You are attempting to scale the number of Worker nodes in a cluster using tkgi update-cluster but it fails due to insufficient privileges.

tkgi update-cluster CLUSTER_NAME --num-nodes=3

Error: You do not have enough privileges to perform this action. Please contact the PKS administrator.

There can be a number of reasons why the Tanzu Kubernetes Grid Integrated Edition Command Line Interface (TKGI CLI) would return this insufficient privileges error:

• The TKGI user does not have the correct UAA scope to perform this task.
• Cluster has been created with a compute profile.

Product Version: >= 1.10

UAA scopes

Target TKGI UAA and check the scope assigned to the user.

uaac target https://TKGI-API:8443 --ca-cert CERTIFICATE-PATH
uaac user get USER

If it does not have scope pks.cluster.admin or pks.clusters.manage scope, then it will not have the necessary privileges to scale the cluster.

For information on the operations permitted with the different scopes, refer to UAA Scopes for TKGi Users.

Scopes can be modified by a user with sufficient privileges, in other words, an admin user.

uaac token client get admin
uaac member add pks.clusters.admin USER

Compute profile

If the cluster is using a compute profile, then --node-pool-instances must be used, not --num-nodes.

Check if a compute profile is used and if so, scale the cluster with --node-pool-instances.

tkgi cluster CLUSTER_NAME | grep "Compute Profile"
tkgi compute-profile COMPUTE-PROFILE-NAME
tkgi update-cluster CLUSTER_NAME --node-pool-instances "NODE-POOL-NAME:INSTANCES"

For further information on resizing clusters that have compute profiles, refer to Resize a Cluster that Has an Existing Compute Profile.