Known limitations

Symptom: The Event Manager instance pod logs show the following error:

Certificate Manager is not present. This needs to be installed and the operator pod restarted for reconciles to continue.

Cause: The Event Endpoint Management operator was installed before the 'cert-manager', and the operator is unable to detect the now installed certificate manager.

Solution:

1. Install a certificate manager. For more information about installing the cert-manager Operator for Red Hat OpenShift, see Installing the operators by using the Red Hat OpenShift console or Installing the operators by using the CLI.

2. Restart the eem-operator pod so the reconcile can continue.

Symptom: Deployment of a new Kafka cluster can take longer than expected (more than an hour) to complete.

Solution: This is caused by a high number of threads created during startup, and will resolve once the system is under less load.

Symptom: After a period of inactivity the browser can timeout on the "Select an OpenAPI Specification" page, displaying the following error:

could not add asset, parent window missing

Solution: Reload the "Select an OpenAPI Specification" page.

Symptom: When running a docker run command, you get the following error:

docker run "/kube/config": open /kube/config: permission denied

Cause: Read-write permissions are needed for KUBECONFIG (~/.kube/config).

Solution: Run the following to give the user read-write permissions to the file:

chmod +rw ~/.kube/config

Symptom. When the Platform UI is installed, the user gets an error similar to the following: Subscription rhbk-operator in the `integration` namespace isn't created by ODLM Cause: The Keycloak operator was installed manually (by the user), instead of being installed automatically by Cloud Pak for Integration.

Solution: Uninstall the Keycloak operator that was installed manually. The Operand Deployment Lifecycle Manager (ODLM) automatically creates a new Keycloak operator and the Platform UI installation proceeds as expected.

Symptom: When following the instructions for "Generating an upgrade plan using the CLI" in Upgrading from 16.1.0 for an online (connected) installation, you are unable to generate the upgrade plan.

Cause: You may not have the correct configuration or permissions for Docker or Podman, or there is an error in the KUBECONFIG command.

Solution:

• On your online (connected) OpenShift cluster, run the oc admin command:

  oc adm must-gather --image=icr.io/cpopen/ibm-integration-upgrade-must-gather:v4 -- /usr/bin/gather --namespace openshift-operators --to 16.1.1 --verbose

Issue: Clicking Monitoring in the Platform UI returns "Entity not found".

Cause: To diagnose the issue, confirm there's a connection between the instance and the Instana agent.

1. Sign in to the Instana user interface.

2. Click Infrastructure > Entity Explore > Search/Find Capability > view instance. If you are unable to find the instance, there is an issue with the connection between the Instana agent (sensor) and the instance.

3. Identify the nodes that the instance is running on, then find the instana-agent pods running on the same node to get the sensor-related logs for the instance.

Solution: Review the Instana configuration for the instance and refer to the applicable configuration guide for the monitored instance.

Symptom: OpenShift creates FailedToRetrieveImagePullSecret warning events for Cloud Pak for Integration pods, even though pods are running successfully. For example:

Events:
  Type     Reason                           Age                    From     Message
  ----     ------                           ----                   ----     -------
  Warning  FailedToRetrieveImagePullSecret  89s (x15803 over 13d)  kubelet  Unable to retrieve some image pull secrets (ibm-entitlement-key); attempting to pull the image may not succeed.

Cause: A change in OpenShift 4.15 and above produces warning events when a pull secret is missing, even if the image pull is successful and the pod is running correctly. Previously, missing pull secrets were silently ignored. Cloud Pak for Integration automatically adds pull secret references with known names to pods to make it simple to add pull secrets for use with Cloud Pak for Integration. If you are not using these pull secrets, they now trigger the warning events.

If you are using a global pull secret, the ibm-entitlement-key secret may not exist in the same namespace as the pod, triggering the warning. You might use a global pull secret for these reasons:

• To provide authentication to a local registry mirror for a network-restricted environment.

• To simplify pull secret management for an online cluster. Other pull secrets added to Cloud Pak for Integration pods by default may also trigger the warning.

Solution: If the image has been pulled successfully, you can ignore the warnings. You can also suppress the warnings by creating an empty secret. Get the list of missing pull secrets from the warning message and create them by running the following command for each missing pull secret:

oc create secret generic [secret-name] -n [namespace]

For example:

oc create secret generic ibm-entitlement-key -n integration

Symptom: The Keycloak banner does not display correctly.

Cause: Because of an issue with the display name in the HTML, the banner isn't replaced by the CSS.

Solution: Follow these steps:

1. Log in to the Keycloak admin interface (from the Platform UI, click the navigation menu icon, then click Administration > Access control).

2. In the navigation pane, click to expand the dropdown menu and select the IBM Cloud Pak theme.

3. Click Realm settings.

4. Under the general tab, set the HTML Display name to <div class="kc-logo-text"><span>IBM Cloud Pak</span></div> and click Save.