Hub and spoke connection issues
Procedure to debug issue in the hub and spoke connections. Backup & Restore service uses connection CR to setup hub and spoke connection.
You might encounter an error when you attempt setup connections between clusters.
- Connection setup fails with the following message in the connection CR:
apiVersion: application.isf.ibm.com/v1 kind: Connection metadata: name: <connection-name> namespace: <connection-namespace> spec: remoteCluster: apiEndpoint: <cluster api endpoint> connectionOperatorNamespace: <connection-namespace> heartBeatInterval: 10m initSecretName: <init-secret-name> status: conditions: - lastTransitionTime: '2023-06-15T02:31:01Z' message: 'Bootstrap token in init secret is not correct or expired: Unauthorized' reason: CreateBootstrapSecret status: 'False' type: BootstrapSecretAvaliable connectionFromRemoteClusterHealth: message: '' messageCode: '' messageType: '' connectionState: Failed connectionToRemoteClusterHealth: message: '' messageCode: '' messageType: ''- Cause
- The bootstrap token in the
initsecret is not correct or expired.
- Resolution
-
- Get the bootstrap token
again.
oc create token isf-application-operator-cluster-bootstrap -n <connection-namespace> - Replace the token in
initsecret:oc edit secret <init-secret-name> -n <connection-namespace>
- Get the bootstrap token
again.
- The CA certificate of peer cluster is not correct error occurs in connection CR:
- Cause
- The CAcert in the configmap
kube-root-ca.crtand namespacekube-publicof the remote cluster is not correct.
- Resolution
- In the remote cluster, place the right CAcert in the configmap
kube-root-ca.crtand namespacekube-public. Connection pkg also provides a customized configmap.