How to Resolve OpenIDConnectProvider or KMS Key Issues Causing Limited Support on Your ROSA Hosted Control Plane Cluster

Solution In Progress - Updated -

Issue

  • Red Hat OpenShift Service on AWS (ROSA) Hosted Control Plane (HCP) cluster has entered a Limited Support state with the following Service Log message:
Your cluster requires action because Red Hat is either unable to access the infrastructure with the provided credentials or the credentials lack the necessary permissions to perform required actions. Please restore the credentials and permissions configured during the installation. If the associated OpenIDConnectProvider has been deleted, you can recreate it by running the following command: rosa create oidc-provider --cluster $CLUSTER. If etcd encryption is enabled, ensure that Red Hat has access to your custom KMS key. For more details, refer to the documentation: https://docs.openshift.com/rosa/rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.html#creating-cluster-with-aws-kms-key.

Environment

  • Red Hat OpenShift Service on AWS (ROSA) Hosted Control Plane (HCP)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content