What Can I Do If I Fail to Enable the Security Service for a Cluster?

Problem 1: Insufficient Permissions

Symptom

When you enable security service on the Settings page of a cluster, an error message is displayed.

Possible Cause

To enable the security service, you must have the required permissions. If the necessary permissions are not granted, an error message is displayed indicating insufficient permissions.

Solution

Contact the account administrator to grant permissions to the IAM user. For details, see Creating a User Group and Assigning Permissions.

You need to use the old IAM console to grant the user the HSS AgencyOperatePolicy and HSS Administrator system policies.

IAM users must have these permissions to view or process authorization management information.

Problem 2: Abnormal Agent

Symptom

On the Settings page of the cluster, when you attempt to enable security service, the operation times out and an error message appears indicating that the agent is abnormal or that security service failed to be enabled.

Possible Cause

During the process of enabling the security service, HSS creates an hss namespace in the cluster and installs a DaemonSet named hostguard in that namespace. If the installation fails, the cause may be an abnormal workload status.

Solution

Go to the Workloads page in the hss namespace of the cluster to view the hostguard failure cause and handling suggestions.