-
Bug
-
Resolution: Done
-
Blocker
-
None
-
False
-
None
-
False
Hypershift-as-a-Service requires all clusters to be private (hub, hosting and hosted clusters). The API server of the private hosted clusters that are created by Hypershift is accessible via a service of the type LB.
# oc get service -A | grep kube-apiserver-private ocm-sbarouti-1sqfp6nqq2csj9jcvim50456j9af4u03-sbarouti253 kube-apiserver-private LoadBalancer 172.30.227.99 a8edf240064444719979e02defe666c4-d8ffd17b23ce7729.elb.us-east-1.amazonaws.com 6443:31196/TCP
It seems that the ACM is unable to connect to the private hosted cluster, and the registration agent has stopped updating its lease.
More details:
1. The status of the managedcluster created for the hosted cluster
// # oc get managedcluster 1sqfp6nqq2csj9jcvim50456j9af4u03 -oyaml .... status: capacity: core_worker: "0" socket_worker: "0" conditions: - lastTransitionTime: "2022-06-13T14:33:38Z" message: Accepted by hub cluster admin reason: HubClusterAdminAccepted status: "True" type: HubAcceptedManagedCluster - lastTransitionTime: "2022-06-13T14:38:41Z" message: Registration agent stopped updating its lease. reason: ManagedClusterLeaseUpdateStopped status: Unknown type: ManagedClusterConditionAvailable
Running dnslookup on the hosted cluster to target the hub cluster:
$ kubectl exec -i -t dnsutils -- nslookup api.hsservicei01ue1.y7tz.p1.openshiftapps.com Server: 172.30.0.10 Address: 172.30.0.10#53 Name: api.hsservicei01ue1.y7tz.p1.openshiftapps.com Address: 10.201.136.13
Running the `oc login` on the hosted cluster to log into the hub cluster:
$ kubectl exec -i -t oc -- oc login --token=sha256~PkEadShZppKck3VyNetZ-KbadTsSY-WjdNkwbdZgm1k --server=https://api.hsservicei01ue1.y7tz.p1.openshiftapps.com:6443 && oc get ns
error: dial tcp 10.201.136.13:6443: i/o timeout - verify you have provided the correct host and port and that the server is currently running.
command terminated with exit code 1