Troubleshooting

Get help with common errors and questions

2 minute read

How do I grant RBAC permissions on a patch target?

The Applier didn’t install. What can I check?

How do I grant RBAC permissions on a patch target?

To apply or export the recommended workload settings, Optimize Live must:

Support the patch target type.
Have RBAC access permissions on the patch target.

When these permissions are missing, you’ll see a message similar to this:

please grant rbac access permissions on name/namespace: %s/%s, kind: %s, apiversion: %s

To grant RBAC access permissions:

Find the stormforge-agent values.yaml file from the Helm chart that was used to install the StormForge Agent.
- If you don’t have the file:
  1. Download the chart:
```
helm show values oci://registry.stormforge.io/library/stormforge-agent
```
    If you use a proxy server or private container registry, follow the steps in Install the StormForge Agent - advanced scenarios.
  2. Copy the .rbac section into a new file named rbac-update.yaml. Proceed to the next step.
In the rbac.additional section, add a .apiGroups section that includes the resources listed in the message.
- Remember to replace API_VERSION and KIND with the values from the message.

rbac: 
    additional: 
    - apiGroups: 
      - API_VERSION
      resources:
      - KIND
      verbs:
      - get
      - list
      - watch

Apply the changes by running one of the following commands:
- If you edited the values.yaml file:
```
helm upgrade --values.yaml 
```
- If you created a separate file named rbac-update.yaml:
```
helm upgrade --values.yaml -f rbac-update.yaml 
```

The Applier didn’t install. What can I check?

The Applier reuses the secret provided by the Agent — check for the existence of the StormForge Agent and its secret by running the following command:

By default, the Agent deployment is named stormforge-agent. If you provided a different name when you installed the Agent, use it in the kubectl command below.
Replace NAMESPACE with the namespace in which you installed the Agent (the default value is stormforge-system).
```
kubectl get deployment,secret stormforge-agent -n NAMESPACE
```

The output is similar to this:

NAME                               READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/stormforge-agent   1/1     1            1           31d

NAME                      TYPE     DATA   AGE
secret/stormforge-agent   Opaque   5      31d

If either or both of these items are missing, reinstall the Agent and then try installing the Applier again.

Last modified June 29, 2023