Problem
In DKP v2.1, it is possible to access a managed cluster using an access token issued by Kommander. The procedure is described here. After clicking on the "Generate Token" button, the user does not see the attached cluster listed.
Other Symptoms
1. The cluster you attaching already has cert-manager
installed.
2. You may find the following error in the kommander-cm-...-controller-manager
pod log:
2022-02-08T01:59:58.332Z ERROR controller.DKAClustersController Reconciler error
{
"reconciler group": "kommander.mesosphere.io",
"reconciler kind": "KommanderCluster",
"name": "host-cluster",
"namespace": "kommander",
"error": "failed to fetch root CA from cluster <cluster name>: failed to fetch secret <namespace>/kommander-bootstrap-root-ca: secrets \"kommander-bootstrap-root-ca\" not found"
}
Solution
The cause of the issue is that DKP v2.1.1 requires you to specify cert-manager resources manually if you attach a cluster that already has cert-manager
installed. The limitation and the workaround are described in the release notes for DKP v2.1.1.