Description of the problem: I tried switching one of our patterns to ACM 2.5 (so this is a new deployment from scratch) and I noticed that the managed clusters keep throwing the following error in a loop: bandini-one/open-cluster-management-agent-addon-klusterlet-addon-workmgr-c4f4fcbff-qjffh-acm-agent.log:1.6547772469799838e+09^IERROR^Icontroller.ClusterClaim^IReconciler error^I{"name": "", "namespace": "", "error": "unable to create ClusterClaim: &{{ } {clusterGroup 0 0001-01-01 00:00:00 +0000 UTC <nil> <nil> map[open-cluster-management.io/hub-managed: open-cluster-management.io/spoke-only: velero.io/exclude-from-backup:true] map[] [] [] []} {region-one}}, ClusterClaim.cluster.open-cluster-management.io \"clusterGroup\" is invalid: metadata.name: Invalid value: \"clusterGroup\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')", "errorCauses": [{"error": "unable to create ClusterClaim: &{{ } {clusterGroup 0 0001-01-01 00:00:00 +0000 UTC <nil> <nil> map[open-cluster-management.io/hub-managed: open-cluster-management.io/spoke-only: velero.io/exclude-from-backup:true] map[] [] [] []} {region-one}}, ClusterClaim.cluster.open-cluster-management.io \"clusterGroup\" is invalid: metadata.name: Invalid value: \"clusterGroup\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')"}]} I just retested this on ACM 2.4.4 and the above error is not seen there. I suspect that this is due to the fact that I add "clusterGroup=region-one" in the UI when importing the cluster via remote API URL + token. I'm not yet 100% sure how impactful this error is but it's certainly a bit concerning since it's just a label and hence should not have such strict validation rules and I am not yet sure if it's at the heart of another oddity I am chasing ;) Release version: ACM 2.5.0 OCP version: 4.10.15
@michele,michele, You are right. The error found in the log of work-manager is related to the label, "clusterGroup=region-one", you added to the managed cluster. In 2.5, a clusterclaim will be created for each customized managed cluster label on the managedcluster CR. The one you added is "clusterGroup". It contains an upper case character in the name, which is not allowed to be used as the resource name in k8s. This is a bug, we'll fix it in the next z-stream release. The creation failure of clusterclaim has no impact to the functionalities of work-manager. It's safe to ignore it before the bug is fixed.
Awesome, thanks Le!
Verified on 2.5.2-FC3
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Critical: Red Hat Advanced Cluster Management 2.5.2 security fixes and bug fixes), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:6507