automation-suite
2023.10
false
- Overview
- Requirements
- Installation
- Post-installation
- Migration and upgrade
- Upgrading Automation Suite on EKS/AKS
- Step 1: Moving the Identity organization data from standalone to Automation Suite
- Step 2: Restoring the standalone product database
- Step 3: Backing up the platform database in Automation Suite
- Step 4: Merging organizations in Automation Suite
- Step 5: Updating the migrated product connection strings
- Step 6: Migrating standalone Orchestrator
- Step 7: Migrating standalone Insights
- Step 8: Deleting the default tenant
- B) Single tenant migration
- Migrating from Automation Suite on Linux to Automation Suite on EKS/AKS
- Monitoring and alerting
- Cluster administration
- Product-specific configuration
- Troubleshooting
- The backup setup does not work due to a failure to connect to Azure Government
- Pods in the uipath namespace stuck when enabling custom node taints
- Unable to launch Automation Hub and Apps with proxy setup
- Pods cannot communicate with FQDN in a proxy environment
- Test Automation SQL connection string is ignored
- Provisioning Automation Suite Robots fails
- Health check of Automation Suite Robots fails
Provisioning Automation Suite Robots fails
Automation Suite on EKS/AKS Installation Guide
Last updated Nov 21, 2024
Provisioning Automation Suite Robots fails
The failure occurs mainly on FIPS enabled nodes when using Azure Files with the NFS protocol.
During the Automation Suite on AKS installation, creating the PVC for Automation
Suite Robots
asrobots-pvc-package-cache
fails.
This happens because the AKS cluster cannot connect to Azure Files.
For example, the following error message may be displayed:
failed to provision volume with StorageClass "azurefile-csi-nfs": rpc error: code = Internal desc = update service endpoints failed with error: failed to get the subnet ci-asaks4421698 under vnet ci-asaks4421698: &{false 403 0001-01-01 00:00:00 +0000 UTC {"error":{"code":"AuthorizationFailed","message":"The client '4c200854-2a79-4893-9432-3111795beea0' with object id '4c200854-2a79-4893-9432-3111795beea0' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/subnets/read' over scope '/subscriptions/64fdac10-935b-40e6-bf28-f7dc093f7f76/resourceGroups/ci-asaks4421698/providers/Microsoft.Network/virtualNetworks/ci-asaks4421698/subnets/ci-asaks4421698' or the scope is invalid. If access was recently granted, please refresh your credentials."}}}
failed to provision volume with StorageClass "azurefile-csi-nfs": rpc error: code = Internal desc = update service endpoints failed with error: failed to get the subnet ci-asaks4421698 under vnet ci-asaks4421698: &{false 403 0001-01-01 00:00:00 +0000 UTC {"error":{"code":"AuthorizationFailed","message":"The client '4c200854-2a79-4893-9432-3111795beea0' with object id '4c200854-2a79-4893-9432-3111795beea0' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/subnets/read' over scope '/subscriptions/64fdac10-935b-40e6-bf28-f7dc093f7f76/resourceGroups/ci-asaks4421698/providers/Microsoft.Network/virtualNetworks/ci-asaks4421698/subnets/ci-asaks4421698' or the scope is invalid. If access was recently granted, please refresh your credentials."}}}
To overcome this issue, you need to grant Automation Suite access to the Azure resource
- In Azure, navigate to the AKS resource group, then open the desired virtual
network page. For example, in this case, the virtual network is
ci-asaks4421698
. - From the Subnets list, select the desired subnet. For example, in this
case, the subnet is
ci-asaks4421698
. - At the top of the subnets list, click Manage Users. The Access Control page opens.
- Click Add role assignment.
- Search for the Network Contributor role.
- Select Managed Identity.
- Switch to theMembers tab.
- Select Managed Identity, then select Kubernetes Service.
- Select the name of the AKS cluster.
- Click Review and Assign.