Skip to content

Cluster with error status '"fleet-default/<cluster-name>-admission-configuration-psact" not found' after migrating Rancher with rancher-backup operator

This document (000021888) is provided subject to the disclaimer at the end of this document.

Environment

  • A Rancher v2.x instance migrated between clusters, using rancher-backup operator 105.0.0+up6.0.0 or < 104.1.0+up5.0.4
  • A Rancher-provisioned RKE2 or K3s cluster with a Pod Security Admission Configuration Template configured

Situation

After migrating a Rancher instance using the rancher-backup operator, with a backup created using rancher-backup operator 105.0.0+up6.0.0 or < 104.1.0+up5.0.4, Rancher-provisioned RKE2 or K3s clusters, with a Pod Security Admission Configuration Template configured, are in an error state with the following message:



Error retrieving secret fleet-default/<cluster-name>-admission-configuration-psact while rendering files: secrets "<cluster-name>-admission-configuration-psact" not found

Resolution

The issue can be mitigated by upgrading the version of the rancher-backup operator that is used to perform the backup and restore during migration, to a version > 104.1.0+up5.0.4, with the exception of 105.0.0+up6.0.0.

To resolve this after migration with an affected rancher-backup operator version, you must manually transfer the missing Fleet secret from the existing Rancher local cluster to the new cluster, to which Rancher has been migrated.

If the existing cluster is still accessible, use kubectl to export the missing secret as a YAML file and create it in the new cluster:

  1. Identify the full name and namespace of the secret from the error message: <namespace>/<cluster-name>-admission-configuration-psact
  2. Run the following command against the existing cluster, replacing <cluster-name> and <namespace>:

kubectl get secret <cluster-name>-admission-configuration-psact --namespace <namespace> -o yaml > fleet-secret.yaml
3. Apply the secret manifest in the new Rancher local cluster:

kubectl apply -f fleet-secret.yaml

Cause

The issue is caused by the failure of the rancher-backup operator to back up admission-configuration-psact secrets in backup-operator 105.0.0+up6.0.0 or < 104.1.0+up5.0.4

Additional Information

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.