In a VMware Tanzu Mission Control (TMC) Self-Managed deployment, the UI loads successfully but displays no data. All major sections—including Clusters, Administration, and Policies—appears blank. Several backend components are observed in Reconciling or ReconcileFailed states. TLS-related x509 certificate errors appear in pod logs, despite all certificates being valid.

tls: failed to verify certificate: x509: certificat has expired or is not yet valid: current time <date time> is after <date time>

TLS validation failures occurred between internal TMC components likely due to stale in-memory certificates. Although certificates are not expired, services such as Kafka, UI Server, and API Gateway fails to validate peer certificates, resulting in “x509: certificate has expired or is not yet valid” errors. This breaks inter-service communication and prevents data from loading in the UI.

1. Perform a full restart of all pods in the tmc-local namespace:
   • kubectl -n tmc-local rollout restart deploy
2. Manually delete any StatefulSet-managed pods to force clean recreation and ensure full recovery.
   • kubectl -n tmc-local delete pod <sts> <sts name>
3. Wait approximately 10 minutes for the TMC app to stabilize.