From 1417b39e98d397f9feda8f0965ef032e0c9956d5 Mon Sep 17 00:00:00 2001 From: Abhijeet Sadawarte Date: Thu, 21 May 2026 19:59:37 +0530 Subject: [PATCH] Add token-based auth prerequisite for oc adm upgrade recommend The recommend command requires a bearer token to query the Thanos monitoring route. Certificate-based auth (system:admin from the installer kubeconfig) causes the command to silently skip all alert-based precondition checks. Fixes: https://redhat.atlassian.net/browse/OSDOCS-19867 --- modules/oc-adm-upgrade-recommend.adoc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/oc-adm-upgrade-recommend.adoc b/modules/oc-adm-upgrade-recommend.adoc index e76addcfcf75..eaf1cf21268d 100644 --- a/modules/oc-adm-upgrade-recommend.adoc +++ b/modules/oc-adm-upgrade-recommend.adoc @@ -17,6 +17,17 @@ You can use the information provided by the output to make informed decisions ab .Prerequisites * You installed the latest version of {oc-first}. +* You are logged in with a token-based identity, such as `kubeadmin`, by using the `oc login` command. ++ +[NOTE] +==== +The `oc adm upgrade recommend` command requires a bearer token to query the cluster's Thanos monitoring service for firing alerts. Certificate-based authentication, such as the `system:admin` identity provided in the default `kubeconfig` file from the installation program, does not satisfy this requirement. If you use certificate-based authentication, the command output displays the following message and skips all alert-based precondition checks: + +[source,terminal] +---- +Failed to check for at least some preconditions: no token is currently in use for this session +---- +==== .Procedure