CNF installation fails with ClusterRole ownership metadata annotation validation error
search cancel

CNF installation fails with ClusterRole ownership metadata annotation validation error

book

Article ID: 435293

calendar_today

Updated On:

Products

VMware Telco Cloud Automation

Issue/Introduction

Cloud Native Function (CNF) instantiation fails during the installation phase. The process is unable to continue due to existing resources in the cluster that cannot be imported into the current release.

Error Message:

CNF install failed: Unable to continue with install: ClusterRole "[Resource-Name]" in namespace "" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-name" must equal "[New-Release-Name]": current value is "[Old-Release-Name]"

Symptoms:

  • Helm ownership metadata mismatch for ClusterRoles.

  • Residual resources from a previous unsuccessful deletion prevent fresh instantiation

Environment

3.2

Cause

This issue occurs when a previous deletion or termination of the CNF was incomplete, leaving residual Kubernetes objects (such as ClusterRoles, ClusterRoleBindings, Secrets, or PersistentVolumes) in the workload cluster.

When Helm attempts to instantiate the new release, it discovers existing resources. If these resources contain metadata (annotations) from a previous Helm release, the validation fails because Helm cannot safely "adopt" or overwrite resources owned by a different release name.

Resolution

To resolve this, you must manually clean up the stale resources from the workload cluster before retrying the instantiation.

Step 1: Identify the Conflicting Resources

Review the error message to identify the specific Kubernetes object causing the conflict. Example: ClusterRole [Resource-Name]

Step 2: Manually Delete Stale Artifacts

  1. Delete the conflicting ClusterRole and its associated ClusterRoleBindings.

  2. Perform a comprehensive cleanup of the impacted namespace by deleting the following residual components:

    • ClusterRoles and Bindings 

    • PV (Persistent Volumes) and PVC (Persistent Volume Claims)

    • Secrets and ConfigMaps

    • DaemonSets and Pods

    • Namespace Webhooks

Step 3: Reset Network Function State in TCA

If the previous task is stuck in a failed or timed-out state in the TCA UI:

  1. Navigate to Inventory > Network Function.
  2. Click the Options (three dots) icon for the desired network function.
  3. Select Reset State and click OK.
  4. Once the state is reset, select Delete to remove the stale entry from the TCA inventory.

Step 4: Retry Instantiation

Once the workload cluster and TCA inventory are clean, proceed with a fresh Instantiate operation for the CNF package.

Powered by Wolken Software