Hi, please redirect me to the right channel if that's not suitable here. We have installed Rancher on a cluster (version 2.7.5), and when we're trying to connect another cluster we're getting the following error message:

Admission webhook "<http://rancher.cattle.io.globalrolebindings.management.cattle.io|rancher.cattle.io.globalrolebindings.management.cattle.io>" denied the request: user "system:serviceaccount:cattle-system:rancher-infra" (groups=["system:serviceaccounts" "system:serviceaccounts:cattle-system" "system:authenticated"]) is attempting to grant RBAC permissions not currently held: {APIGroups:[""], Resources:["secrets"], Verbs:["create"]} {APIGroups:["<http://catalog.cattle.io|catalog.cattle.io>"], Resources:["clusterrepos"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["catalogs"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["cisbenchmarkversions"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["cisconfigs"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["clusters"], Verbs:["create"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["clustertemplaterevisions"], Verbs:["create"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["features"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["fleetworkspaces"], Verbs:["create"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["globaldnses"], Verbs:["create"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["globaldnsproviders"], Verbs:["create"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["kontainerdrivers"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["multiclusterapps"], Verbs:["create"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["nodedrivers"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["nodetemplates"], Verbs:["create"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["podsecurityadmissionconfigurationtemplates"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["podsecuritypolicytemplates"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["preferences"], Verbs:["*"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["principals"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["rancherusernotifications"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["rkeaddons"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["rkek8sserviceoptions"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["rkek8ssystemimages"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["roletemplates"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["settings"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["templates"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://management.cattle.io|management.cattle.io>"], Resources:["templateversions"], Verbs:["get" "list" "watch"]} {APIGroups:["<http://project.cattle.io|project.cattle.io>"], Resources:["sourcecodecredentials"], Verbs:["*"]} {APIGroups:["<http://project.cattle.io|project.cattle.io>"], Resources:["sourcecoderepositories"], Verbs:["*"]} {APIGroups:["<http://provisioning.cattle.io|provisioning.cattle.io>"], Resources:["clusters"], Verbs:["create"]} {APIGroups:["<http://rke-machine-config.cattle.io|rke-machine-config.cattle.io>"], Resources:["*"], Verbs:["create"]}; resolution errors: [[<http://clusterroles.rbac.authorization.k8s.io|clusterroles.rbac.authorization.k8s.io> "cluster-admin" not found, <http://clusterroles.rbac.authorization.k8s.io|clusterroles.rbac.authorization.k8s.io> "system:discovery" not found]]

I can both of the

cluster-admin

and the

system:discoveryy

roles in the target cluster. So what's going on why can't we connect? Technical info: • Rancher is installed on AKS cluster version 1.26 • I tried to connect the following types of clusters: ◦ AKS cluster with no RBAC ◦ AKS cluster with RBAC ◦ Linode cluster with RBAC