Hub and spoke connection issues
Procedure to debug issue in the hub and spoke connections. Backup & Restore service uses connection CR to setup hub and spoke connection.
You might encounter an error when you attempt setup connections between clusters.
Bootstrap token in init secret is not correct or expired: Unauthorized
- Problem statement
- Connection setup fails with the following message in the connection CR:
apiVersion: application.isf.ibm.com/v1 kind: Connection metadata: name: <connection-name> namespace: <connection-namespace> spec: remoteCluster: apiEndpoint: <cluster api endpoint> connectionOperatorNamespace: <connection-namespace> heartBeatInterval: 10m initSecretName: <init-secret-name> status: conditions: - lastTransitionTime: '2023-06-15T02:31:01Z' message: 'Bootstrap token in init secret is not correct or expired: Unauthorized' reason: CreateBootstrapSecret status: 'False' type: BootstrapSecretAvaliable connectionFromRemoteClusterHealth: message: '' messageCode: '' messageType: '' connectionState: Failed connectionToRemoteClusterHealth: message: '' messageCode: '' messageType: ''
- Cause
- The bootstrap token in the
init
secret is not correct or expired.
- Resolution
-
- Get the bootstrap token
again.
oc create token isf-application-operator-cluster-bootstrap -n <connection-namespace>
- Replace the token in
init
secret:oc edit secret <init-secret-name> -n <connection-namespace>
- Get the bootstrap token
again.
CA certificate of peer cluster is not correct
- Problem statement
- The CA certificate of peer cluster is not correct error occurs in connection CR.
- Cause
- The CAcert in the configmap
kube-root-ca.crt
in namespacekube-public
of the remote cluster is not correct.
- Resolution
- In the remote cluster, place the right CAcert in the configmap
kube-root-ca.crt
and namespacekube-public
. Connection pkg also provides a customized configmap.