP to access authenticated metrics without HTTP 500 errors.
Description of the change:
Motivation for the change:
Architectural changes:
Testing remarks:
Reviewer Checklist
/doc[FLAKE]are truly flaky and have an issue