-
Bug
-
Resolution: Done
-
Blocker
-
None
-
MCE 2.6.0
-
None
Latest 2.11 ds build fails to install due to which seems to be rbac issues
hypershift-manager-pod logs
I0514 13:03:00.417673 1 event.go:364] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"multicluster-engine", Name:"multicluster-engine", UID:"", APIVersion:"v1", ResourceVersion:"", FieldPath:""}): type: 'Warning' reason: 'RoleCreateFailed' Failed to create Role.rbac.authorization.k8s.io/open-cluster-management:hypershift-addon:agent -n local-cluster: roles.rbac.authorization.k8s.io "open-cluster-management:hypershift-addon:agent" is forbidden: user "system:serviceaccount:multicluster-engine:hypershift-addon-manager-sa" (groups=["system:serviceaccounts" "system:serviceaccounts:multicluster-engine" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
E0514 13:11:18.416203 1 base_controller.go:159] "addon-registration-controller" controller failed to sync "local-cluster/hypershift-addon", err: roles.rbac.authorization.k8s.io "open-cluster-management:hypershift-addon:agent" is forbidden: user "system:serviceaccount:multicluster-engine:hypershift-addon-manager-sa" (groups=["system:serviceaccounts" "system:serviceaccounts:multicluster-engine" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
I0514 13:11:18.416246 1 event.go:364] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"multicluster-engine", Name:"multicluster-engine", UID:"", APIVersion:"v1", ResourceVersion:"", FieldPath:""}): type: 'Warning' reason: 'RoleCreateFailed' Failed to create Role.rbac.authorization.k8s.io/open-cluster-management:hypershift-addon:agent -n local-cluster: roles.rbac.authorization.k8s.io "open-cluster-management:hypershift-addon:agent" is forbidden: user "system:serviceaccount:multicluster-engine:hypershift-addon-manager-sa" (groups=["system:serviceaccounts" "system:serviceaccounts:multicluster-engine" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
I0514 12:46:20.364781 1 event.go:364] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"multicluster-engine", Name:"multicluster-engine", UID:"", APIVersion:"v1", ResourceVersion:"", FieldPath:""}): type: 'Warning' reason: 'RoleCreateFailed' Failed to create Role.rbac.authorization.k8s.io/open-cluster-management:hypershift-addon:agent -n local-cluster: roles.rbac.authorization.k8s.io "open-cluster-management:hypershift-addon:agent" is forbidden: user "system:serviceaccount:multicluster-engine:hypershift-addon-manager-sa" (groups=["system:serviceaccounts" "system:serviceaccounts:multicluster-engine" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
{APIGroups:["discovery.open-cluster-management.io"], Resources:["discoveredclusters"], Verbs:["*"]}
E0514 12:51:18.414171 1 base_controller.go:159] "addon-registration-controller" controller failed to sync "local-cluster/hypershift-addon", err: roles.rbac.authorization.k8s.io "open-cluster-management:hypershift-addon:agent" is forbidden: user "system:serviceaccount:multicluster-engine:hypershift-addon-manager-sa" (groups=["system:serviceaccounts" "system:serviceaccounts:multicluster-engine" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
{APIGroups:["discovery.open-cluster-management.io"], Resources:["discoveredclusters"], Verbs:["*"]}
I0514 12:51:18.414203 1 event.go:364] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"multicluster-engine", Name:"multicluster-engine", UID:"", APIVersion:"v1", ResourceVersion:"", FieldPath:""}): type: 'Warning' reason: 'RoleCreateFailed' Failed to create Role.rbac.authorization.k8s.io/open-cluster-management:hypershift-addon:agent -n local-cluster: roles.rbac.authorization.k8s.io "open-cluster-management:hypershift-addon:agent" is forbidden: user "system:serviceaccount:multicluster-engine:hypershift-addon-manager-sa" (groups=["system:serviceaccounts" "system:serviceaccounts:multicluster-engine" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
{APIGroups:["discovery.open-cluster-management.io"], Resources:["discoveredclusters"], Verbs:["*"]}