Get help with common errors and questions

How do I grant RBAC permissions on a patch target?

The Applier didn’t install. What can I check?

How do I grant RBAC permissions on a patch target?

To apply or export the recommended workload settings, Optimize Live must:

  • Support the patch target type.
  • Have RBAC access permissions on the patch target.

When these permissions are missing, you’ll see a message similar to this:

please grant rbac access permissions on name/namespace: %s/%s, kind: %s, apiversion: %s

To grant RBAC access permissions:

  1. Find the stormforge-agent values.yaml file from the Helm chart that was used to install the StormForge Agent.

    • If you don’t have the file:
      1. Download the chart:

        helm show values oci://

        If you use a proxy server or private container registry, follow the steps in Install the StormForge Agent - advanced scenarios.

      2. Copy the .rbac section into a new file named rbac-update.yaml. Proceed to the next step.

  2. In the rbac.additional section, add a .apiGroups section that includes the resources listed in the message.

    • Remember to replace API_VERSION and KIND with the values from the message.
    - apiGroups: 
      - KIND
      - get
      - list
      - watch
  1. Apply the changes by running one of the following commands:
    • If you edited the values.yaml file:

      helm upgrade --values.yaml 
    • If you created a separate file named rbac-update.yaml:

      helm upgrade --values.yaml -f rbac-update.yaml 

The Applier didn’t install. What can I check?

The Applier reuses the secret provided by the Agent — check for the existence of the StormForge Agent and its secret by running the following command:

  • By default, the Agent deployment is named stormforge-agent. If you provided a different name when you installed the Agent, use it in the kubectl command below.

  • Replace NAMESPACE with the namespace in which you installed the Agent (the default value is stormforge-system).

    kubectl get deployment,secret stormforge-agent -n NAMESPACE

The output is similar to this:

NAME                               READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/stormforge-agent   1/1     1            1           31d

NAME                      TYPE     DATA   AGE
secret/stormforge-agent   Opaque   5      31d

If either or both of these items are missing, reinstall the Agent and then try installing the Applier again.

Last modified June 29, 2023