OCPBUGS-70352: handled dynamic secret for remote alertmanager

[mvazquezc]

No description provided.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mvazquezc
Once this PR has been reviewed and has the lgtm label, please assign marsik for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @mvazquezc. Thanks for your PR.

I'm waiting for a openshift-kni member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[abraham2512]

Is it possible to do a quick test on acm 2.14 that things are in order?
I'm curious what happens to this regexFind "hub-cluster-id(.*)" when its not available in the hub-info-secret in acm-2.14.
Does it go to the else block or return an empty string, making a secret name observability-alertmanager-accessor- which would be incorrect

[mvazquezc]

Will test on 2.14 and report back results.

[mvazquezc]

This has been validated in 2.14 and 2.15.

2.14

oc --kubeconfig abi -n openshift-monitoring get cm cluster-monitoring-config -o yaml
apiVersion: v1
data:
  config.yaml: |-
    alertmanagerMain:
      enabled: false
    telemeterClient:
      enabled: false
    nodeExporter:
      collectors:
        buddyinfo: {}
        cpufreq: {}
        ksmd: {}
        mountstats: {}
        netclass: {}
        netdev: {}
        processes: {}
        systemd: {}
        tcpstat: {}
    prometheusK8s:
      additionalAlertmanagerConfigs:
      - apiVersion: v2
        bearerToken:
          key: token
          name: observability-alertmanager-accessor
        scheme: https
        staticConfigs: [alertmanager-open-cluster-management-observability.apps.hub.5g-deployment.lab]
        tlsConfig:
          ca:
            key: service-ca.crt
            name: hub-alertmanager-router-ca
          insecureSkipVerify: false
      externalLabels:
        managed_cluster: 304779e6-6785-452b-a61c-670eafc2649c
      retention: 24h
kind: ConfigMap
metadata:
  annotations:
    ran.openshift.io/ztp-deploy-wave: "1"
  creationTimestamp: "2026-01-29T12:05:02Z"
  name: cluster-monitoring-config
  namespace: openshift-monitoring
  resourceVersion: "23301"
  uid: 03266338-772e-4b84-86be-8bae37b1c2bb

2.15

apiVersion: v1
data:
  config.yaml: |
    alertmanagerMain:
      enabled: false
    telemeterClient:
      enabled: false
    nodeExporter:
      collectors:
        buddyinfo: {}
        cpufreq: {}
        ksmd: {}
        mountstats: {}
        netclass: {}
        netdev: {}
        processes: {}
        systemd: {}
        tcpstat: {}
    prometheusK8s:
      additionalAlertmanagerConfigs:
      - apiVersion: v2
        bearerToken:
          key: token
          name: observability-alertmanager-accessor-1d70fd5186d445e4883
        scheme: https
        staticConfigs: [alertmanager-open-cluster-management-observability.apps.hub.5g-deployment.lab]
        tlsConfig:
          ca:
            key: service-ca.crt
            name: hub-alertmanager-router-ca-1d70fd5186d445e4883
          insecureSkipVerify: false
      externalLabels:
        managed_cluster: f9be5ddd-3497-42cb-ad10-7159011f3fcb
      retention: 24h
kind: ConfigMap
metadata:
  annotations:
    ran.openshift.io/ztp-deploy-wave: "1"
  creationTimestamp: "2026-01-29T14:30:31Z"
  name: cluster-monitoring-config
  namespace: openshift-monitoring
  resourceVersion: "13441"
  uid: 587851bd-1a3f-4020-ac90-bfb6f495a28e

[abraham2512]

/lgtm

[abraham2512]

Thanks for updating and verifying the fix with 2.14 and 2.15 @mvazquezc

[abraham2512]

To pass CI, you also need to update this in the kube-compare reference here
https://github.com/openshift-kni/telco-reference/blob/main/telco-ran/configuration/kube-compare-reference/cluster-tuning/monitoring-configuration/ReduceMonitoringFootprint.yaml

[abraham2512]

We'd also need this same change reciprocated in the Core config, here
https://github.com/openshift-kni/telco-reference/blob/main/telco-core/configuration/reference-crs/optional/other/monitoring-config-cm.yaml

[abraham2512]

/ok-to-test

[abraham2512]

typo, missing ?

[openshift-ci-robot]

@mvazquezc: This pull request references Jira Issue OCPBUGS-70352, which is invalid:

• expected the bug to target the "4.22.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[abraham2512]

/jira refresh

[openshift-ci-robot]

@abraham2512: This pull request references Jira Issue OCPBUGS-70352, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[abraham2512]

/cc @irinamihai @imiller0

[abraham2512]

/lgtm