From 3b0ac7bca604c3771d348cdc4d877c32c7f34b44 Mon Sep 17 00:00:00 2001 From: Abhijeet Sadawarte Date: Thu, 21 May 2026 19:59:37 +0530 Subject: [PATCH] Add token-based auth prerequisite for oc adm upgrade recommend The recommend command requires a bearer token to query the Thanos monitoring route. Certificate-based auth (system:admin from the installer kubeconfig) causes the command to silently skip all alert-based precondition checks. Fixes: https://redhat.atlassian.net/browse/OSDOCS-19867 --- modules/oc-adm-upgrade-recommend.adoc | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/oc-adm-upgrade-recommend.adoc b/modules/oc-adm-upgrade-recommend.adoc index e76addcfcf75..c6252b75f5b7 100644 --- a/modules/oc-adm-upgrade-recommend.adoc +++ b/modules/oc-adm-upgrade-recommend.adoc @@ -17,6 +17,14 @@ You can use the information provided by the output to make informed decisions ab .Prerequisites * You installed the latest version of {oc-first}. +* You are logged in with a token-based identity, such as `kubeadmin`, by using the `oc login` command. ++ +[NOTE] +==== +The `oc adm upgrade recommend` command requires a bearer token to query the cluster's Thanos monitoring service for firing alerts. Certificate-based authentication, such as the `system:admin` identity provided in the default `kubeconfig` file from the installer, does not satisfy this requirement. If you use certificate-based authentication, the command output displays the following message and skips all alert-based precondition checks: + +`Failed to check for at least some preconditions: no token is currently in use for this session` +==== .Procedure