When attempting to install a vSphere Supervisor Services you receive the warning:

Reason: ReconcileFailed. Message: vendir: Error: Syncing directory '0': Syncing directory '.' with imgpkgBundle contents: Fetching image: Error while preparing a transport to talk with the registry: Unable to create round tripper: Get "https://projects.packages.broadcom.com/v2/'": dial tcp <IP>:443: i/o timeout.

From a Supervisor node, using openssl to test connectivity to projects.packages.broadcom.com:443 doesn't return a result:

openssl s_client -connect projects.packages.broadcom.com:443

The imgfetcher guest.log has errors similar to: 

level=info msg="trying next host" error="failed to do request: Head \"https://projects.packages.broadcom.com/v2/vsphere/iaas/lci-service/9.0.1/lci-service/blobs/sha256:b366270e8787992c681c318ad9f2fa73d4b499a64bc9a7aa8af04ba05f36ef99\": dial tcp <IP>:443: connect: network is unreachable" host=projects.packages.broadcom.com


Reason: ReconcileFailed. Message: vendir: Error: Syncing directory '0': Syncing directory '.' with imgpkgBundle contents: Fetching image: Error while preparing a transport to talk with the registry: Unable to create round tripper: Get "https://projects.packages.broadcom.com/v2/'": dial tcp <IP>:443: i/o timeout.

The TKG Supervisor nodes are unable to connect to projects.packages.broadcom.com over port 443. This could be due to a firewall, proxy, etc. Please be aware that projects.packages.broadcom.com can resolve to multiple IP addresses.

Configure the component (e.g., firewall, proxy, etc.) to allow traffic from the Supervisor nodes to projects.packages.broadcom.com over port 443.