violation - secrets [hub-ca] in namespace imperative is missing, and cannot be created, reason: `namespaces "imperative" not found`

[adelton]

After finishing the steps at https://validatedpatterns.io/patterns/multicloud-gitops/ and https://validatedpatterns.io/patterns/multicloud-gitops/mcg-getting-started/ and https://validatedpatterns.io/patterns/multicloud-gitops/mcg-managed-cluster/, I see the Red Hat OpenShift GitOps operator installed on the managed cluster.

However, no applications (vault, config-demo, or hello-world) seem present on the managed cluster.

On the hub cluster, the managed cluster has "1 Policy violations" on its overview page, and displaying that violation I see

• acm-hub-ca-config-policy: violation - secrets [hub-ca] in namespace imperative is missing, and cannot be created, reason: namespaces "imperative" not found

[mbaldessari]

Apologies for the late reply, I was out last week. Could it be that the managed cluster is missing the clusterGroup label and so the ACM policies are not all being applied? Here is an image of a managed cluster:

And here is a screen shot of all the policies that need will be applied to a managed cluster:

Your symptoms suggest that only the the acm-hub-policy is being applied, which coincidentally is the one that is not filtering on the clusterGroup label (which I think it should, but that is probably for another issue)

Would that explain the issue you see?

[mbaldessari]

(Happy to go through all of the issues in a call, if you have time/are keen)

[adelton]

I think the problem might come from the

Ensure that you commit the changes and push them to GitHub so that GitOps can fetch your changes and apply them.

in https://validatedpatterns.io/patterns/multicloud-gitops/mcg-managed-cluster/ -- I can well push the changes to my fork in GitHub ... but how will the GitOps mechanism know where to fetch it from? IOW, where does one configure the repo to be used?

The page https://validatedpatterns.io/patterns/multicloud-gitops/mcg-managed-cluster/ starts with

In the value-hub.yaml file, add a managedClusterCgroup for each cluster or group of clusters that you want to manage as one.

Can't the default repo just ship the value-hub.yaml with that managedClusterGroups clusterSelector already configured, so the guidance can be "feel free to update and push to your fork (and here's where you edit the path to the fork) but if you just use the github.com/validatedpatterns/multicloud-gitops content as is, this is what you have to configured in your clusters to match what the repo assumes by default.

In other words -- forking and tweaking should be possible but should not be necessary to go through the whole setup.

[adelton]

For a more general problem with value-hub.yaml, see https://github.com/validatedpatterns/docs/issues/347.