Known limitations

API Connect upgrade is blocked with an error in the pgcluster custom resource for postgres

Symptom: During the upgrade of API Connect, there's an error in the postgres operator logs with the following message:

Namespace Controller: error syncing Namespace 'cp4i': unsuccessful pgcluster version check: "myinstance-mgmt-12345678-postgres" is invalid: spec.backrestStorageTypes: Invalid value: "null": spec.backrestStorageTypes in body must be of type array: "null""

Cause: backrestStorageTypes cannot be set to <nullable: true> in the pgcluster custom resource.

Solution: Follow the steps for the "Operator upgrade fails with error from API Connect operator and Postgres operator" section in Troubleshooting installation and upgrade on OpenShift (in the API Connect docs).

The Assets Admin role in API Manager does not have access to the asset repository

Symptom: When a user is added to API Manager and then assigned the Assets Admin role, that user does not get the permissions to the asset repository.

Cause: The user didn't get permission to the Assets Admin role before being added to API Manager.

Solution: Delete the user from API Manager. Re-add the user, but this time, give the user permission to the Assets Admin role before adding them to API Manager.

During upgrade, new API pod for Automation assets running in single replica mode gets stuck in Creating state

Symptom: Attempting to upgrade an Automation assets instance that is running in single replica mode leaves the new Automation assets API pod in a Creating state. The pod events show messages similar to:

Generated from attachdetach-controller
Multi-Attach error for volume "[PVC-NAME]" Volume is already used by pod(s) [POD-NAME]

Cause: The Automation assets API Deployment is using RollingUpgrade strategy, but the new pod cannot mount the existing PVC, because the original pod still has it mounted.

Solution: Locate the Automation assets API Deployment (which is called <INSTANCE-NAME>-ibm-integration-asset-repository-api), click the YAML tab, and find the strategy section:

    type: RollingUpdate
      maxUnavailable: 40%
      maxSurge: 100%

Replace it with:

    type: Recreate

Save your changes.

A user with the Viewer role in API Management is unable to push to Automation assets

Symptom: Users with the Viewer role in API Management sometimes get an option to push to Automation assets, even though they do not have permission.

This is expected behavior, because users with the Viewer role in API Management do not have permission to push to Automation assets, so they are prevented from doing so.

Unable to delete a namespace due to the OperandRequest remaining

Symptom: An attempt to delete a namespace fails, and the logs for the ODLM state, "No permission to update OperandRequest".

Cause: The OperandRequest for the operand-deployment-lifecycle-manager (ODLM) might not be deleted, causing the namespace to remain in the 'Terminating' state.

Solution: Remove the finalizers from the OperandRequest.

Creation of any Event Endpoint Management instances that require creation of certificates fail with an error condition when the cert-manager is not already installed

Symptom: The user gets an error in the Event Endpoint Management instance pod logs:

Certificate Manager is not present. This needs to be installed and the operator pod restarted for reconciles to continue

Cause: Because the Event Endpoint Management operator ('eem-operator') was installed before the 'cert-manager', Certificate Manager is not present.

Solution: Install a 'cert-manager'. When 'cert-manager' custom resource definitions (CRDs) are available in the cluster, restart the eem-operator pod so the reconcile can continue.

Attempting to log in to the Event Streams UI by clicking the Log in button after a session timeout results in an error

Symptom: After a session timeout, clicking the Log in button routes the user to a page with a Not found error.

Cause: The presence of '/login' in the URL causes the issue.

Solution: Remove '/login' from the URL. The user is redirected to the Platform UI page and can log in there.

Apple Silicon user gets an error when trying to generate an upgrade plan by using the CLI

Symptom: When attempting to generate an upgrade plan by using the CLI (following the instructions in Upgrading from 2022.2 or Upgrading from 2022.4), a user on an Apple silicon device (such as a MacBook Pro with an M1 chip) gets the following error:

docker: no matching manifest for linux/arm64/v8 in the manifest list entries

Solution: Add --platform linux/amd64 to the docker run command, for example:

docker run --platform linux/amd64 --pull=always \
  -it -v ${KUBECONFIG:-~/.kube/config}:/kube/config \
  --env KUBECONFIG=/kube/config \
  --namespace ${CP4I_NAMESPACE} \
  --to 2023.2 \

A docker run command returns a permission denied error

Symptom: When running a docker run command, you get the following error:

docker run "/kube/config": open /kube/config: permission denied

Cause: Read-write permissions are needed for KUBECONFIG (~/.kube/config).

Solution: Run the following to give the user read-write permissions to the file:

chmod +rw ~/.kube/config