can't connect with openshift cluster and azure arc

naohiro.j 1 Reputation point
2022-11-16T14:41:31.723+00:00

I want to connect the Openshift container platform built on-premises to kubernetes for azure arc.

I performed the following as a reference procedure(https://thomasvanlaere.com/posts/2021/07/local-openshift-4-with-azure-app-services-on-azure-arc/) ,
but an error message like the attached screenshot appears, and it seems that it has not succeeded.

""""
The cluster is not ready to support connections. Cluster registration may still be running or an error may have occurred. If this is a recently registered cluster, please check back later after registration is complete. If this is not a new cluster, more information on troubleshooting information
""""

I have a service account bearer token, but the input field is grayed out and I cannot enter it.

I checked the contents of the link(https://go.microsoft.com/fwlink/?linkid=2174222),
but there was no problem.

Please advise the cause and solution

The environment is as follows.

The version of Openshift is as follows.
・Client Version: 4.10.17
・Server Version: 4.10.17
・Kubernetes Version: v1.23.5+3afdacb

Other information is below.
・azure-cli 2.42.0
・core 2.42.0
・telemetry 1.0.8
Extensions:
・connectedk8s 1.3.5
・customlocation 0.1.3
・k8s-extension 1.3.6
・appservice-kube 0.2.2
Dependencies:
・msal 1.20.0
・azure-mgmt-resource 21.1.0b1

・NW environment without Proxy.

The status of the openshift cluster is as below

oc get all -n azure-arc

NAME READY STATUS RESTARTS AGE
pod/cluster-metadata-operator-77895ddcd7-xrd7r 2/2 Running 0 24h
pod/clusterconnect-agent-84dff79cd9-brvk8 3/3 Running 0 24h
pod/clusteridentityoperator-7df5589966-f5875 2/2 Running 1 (24h ago) 24h
pod/config-agent-5899b7887-gdzgr 2/2 Running 1 (24h ago) 24h
pod/controller-manager-8565bfd849-4xt6h 2/2 Running 1 (24h ago) 24h
pod/extension-manager-6f9dccc74d-jvmr8 2/2 Running 1 (24h ago) 24h
pod/flux-logs-agent-576bfc88c6-4rj7p 1/1 Running 0 24h
pod/kube-aad-proxy-6657679d57-zz5wb 2/2 Running 0 24h
pod/metrics-agent-5467b679bf-sqgpg 2/2 Running 0 24h
pod/resource-sync-agent-6c67b5d58-5697b 2/2 Running 1 (24h ago) 24h

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/flux-logs-agent ClusterIP 172.30.105.66 <none> 80/TCP 24h
service/kube-aad-proxy ClusterIP 172.30.221.11 <none> 443/TCP,8080/TCP 24h

NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/cluster-metadata-operator 1/1 1 1 24h
deployment.apps/clusterconnect-agent 1/1 1 1 24h
deployment.apps/clusteridentityoperator 1/1 1 1 24h
deployment.apps/config-agent 1/1 1 1 24h
deployment.apps/controller-manager 1/1 1 1 24h
deployment.apps/extension-manager 1/1 1 1 24h
deployment.apps/flux-logs-agent 1/1 1 1 24h
deployment.apps/kube-aad-proxy 1/1 1 1 24h
deployment.apps/metrics-agent 1/1 1 1 24h
deployment.apps/resource-sync-agent 1/1 1 1 24h

NAME DESIRED CURRENT READY AGE
replicaset.apps/cluster-metadata-operator-77895ddcd7 1 1 1 24h
replicaset.apps/clusterconnect-agent-84dff79cd9 1 1 1 24h
replicaset.apps/clusteridentityoperator-7df5589966 1 1 1 24h
replicaset.apps/config-agent-5899b7887 1 1 1 24h
replicaset.apps/controller-manager-8565bfd849 1 1 1 24h
replicaset.apps/extension-manager-6f9dccc74d 1 1 1 24h
replicaset.apps/flux-logs-agent-576bfc88c6 1 1 1 24h
replicaset.apps/kube-aad-proxy-6657679d57 1 1 1 24h
replicaset.apps/metrics-agent-5467b679bf 1 1 1 24h
replicaset.apps/resource-sync-agent-6c67b5d58 1 1 1 24h

oc get all -n appservice-ns

NAME READY STATUS RESTARTS AGE
pod/appservice-ext-k8se-activator-6c55b7fc5-28c2k 1/1 Running 0 10h
pod/appservice-ext-k8se-activator-6c55b7fc5-8d85f 1/1 Running 0 10h
pod/appservice-ext-k8se-app-controller-5f5468b8c6-6vtp8 1/1 Running 0 10h
pod/appservice-ext-k8se-app-controller-5f5468b8c6-slrhf 1/1 Running 0 10h
pod/appservice-ext-k8se-build-service-57b9b67fc4-rtwwg 2/2 Running 0 10h
pod/appservice-ext-k8se-envoy-795b69d46f-8xz28 1/1 Running 0 10h
pod/appservice-ext-k8se-envoy-795b69d46f-95n82 1/1 Running 0 10h
pod/appservice-ext-k8se-envoy-795b69d46f-rnt9k 1/1 Running 0 10h
pod/appservice-ext-k8se-envoy-controller-6b9ff97b7d-58dv4 1/1 Running 0 10h
pod/appservice-ext-k8se-envoy-controller-6b9ff97b7d-br7r4 1/1 Running 0 10h
pod/appservice-ext-k8se-http-scaler-5fdc686d4f-wdvrv 1/1 Running 0 10h
pod/appservice-ext-k8se-img-cacher-gc8c9 1/1 Running 0 10h
pod/appservice-ext-k8se-img-cacher-jl9z5 1/1 Running 0 10h
pod/appservice-ext-k8se-img-cacher-shkhb 1/1 Running 0 10h
pod/appservice-ext-k8se-img-cacher-txkqn 1/1 Running 0 10h
pod/appservice-ext-k8se-img-cacher-x2n9d 1/1 Running 0 10h
pod/appservice-ext-k8se-keda-metrics-apiserver-95857b6d4-879ss 1/1 Running 0 10h
pod/appservice-ext-k8se-keda-operator-5dc86cb579-d6m4k 1/1 Running 0 10h
pod/appservice-ext-k8se-log-processor-4sq5z 1/1 Running 0 9h
pod/appservice-ext-k8se-log-processor-54cwb 1/1 Running 0 9h
pod/appservice-ext-k8se-log-processor-fxgpp 1/1 Running 0 9h
pod/appservice-ext-k8se-log-processor-lzcjq 1/1 Running 0 9h
pod/appservice-ext-k8se-log-processor-rwwh5 1/1 Running 0 9h
pod/appservice-ext-k8se-log-processor-rxwdz 1/1 Running 0 9h
pod/appservice-ext-k8se-log-processor-vmf48 1/1 Running 0 9h
pod/appservice-ext-k8se-log-processor-wrsck 1/1 Running 0 9h

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/appservice-ext-k8se-activator ClusterIP 172.30.139.212 <none> 4045/TCP,4050/TCP,4046/TCP 10h
service/appservice-ext-k8se-build-service ClusterIP 172.30.196.35 <none> 8181/TCP,4343/TCP 10h
service/appservice-ext-k8se-envoy ClusterIP 172.30.107.6 <none> 80/TCP,443/TCP 10h
service/appservice-ext-k8se-envoy-controller ClusterIP 172.30.60.186 <none> 9090/TCP 10h
service/appservice-ext-k8se-envoy-internal ClusterIP 172.30.13.158 <none> 80/TCP,443/TCP 10h
service/appservice-ext-k8se-http-scaler ClusterIP 172.30.88.118 <none> 4055/TCP,4050/TCP 10h
service/appservice-ext-k8se-keda-metrics-apiserver ClusterIP 172.30.50.188 <none> 443/TCP,80/TCP 10h

NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/appservice-ext-k8se-img-cacher 5 5 5 5 5 <none> 10h
daemonset.apps/appservice-ext-k8se-log-processor 8 8 8 8 8 <none> 10h

NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/appservice-ext-k8se-activator 2/2 2 2 10h
deployment.apps/appservice-ext-k8se-app-controller 2/2 2 2 10h
deployment.apps/appservice-ext-k8se-build-service 1/1 1 1 10h
deployment.apps/appservice-ext-k8se-envoy 3/3 3 3 10h
deployment.apps/appservice-ext-k8se-envoy-controller 2/2 2 2 10h
deployment.apps/appservice-ext-k8se-http-scaler 1/1 1 1 10h
deployment.apps/appservice-ext-k8se-keda-metrics-apiserver 1/1 1 1 10h
deployment.apps/appservice-ext-k8se-keda-operator 1/1 1 1 10h

NAME DESIRED CURRENT READY AGE
replicaset.apps/appservice-ext-k8se-activator-6c55b7fc5 2 2 2 10h
replicaset.apps/appservice-ext-k8se-app-controller-5f5468b8c6 2 2 2 10h
replicaset.apps/appservice-ext-k8se-build-service-57b9b67fc4 1 1 1 10h
replicaset.apps/appservice-ext-k8se-envoy-795b69d46f 3 3 3 10h
replicaset.apps/appservice-ext-k8se-envoy-controller-6b9ff97b7d 2 2 2 10h
replicaset.apps/appservice-ext-k8se-http-scaler-5fdc686d4f 1 1 1 10h
replicaset.apps/appservice-ext-k8se-keda-metrics-apiserver-95857b6d4 1 1 1 10h
replicaset.apps/appservice-ext-k8se-keda-operator-5dc86cb579 1 1 1 10h

NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/keda-hpa-appservice-ext-k8se-envoy Deployment/appservice-ext-k8se-envoy 4%/50% 3 5 3 10h

260980-image.png
260986-image.png

Azure Arc
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
383 questions
{count} votes

1 answer

Sort by: Most helpful
  1. VasimTamboli 4,785 Reputation points
    2023-05-19T13:17:25.3866667+00:00

    The error message you provided states that the cluster is not ready to support connections, and it suggests checking if the cluster registration is still ongoing or if there is an error.

    To troubleshoot this issue, here are a few steps you can try:

    Validate Cluster Registration: Ensure that the cluster registration process has completed successfully. It may take some time for the registration to finish, so it's worth checking back later to see if the issue persists.

    Check Azure Arc Documentation: Review the official Azure Arc documentation for OpenShift and Kubernetes. Make sure you have followed all the necessary steps and prerequisites for connecting your OpenShift cluster to Azure Arc. Pay attention to any specific configuration or networking requirements.

    Verify Network Connectivity: Ensure that there is network connectivity between your OpenShift cluster and Azure Arc. Check if any firewalls, network security groups, or proxy configurations are blocking the communication. You mentioned that you are in a non-proxy network environment, but double-check all network settings to be sure.

    Validate Service Account Bearer Token: Although you mentioned that the input field for the service account bearer token is grayed out, make sure that the token you have is valid and has the necessary permissions to connect the cluster to Azure Arc. If the field remains uneditable, it could be a UI issue or a configuration problem.

    1. Review Logs: Check the logs and events from the OpenShift cluster and the Azure Arc components for any error messages or relevant information. These logs can provide valuable insights into the underlying cause of the connection issue
    0 comments No comments