Overview
With scoped kubeconfig some services like: rebac-authz-webhook, extension-manager-operator doesn't work fine with sharded setup. These services have an error like this:
{"level":"error","service":"/go/pkg/mod/github.com/platform-mesh/golang-commons@v0.17.2/logger/logger.go","component":"controller-runtime","error":"failed to get *v1alpha1.API Binding informer: failed to get server groups: the server has asked for the client to provide credentials","logger":"kcp-apiexport-cluster-provider","time":"2026-06-04T11:31:20Z","caller":"/go/pkg/mod/github.com/kcp-dev/multicluster-provider@v0.5.1/pkg/provider/factory.go:157","message":"failed to setup provider"}
It prevents multi cluster provider to work properly and engage clusters.
Implementation Details
- Investigate why it happens
- Fix the root cause of it
- Use scoped kubeconfig for rebac-authorization-webhook and extension-manager-operator
To reproduce the error, you need to run task local-setup:sharded command and use scoped kubeconfig for the mentioned services
Completion Checklist
Overview
With scoped kubeconfig some services like: rebac-authz-webhook, extension-manager-operator doesn't work fine with sharded setup. These services have an error like this:
It prevents multi cluster provider to work properly and engage clusters.
Implementation Details
To reproduce the error, you need to run
task local-setup:shardedcommand and use scoped kubeconfig for the mentioned servicesCompletion Checklist