Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-11604

ACM install failing due to RBAC issues with hypershift

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • None
    • MCE 2.6.0
    • HyperShift
    • None
    • Critical

      Latest 2.11 ds build fails to install due to which seems to be rbac issues

      hypershift-manager-pod logs
      I0514 13:03:00.417673 1 event.go:364] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"multicluster-engine", Name:"multicluster-engine", UID:"", APIVersion:"v1", ResourceVersion:"", FieldPath:""}): type: 'Warning' reason: 'RoleCreateFailed' Failed to create Role.rbac.authorization.k8s.io/open-cluster-management:hypershift-addon:agent -n local-cluster: roles.rbac.authorization.k8s.io "open-cluster-management:hypershift-addon:agent" is forbidden: user "system:serviceaccount:multicluster-engine:hypershift-addon-manager-sa" (groups=["system:serviceaccounts" "system:serviceaccounts:multicluster-engine" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
       

      {APIGroups:["discovery.open-cluster-management.io"], Resources:["discoveredclusters"], Verbs:["*"]}

       
      E0514 13:11:18.416203 1 base_controller.go:159] "addon-registration-controller" controller failed to sync "local-cluster/hypershift-addon", err: roles.rbac.authorization.k8s.io "open-cluster-management:hypershift-addon:agent" is forbidden: user "system:serviceaccount:multicluster-engine:hypershift-addon-manager-sa" (groups=["system:serviceaccounts" "system:serviceaccounts:multicluster-engine" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
       

      {APIGroups:["discovery.open-cluster-management.io"], Resources:["discoveredclusters"], Verbs:["*"]}

       
      I0514 13:11:18.416246 1 event.go:364] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"multicluster-engine", Name:"multicluster-engine", UID:"", APIVersion:"v1", ResourceVersion:"", FieldPath:""}): type: 'Warning' reason: 'RoleCreateFailed' Failed to create Role.rbac.authorization.k8s.io/open-cluster-management:hypershift-addon:agent -n local-cluster: roles.rbac.authorization.k8s.io "open-cluster-management:hypershift-addon:agent" is forbidden: user "system:serviceaccount:multicluster-engine:hypershift-addon-manager-sa" (groups=["system:serviceaccounts" "system:serviceaccounts:multicluster-engine" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
       
      I0514 12:46:20.364781 1 event.go:364] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"multicluster-engine", Name:"multicluster-engine", UID:"", APIVersion:"v1", ResourceVersion:"", FieldPath:""}): type: 'Warning' reason: 'RoleCreateFailed' Failed to create Role.rbac.authorization.k8s.io/open-cluster-management:hypershift-addon:agent -n local-cluster: roles.rbac.authorization.k8s.io "open-cluster-management:hypershift-addon:agent" is forbidden: user "system:serviceaccount:multicluster-engine:hypershift-addon-manager-sa" (groups=["system:serviceaccounts" "system:serviceaccounts:multicluster-engine" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
      {APIGroups:["discovery.open-cluster-management.io"], Resources:["discoveredclusters"], Verbs:["*"]}
      E0514 12:51:18.414171 1 base_controller.go:159] "addon-registration-controller" controller failed to sync "local-cluster/hypershift-addon", err: roles.rbac.authorization.k8s.io "open-cluster-management:hypershift-addon:agent" is forbidden: user "system:serviceaccount:multicluster-engine:hypershift-addon-manager-sa" (groups=["system:serviceaccounts" "system:serviceaccounts:multicluster-engine" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
      {APIGroups:["discovery.open-cluster-management.io"], Resources:["discoveredclusters"], Verbs:["*"]}
      I0514 12:51:18.414203 1 event.go:364] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"multicluster-engine", Name:"multicluster-engine", UID:"", APIVersion:"v1", ResourceVersion:"", FieldPath:""}): type: 'Warning' reason: 'RoleCreateFailed' Failed to create Role.rbac.authorization.k8s.io/open-cluster-management:hypershift-addon:agent -n local-cluster: roles.rbac.authorization.k8s.io "open-cluster-management:hypershift-addon:agent" is forbidden: user "system:serviceaccount:multicluster-engine:hypershift-addon-manager-sa" (groups=["system:serviceaccounts" "system:serviceaccounts:multicluster-engine" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
      {APIGroups:["discovery.open-cluster-management.io"], Resources:["discoveredclusters"], Verbs:["*"]}
       

            rokejungrh Roke Jung
            kurwang@redhat.com Kurtis Wang
            David Huynh David Huynh
            ACM QE Team
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: