IBM Multicloud Manager known issues and limitations

Review the known issues for IBM Multicloud Manager

• Cannot create a Helm release on a managed cluster
• Applications fail to install during Helm deployment
• Helm release does not appear for 3.1.2 managed cluster

Cannot create a Helm release on a managed cluster

You are unable to deploy Helm charts that contain images on a managed cluster. To fix this error, you must configure ClusterImagePolicy. Run the following command to configure ClusterImagePolicy:

apiVersion: securityenforcement.admission.cloud.ibm.com/v1beta1
kind: ClusterImagePolicy
metadata:
  annotations:
    helm.sh/hook: post-install
    helm.sh/hook-weight: "1"
  name: ibmcloud-default-cluster-image-policy
spec:
  repositories:
  - name: <repo_name>

Applications fail to install during Helm deployment

Applications fail to install during deployment when the ClusterImagePolicy is not configured.

Note: Be sure to configure ClusterImagePolicy. View the Cannot create a Helm release on a remote cluster section for information about configuring the policy.

To fix this error, reinstall your application by following the tasks:

1. Verify the status of your application by running the following command:

   helm list --tls
   

2. To delete your application, run the following command:

   helm delete releaseName --purge
   

3. Edit and locate the ClusterImagePolicy to push your images to your application. Run the following command:

   kubectl get clusterimagepolicy
   

4. Edit the ClusterImagePolicy by running the following command:

   kubectl edit clusterimagepolicy <policyname>
   

5. Reinstall your application. Run the following command:

   helm install chartName
   

For more details, see the Helm community issue .

Helm release does not appear for 3.1.2 managed cluster

If you configure a 3.1.2 managed cluster on an IBM Cloud Private 3.2.0 hub cluster, the hub cluster does not display Helm releases for your managed cluster on the Helm Release page or on the Search page.

To fix the error, complete the following procedure:

1. Log in to your managed cluster and patch the secret with the following command:

   kubectl patch secret multicluster-endpoint-tiller-client-certs -n multicluster-endpoint --type='json' -p='[{"op":"add","path":"/data/ca.crt","value":"'$(kubectl get secret -n kube-system cluster-ca-cert -o jsonpath={.data.tls\\.crt})'"}]'
   

2. Restart the search-collector pod. To restart the search-collector pod, delete the pod with the name multicluster-endpoint-search-collector-<pod-name>. Kubernetes restarts the pod.