Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

violation - secrets [hub-ca] in namespace imperative is missing, and cannot be created, reason: namespaces "imperative" not found #351

Open
adelton opened this issue Oct 31, 2023 · 4 comments
Open

violation - secrets [hub-ca] in namespace imperative is missing, and cannot be created, reason: namespaces "imperative" not found #351

adelton opened this issue Oct 31, 2023 · 4 comments

Comments

@adelton
Copy link
Contributor

adelton commented Oct 31, 2023

After finishing the steps at https://validatedpatterns.io/patterns/multicloud-gitops/ and https://validatedpatterns.io/patterns/multicloud-gitops/mcg-getting-started/ and https://validatedpatterns.io/patterns/multicloud-gitops/mcg-managed-cluster/, I see the Red Hat OpenShift GitOps operator installed on the managed cluster.

However, no applications (vault, config-demo, or hello-world) seem present on the managed cluster.

On the hub cluster, the managed cluster has "1 Policy violations" on its overview page, and displaying that violation I see

  • acm-hub-ca-config-policy: violation - secrets [hub-ca] in namespace imperative is missing, and cannot be created, reason: namespaces "imperative" not found
@adelton adelton mentioned this issue Oct 31, 2023
Open
@mbaldessari
Copy link
Contributor

Apologies for the late reply, I was out last week. Could it be that the managed cluster is missing the clusterGroup label and so the ACM policies are not all being applied? Here is an image of a managed cluster:
image

And here is a screen shot of all the policies that need will be applied to a managed cluster:
image

Your symptoms suggest that only the the acm-hub-policy is being applied, which coincidentally is the one that is not filtering on the clusterGroup label (which I think it should, but that is probably for another issue)

Would that explain the issue you see?

@mbaldessari
Copy link
Contributor

(Happy to go through all of the issues in a call, if you have time/are keen)

@adelton
Copy link
Contributor Author

adelton commented Nov 10, 2023

I think the problem might come from the

Ensure that you commit the changes and push them to GitHub so that GitOps can fetch your changes and apply them.

in https://validatedpatterns.io/patterns/multicloud-gitops/mcg-managed-cluster/ -- I can well push the changes to my fork in GitHub ... but how will the GitOps mechanism know where to fetch it from? IOW, where does one configure the repo to be used?

The page https://validatedpatterns.io/patterns/multicloud-gitops/mcg-managed-cluster/ starts with

In the value-hub.yaml file, add a managedClusterCgroup for each cluster or group of clusters that you want to manage as one.

Can't the default repo just ship the value-hub.yaml with that managedClusterGroups clusterSelector already configured, so the guidance can be "feel free to update and push to your fork (and here's where you edit the path to the fork) but if you just use the github.com/validatedpatterns/multicloud-gitops content as is, this is what you have to configured in your clusters to match what the repo assumes by default.

In other words -- forking and tweaking should be possible but should not be necessary to go through the whole setup.

@adelton
Copy link
Contributor Author

adelton commented Nov 21, 2023

For a more general problem with value-hub.yaml, see #347.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mbaldessari @adelton