-
Bug
-
Resolution: Unresolved
-
Normal
-
ACM 2.11.0
-
None
-
False
-
None
-
False
-
-
-
Low
-
None
Description of problem:
I recently updated to ACM 2.11 and wanted to try out the new automated ROSA import.
updated ACM 2.10.4 / MCE 2.5.5 -> ACM 2.11.0 / MCE 2.6.0
detached my existing ROSA HCP
Used Search to find the DiscoveredCluster resource
Opened the resource with the clusterID for my ROSA HCP
edited `importAsManagedCluster: true` (changed from false)
Watched the cluster arrive to Importing phase in the clusters list
Then got errors (below)
Version-Release number of selected component (if applicable):
ACM 2.11
How reproducible:
very
Steps to Reproduce:
- ...
Actual results:
error in the UI
The cluster failed to import to the hub
AutoImportSecretInvalid rosa-hcp/auto-import-secret; please check its permission, apply resources error: [customresourcedefinitions.apiextensions.k8s.io "klusterlets.operator.open-cluster-management.io" is forbidden: User "acm-import" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope, namespaces "open-cluster-management-agent" is forbidden: User "acm-import" cannot get resource "namespaces" in API group "" in the namespace "open-cluster-management-agent", serviceaccounts "klusterlet" is forbidden: User "acm-import" cannot get resource "serviceaccounts" in API group "" in the namespace "open-cluster-management-agent", clusterrolebindings.rbac.authorization.k8s.io "klusterlet" is forbidden: User "acm-import" cannot get resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope, deployments.apps "klusterlet" is forbidden: User "acm-import" cannot get resource "deployments" in API group "apps" in the namespace "open-cluster-management-agent", secrets "bootstrap-hub-kubeconfig" is forbidden: User "acm-import" cannot get resource "secrets" in API group "" in the namespace "open-cluster-management-agent", klusterlets.operator.open-cluster-management.io "klusterlet" is forbidden: User "acm-import" cannot get resource "klusterlets" in API group "operator.open-cluster-management.io" at the cluster scope, secrets "open-cluster-management-image-pull-credentials" is forbidden: User "acm-import" cannot get resource "secrets" in API group "" in the namespace "open-cluster-management-agent"]
Expected results:
I thought it should be successfully imported.
Later, when I modified the DiscoveredCluster resource and set the importAsManagedCluster back to False and removed the annotation, I tried it again and the same thing happened.
Additional info:
I am able to successfully import this ROSA HCP when using the API + token.
- blocks
-
ACM-13010 QE: Add additional test coverage for ROSA-HCP import via Discovery
- New
- is caused by
-
ACM-10651 As a cluster admin, I want to be able to import my ROSA clusters automatically with no additional work beyond enabling the Discovery configuration.
- Closed
- is triggering
-
ACM-13010 QE: Add additional test coverage for ROSA-HCP import via Discovery
- New