From e59fc68938a762619fd9505db2e26b1ead098bce Mon Sep 17 00:00:00 2001 From: Abhijeet Sadawarte Date: Thu, 21 May 2026 19:59:37 +0530 Subject: [PATCH] Add token-based auth prerequisite for oc adm upgrade recommend The recommend command requires a bearer token to query the Thanos monitoring route. Certificate-based auth (system:admin from the installer kubeconfig) causes the command to silently skip all alert-based precondition checks. Fixes: https://redhat.atlassian.net/browse/OSDOCS-19867 --- modules/oc-adm-upgrade-recommend.adoc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/oc-adm-upgrade-recommend.adoc b/modules/oc-adm-upgrade-recommend.adoc index 7754cb8fd5b8..b770b55eeb6a 100644 --- a/modules/oc-adm-upgrade-recommend.adoc +++ b/modules/oc-adm-upgrade-recommend.adoc @@ -22,6 +22,17 @@ The `oc adm upgrade recommend` command is read-only and does not affect the stat .Prerequisites * You installed the latest version of {oc-first}. +* You are logged in with a token-based identity, such as `kubeadmin`, by using the `oc login` command. ++ +[NOTE] +==== +The `oc adm upgrade recommend` command requires a bearer token to query the cluster's Thanos monitoring service for firing alerts. Certificate-based authentication, such as the `system:admin` identity provided in the default `kubeconfig` file from the installation program, does not satisfy this requirement. If you use certificate-based authentication, the command output displays the following message and skips all alert-based precondition checks: + +[source,terminal] +---- +Failed to check for at least some preconditions: no token is currently in use for this session +---- +==== .Procedure