Rancher 2.5 Migration issues

Hello i was triying to migrate cluster local from my old kubernetes 1.16.3 to another new fresh installation.

Following the official page this: Rancher Docs: Migrating Rancher to a New Cluster
i did all the steps, respecting all the prerequisite, after complete i’m stuck in this situation:

kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
cattle-resources-system rancher-backup-68d797676b-kc5mw 1/1 Running 0 4h41m
cattle-system helm-operation-6fszc 1/2 NotReady 0 60m
cattle-system rancher-webhook-b5b7b76c4-k9tj7 0/1 CrashLoopBackOff 9 22m
cert-manager cert-manager-6d87886d5c-9sf5h 1/1 Running 0 23m
cert-manager cert-manager-cainjector-55db655cd8-4z9cl 1/1 Running 0 23m
cert-manager cert-manager-webhook-6846f844ff-vscf7 1/1 Running 0 23m
fleet-system fleet-agent-55bfc495bd-t4nrv 1/1 Running 0 77m
fleet-system fleet-controller-79554fcbf5-6d625 1/1 Running 0 59m
fleet-system gitjob-568c57cfb9-wwvz9 1/1 Running 0 59m
ingress-nginx default-http-backend-6977475d9b-gglrh 1/1 Running 0 4h48m
ingress-nginx nginx-ingress-controller-6p89w 1/1 Running 0 4h48m
ingress-nginx nginx-ingress-controller-82s2l 1/1 Running 0 4h48m
ingress-nginx nginx-ingress-controller-xvfm8 1/1 Running 0 4h48m
kube-system calico-kube-controllers-7d5d95c8c9-xdlnq 1/1 Running 0 4h55m
kube-system canal-mgjpc 2/2 Running 1 4h55m
kube-system canal-qpcdh 2/2 Running 0 4h55m
kube-system canal-qw85j 2/2 Running 0 4h55m
kube-system coredns-55b58f978-25knp 1/1 Running 0 4h52m
kube-system coredns-55b58f978-4xw6z 1/1 Running 0 4h55m
kube-system coredns-autoscaler-76f8869cc9-87tbv 1/1 Running 0 4h55m
kube-system metrics-server-55fdd84cd4-whf47 1/1 Running 0 4h52m
kube-system rke-coredns-addon-deploy-job-s49pq 0/1 Completed 0 4h55m
kube-system rke-ingress-controller-deploy-job-vfjvf 0/1 Completed 0 4h48m
kube-system rke-metrics-addon-deploy-job-hmhzh 0/1 Completed 0 4h52m
kube-system rke-network-plugin-deploy-job-p79kb 0/1 Completed 0 4h55m
rancher-operator-system rancher-operator-5c795bd886-bzzdw 1/1 Running 3 77m

kubectl logs rancher-webhook-b5b7b76c4-k9tj7 -ncattle-system
time=“2021-06-16T12:09:33Z” level=fatal msg=“secrets “cattle-webhook-ca” is forbidden: User “system:serviceaccount:cattle-system:rancher-webhook” cannot get resource “secrets” in API group “” in the namespace “cattle-system””

kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master-1 Ready controlplane,etcd,worker 5h9m v1.20.6 172.30.xxx Ubuntu 20.04.2 LTS 5.4.0-74-generic docker://20.10.7
master-2 Ready controlplane,etcd,worker 5h9m v1.20.6 172.30.xxx Ubuntu 20.04.2 LTS 5.4.0-74-generic docker://20.10.7
master-3 Ready controlplane,etcd,worker 5h9m v1.20.6 172.30.xxx Ubuntu 20.04.2 LTS 5.4.0-74-generic docker://20.10.7

someone helps me?

thanks

kubectl -n cattle-system get pods

helm-operation-6fszc 1/2 NotReady 0 97m
rancher-webhook-b5b7b76c4-k9tj7 0/1 CrashLoopBackOff 16 60m

kubectl create clusterrolebinding rancher-webhook --clusterrole=cluster-admin --serviceaccount=cattle-system:rancher-webhook

resolved