• A new deployment of vSphere with Tanzu fails.
• The Kubernetes status for Supervisor shows messages like:
    A general system error occurred. Error message: context deadline exceeded.
  OR:
   No node on Supervisor 'supervisor##' is accepting vSphere Pods. See Node specific messages for more details

To complete Supervisor deployment, bidirectional networking connections are required between ESXi and Supervisors:

• ESXi needs to connect to TCP port 6443 of Supervisor floating IP (FIP)
• Supervisor needs to connect to TCP port 10250 of ESXi

Check the ports connectivity between ESXi and Supervisor:

1. Verify if ESXi can connect to the port 6443 of supervisor FIP:

$ openssl s_client -connect <Supervisor-FIP>:6443

If the connection is successful, the first line of the output indicates CONNECTED

NOTE: To retrieve the Supervisor FIP in vCenter Server:

$ /usr/lib/vmware-wcp/decryptK8Pwd.py

root@vcenter [ ~ ]# /usr/lib/vmware-wcp/decryptK8Pwd.py
Read key from file

Connected to PSQL

Cluster: domain-c#: <supervisor cluster domain id>
IP: <Supervisor FIP>
PWD: <password>

2. Verify if both management and workload networks of Supervisor nodes can connect to the port 10250 of ESXi: "vSphere Kubernetes Supervisor ESXi Host with Kubernetes status showing Node is not healthy and is not accepting pods. Details Kubelet stopped posting node status"

If connectivity has failed between ESXi and Supervisor, the underlying networking needs to be checked. For other networking requirements see Additional Information. 

This document addresses the common ports and protocols that are required for the various components of the Supervisor stack to work efficiently. 

These components must be comprehensively installed and configured before enabling the Supervisor.

Group Infrastructure: