Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: ACM 2.8.0, ACM 2.7.0
Component/s: Business Continuity
Labels:
- Train-02

Blocked:
False
Blocked Reason:
None
Ready:
False
Regression:
No
Intelligence Requested:
Market:

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

When restoring the imported managed clusters, if the MSA auto import feature is used and the auto-import-pair token is used , you see this error

This is because the RoleBinding for the auto-import-account-pair service account was not created.

The workaround is to manually create the role binding on the managed cluster

lastTransitionTime: "2023-03-28T15:02:13Z"
message: 'AutoImportSecretInvalid hosting-cluster/auto-import-secret; please check
its permission, apply resources error: secrets "bootstrap-hub-kubeconfig" is
forbidden: User "system:serviceaccount:open-cluster-management-agent-addon:auto-import-account-pair"
cannot get resource "secrets" in API group "" in the namespace "open-cluster-management-agent"'
reason: ManagedClusterImportFailed
status: "False"
type: ManagedClusterImportSucceeded

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name:managedserviceaccount-import-pair
subjects:
-kind:ServiceAccount
name:auto-import-account-pair
namespace:open-cluster-management-agent-addon
roleRef:
apiGroup:rbac.authorization.k8s.io
kind:ClusterRole
name:klusterlet-bootstrap-kubeconfig

Assignee:: Valentina Birsan

Reporter:: Valentina Birsan

QA Contact:: Thuy Nguyen

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2023/03/28 4:10 PM

Updated:: 2023/03/29 6:44 PM

Resolved:: 2023/03/29 6:44 PM

Estimated:

Remaining:

Logged:

Not Specified

Details

Description

Attachments

Activity

People

Dates

Time Tracking

Hide