Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-9123

Trying to upgrade a managed cluster fails with user forbidden errors

XMLWordPrintable

    • False
    • None
    • False
    • -
    • No

      Description of problem:

      Trying to upgrade an managed cluster fails with user forbidden errors

      Version-Release number of selected component (if applicable): 2.9

      How reproducible: NA

      Steps to Reproduce:

      1. Upgrade the managed cluster using ACM UI

      Actual results:

      Nothing happens

      Expected results:

      Cluster should get upgraded to a newer version̄.

      Additional info:

      cluster-curator-controller shows the below logs which seem to indicate insufficient permissions on the service account role:

      2023-12-14T19:06:38.999462102Z I1214 19:06:38.999435       1 helpers.go:444] Curator "mytestcluster45" version, current=4.12.44 desired=4.12.45
2023-12-14T19:06:38.999462102Z I1214 19:06:38.999439       1 rbac.go:221] Check if serviceAccount cluster-installer exists
2023-12-14T19:06:39.002371550Z I1214 19:06:39.002325       1 rbac.go:235] Check if ClusterRole curator exists
2023-12-14T19:06:39.004959499Z I1214 19:06:39.004917       1 rbac.go:237]  Creating ClusterRole curator
2023-12-14T19:06:39.042682753Z I1214 19:06:39.042627       1 rbac.go:242]  Created ClusterRole ✓
2023-12-14T19:06:39.042682753Z I1214 19:06:39.042654       1 rbac.go:245] Check if RoleBinding cluster-installer exists
2023-12-14T19:06:39.098341452Z I1214 19:06:39.098280       1 job.go:339] Creating Curator job curator-job in namespace mytestcluster45
2023-12-14T19:06:39.498644390Z I1214 19:06:39.498579       1 job.go:362]  Created Curator job  ✓ (curator-job-rgpp7)
2023-12-14T21:22:48.062824937Z I1214 21:22:48.062763       1 helpers.go:409] Previous curator "mytestcluster45" is failed, "curator-job-rgpp7 DesiredCuration: upgrade Version (4.12.45;;) Failed - hostedclusters.hypershift.openshift.io \"mytestcluster45\" is forbidden: User \"system:serviceaccount:mytestcluster45:cluster-installer\" cannot get resource \"hostedclusters\" in API group \"hypershift.openshift.io\" in the namespace \"mytestcluster45\""
2023-12-14T21:22:48.062824937Z I1214 21:22:48.062793       1 helpers.go:412] last job failed and desired version is unchanged, do not need to upgrade

        1. screenshot-1.png
          screenshot-1.png
          178 kB
        2. screenshot-2.png
          screenshot-2.png
          86 kB

              fxiang@redhat.com Feng Xiang
              rhn-support-mlele Mihir Lele
              Atif Shafi Atif Shafi
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: