After Dittybopper dashboard deployed for several hours, the dashboards got Forbidden. Delete dittybopper and deploy again can fix this issue. But after several hours, I see the same issue. When the issue is seen, curl with the token in sc-ocp-prom configmap to prometheus url also got 403. But manually creating a new token can make it work. I doubt the token expired.
URL=$(oc get route -n openshift-monitoring prometheus-k8s -o jsonpath="{.spec.host}")
Get the token in sc-ocp-prom configmap
% oc get cm sc-ocp-prom -n dittybopper -o jsonpath="{.metadata.annotations}"
The token in sc-ocp-prom configmap got 403
% export TOKEN=<token got from last step>
% curl -ksl -H "Authorization: Bearer $TOKEN" https://${URL}/api/v1/status/runtimeinfo -w "%{http_code}" -o /dev/null
403%
Use https://jwt.io/ to decode the token token I got "exp": 1676971045
$ date -d @1676971045
Tue Feb 21 09:17:25 AM UTC 2023
I think we can use --duration to set a longer time to the token, like 240h, not sure if we can set it as forever.
oc create token prometheus-k8s -n openshift-monitoring --duration 240h
After Dittybopper dashboard deployed for several hours, the dashboards got Forbidden. Delete dittybopper and deploy again can fix this issue. But after several hours, I see the same issue. When the issue is seen, curl with the token in sc-ocp-prom configmap to prometheus url also got 403. But manually creating a new token can make it work. I doubt the token expired.
Get the token in sc-ocp-prom configmap
The token in sc-ocp-prom configmap got 403
Use https://jwt.io/ to decode the token token I got
"exp": 1676971045
New token works well.
I think we can use --duration to set a longer time to the token, like 240h, not sure if we can set it as forever. oc create token prometheus-k8s -n openshift-monitoring --duration 240h