Could not create cluster with cluster class 3.3.0: "'error computing the desired state of the Cluster topology: failed to apply patches: failed to generate patches for patch "default": failed to call extension handler "generate-patches.runtime-extension""
search cancel

Could not create cluster with cluster class 3.3.0: "'error computing the desired state of the Cluster topology: failed to apply patches: failed to generate patches for patch "default": failed to call extension handler "generate-patches.runtime-extension""

book

Article ID: 398390

calendar_today

Updated On:

Products

VMware vSphere Kubernetes Service

Issue/Introduction

Creating a cluster with cluster class 3.3.0 and deployment fails with the following error

TopologyReconciled: error computing the desired state of the Cluster topology: failed to apply patches: failed to generate patches for patch "default": failed to call extension handler "generate-patches.runtime-extension": got failure response

 

There are no objects get created and the cluster is in a Pending state

root@<supervisor control plane node> # kubectl get tkc,cluster,kcp,md,vm,machine -n <namespace> | grep -i <cluster name>

cluster.cluster.x-k8s.io/<cluster name>           builtin-generic-v3.3.0   Pending       22h    v1.32.0+vmware.6-fips

 

tkg-controller logs on the supervisor control plane show 'secret not found'

I0519 14:13:16.884650       1 guest_cluster_controller.go:338] "The control plane is not ready yet" logger="svc-tkg-<cluster domain>-tkg-controller.addons-controller.<namespace>.<cluster name>" err="failed to create client configuration for Cluster <namespace>/<cluster name>: failed to retrieve kubeconfig secret for Cluster <namespace>/<cluster name>: secret not found"

Environment

vSphere for Tanzu 8

Cause

The secret is not defined correctly or is blank in osConfiguration section of the yaml

    - name: osConfiguration
      value:
        trust:
          additionalTrustedCAs:
          - caCert:
              secretRef:
                key: additional-ca-1
                name: ""
          - caCert:
              secretRef:
                key: additional-ca-2
                name: ""
          - caCert:
              secretRef:
                key: additional-ca-3
                name: ""

Also check whether the secret defined is double base64-encoded as per the document below:

v1beta1 Example: Cluster with Additional Trusted CA Certificates for SSL/TLS

 

Resolution

Use the following documentation to correctly configure the TrustedCA in the osConfiguration section of the YAML

vSphere Supervisor 8.0 - osConfiguration 

Additional Information

Example of a secret YAML can be found in the following documentation 

vSphere Supervisor 8.0 - v1beta1 Example: Cluster with Additional Trusted CA Certificates for SSL/TLS 

Powered by Wolken Software