While doing any Caas changes like cluster creation, addon creation, deletion, redeploy, Update, CNF reconfigure etc , below errors are seen:

Nodeconfig cert errors with:

error : failed calling webhook "validator.nodeconfig.acm.vmware.com": failed to call webhook: Post "https://nodeconfigvalidator.tca-system.svc:443/validate-nodeconfig?timeout=5s": x509: certificate has expired or is not yet valid: current time 2025-05-06T15:36:10Z is after 2025-05-06T14:05:00Z. Node-Policy stage failed. Reason: nodepolicy spec is updated, waiting for reconcile.

2.3, 3.2

TCA nodes are experiencing expired nodeconfig certificates as of May 6th 2025. This affects not only systems still on prior version of TCA but also those who have migrated to newer version of TCA without upgrading the management cluster.

Refer KB to apply the Workaround ERROR: Node-Policy stage failed. Reason: nodepolicy spec is updated, waiting for reconcile. to resolve this issue