Bug 2095481

Summary: After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors
Product: Red Hat Advanced Cluster Management for Kubernetes Reporter: Michele Baldessari <michele>
Component: Cluster LifecycleAssignee: Le Yang <leyan>
Status: CLOSED ERRATA QA Contact: Hui Chen <huichen>
Severity: medium Docs Contact: Christopher Dawson <cdawson>
Priority: unspecified    
Version: rhacm-2.5CC: dhuynh, njean
Target Milestone: ---Flags: bot-tracker-sync: rhacm-2.5.z+
Target Release: rhacm-2.5.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-09-13 20:06:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michele Baldessari 2022-06-09 18:40:12 UTC 
Description of the problem:
I tried switching one of our patterns to ACM 2.5 (so this is a new deployment from scratch) and I noticed that the managed clusters keep throwing the following error in a loop:

bandini-one/open-cluster-management-agent-addon-klusterlet-addon-workmgr-c4f4fcbff-qjffh-acm-agent.log:1.6547772469799838e+09^IERROR^Icontroller.ClusterClaim^IReconciler error^I{"name": "", "namespace": "", "error": "unable to create ClusterClaim: &{{ } {clusterGroup      0 0001-01-01 00:00:00 +0000 UTC <nil> <nil> map[open-cluster-management.io/hub-managed: open-cluster-management.io/spoke-only: velero.io/exclude-from-backup:true] map[] [] []  []} {region-one}}, ClusterClaim.cluster.open-cluster-management.io \"clusterGroup\" is invalid: metadata.name: Invalid value: \"clusterGroup\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')", "errorCauses": [{"error": "unable to create ClusterClaim: &{{ } {clusterGroup      0 0001-01-01 00:00:00 +0000 UTC <nil> <nil> map[open-cluster-management.io/hub-managed: open-cluster-management.io/spoke-only: velero.io/exclude-from-backup:true] map[] [] []  []} {region-one}}, ClusterClaim.cluster.open-cluster-management.io \"clusterGroup\" is invalid: metadata.name: Invalid value: \"clusterGroup\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')"}]}

I just retested this on ACM 2.4.4 and the above error is not seen there.

I suspect that this is due to the fact that I add "clusterGroup=region-one" in the UI when importing the cluster via remote API URL + token.

I'm not yet 100% sure how impactful this error is but it's certainly a bit concerning since it's just a label and hence should not have such strict validation rules and I am not yet sure if it's at the heart of another oddity I am chasing ;)

Release version:
ACM 2.5.0

OCP version:
4.10.15
Comment 1 Le Yang 2022-06-13 08:30:27 UTC 
@michele,michele, You are right. The error found in the log of work-manager is related to the label, "clusterGroup=region-one", you added to the managed cluster. In 2.5, a clusterclaim will be created for each customized managed cluster label on the managedcluster CR. The one you added is "clusterGroup". It contains an upper case character in the name, which is not allowed to be used as the resource name in k8s. This is a bug, we'll fix it in the next z-stream release. The creation failure of clusterclaim has no impact to the functionalities of work-manager. It's safe to ignore it before the bug is fixed.
Comment 2 Michele Baldessari 2022-06-15 19:27:49 UTC 
Awesome, thanks Le!
Comment 4 dhuynh 2022-09-02 22:36:21 UTC 
Verified on 2.5.2-FC3
Comment 9 errata-xmlrpc 2022-09-13 20:06:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Critical: Red Hat Advanced Cluster Management 2.5.2 security fixes and bug fixes), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:6507