Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-12849

ROSA HCP automatic discovery error

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • ACM 2.11.Z
    • ACM 2.11.0
    • Server Foundation
    • None
    • False
    • None
    • False
    • Low
    • None

      Description of problem:

      I recently updated to ACM 2.11 and wanted to try out the new automated ROSA import. 

      updated ACM 2.10.4 / MCE 2.5.5 -> ACM 2.11.0 / MCE 2.6.0

      detached my existing ROSA HCP

      Used Search to find the DiscoveredCluster resource

      Opened the resource with the clusterID for my ROSA HCP

      edited `importAsManagedCluster: true` (changed from false)

      Watched the cluster arrive to Importing phase in the clusters list

      Then got errors (below)

      Version-Release number of selected component (if applicable):

      ACM 2.11

      How reproducible:

      very

      Steps to Reproduce:

      1.  
      2.  
      3. ...

      Actual results:

      error in the UI

      The cluster failed to import to the hub

      AutoImportSecretInvalid rosa-hcp/auto-import-secret; please check its permission, apply resources error: [customresourcedefinitions.apiextensions.k8s.io "klusterlets.operator.open-cluster-management.io" is forbidden: User "acm-import" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope, namespaces "open-cluster-management-agent" is forbidden: User "acm-import" cannot get resource "namespaces" in API group "" in the namespace "open-cluster-management-agent", serviceaccounts "klusterlet" is forbidden: User "acm-import" cannot get resource "serviceaccounts" in API group "" in the namespace "open-cluster-management-agent", clusterrolebindings.rbac.authorization.k8s.io "klusterlet" is forbidden: User "acm-import" cannot get resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope, deployments.apps "klusterlet" is forbidden: User "acm-import" cannot get resource "deployments" in API group "apps" in the namespace "open-cluster-management-agent", secrets "bootstrap-hub-kubeconfig" is forbidden: User "acm-import" cannot get resource "secrets" in API group "" in the namespace "open-cluster-management-agent", klusterlets.operator.open-cluster-management.io "klusterlet" is forbidden: User "acm-import" cannot get resource "klusterlets" in API group "operator.open-cluster-management.io" at the cluster scope, secrets "open-cluster-management-image-pull-credentials" is forbidden: User "acm-import" cannot get resource "secrets" in API group "" in the namespace "open-cluster-management-agent"]

      Expected results:

      I thought it should be successfully imported.

      Later, when I modified the DiscoveredCluster resource and set the importAsManagedCluster back to False and removed the annotation, I tried it again and the same thing happened.

      Additional info:

      I am able to successfully import this ROSA HCP when using the API + token.

        1. image-2024-07-31-16-59-21-208.png
          image-2024-07-31-16-59-21-208.png
          648 kB
        2. image (5).png
          image (5).png
          205 kB
        3. image (4).png
          image (4).png
          119 kB

            jiazhu@redhat.com Jian Zhu
            sberens@redhat.com Scott Berens
            Hui Chen Hui Chen
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated: