Using the VCF Diagnostic Tool for vSphere Kubernetes Service (VKS/TKGs)
Article ID: 402184
Updated On:
Products
Issue/Introduction
The VCF Diagnostic Tool (VDT) is a diagnostic tool that is run on the VCSA and connects to Supervisor nodes via SSH. It runs through a series of checks on the system configuration and reports user-friendly PASS/WARN/FAIL results for known configuration issues. It also provides information (INFO) messages from certain areas which we hope will make detecting inconsistencies easier. The goal of these tests is to provide live diagnostic information to the user about their environment which might otherwise be missed.
The utility is completely read-only for the entire environment.
The utility logs to the following directory on the VCSA.
/var/log/vmware/vks/vdt/
Please send feedback/feature requests to [email protected]
DISCLAIMER: This script is currently in its beta release phase.
As such, it may contain bugs, errors, or incomplete features. Please leverage results with caution.
Environment
VCSA 8.x
Resolution
Using VCF-VDT:
1.Download the latest version of vSphere Diagnostic Tool from here.
2.Use the file-moving utility of your choice (WinSCP for example) to copy the entire ZIP directory to the /root partition on the VCSA that manages the Supervisor you want to check. Transferring a file to the VCSA may fail. See the following KB for the resolution - Connecting to vCenter Server Virtual Appliance using WinSCP fails with the error: Received too large (1433299822 B) SFTP packet. Max supported packet size is 1024000 B
3.SSH into the VCSA.
4.Change your directory to the location of the file, and unpackage the vdt zip file:
cd /home/vcf/
unzip vdt-<version>.zip
cd vdt-<version>
5.(Optional) If there is more than 1 Supervisor on the VCSA, VKS-VDT will choose the first Supervisor it finds in the VCDB, and it may not be the same each time. If you have a specific Supervisor you wish to run checks against, set the SUPERVISOR_NAME environment variable like so:
# Check the target Superivosr name in the vcsa
dcli com vmware vcenter namespacemanagement supervisors summary list | grep name
> name: sv-1
# Set the value to specify the target Superivosr
export SUPERVISOR_NAME="EXACT_SUPERVISOR_NAME" # example: sv-1
6.Run the tool with the command:
python vdt.py -p vks
Additional Information
Sample output
python vdt.py -p vks
___________________
"VDT FOR VKS"
Today: Tuesday, October 28 16:06:47
Log Level: INFO
When running this tool, a log file is created and included in all future log bundles. Would you like to continue?[Yy|Nn]: y
______________________
VKS VCENTER INFO
[INFO] vCenter Basic Info
Current Time: 2025-10-28 16:07:13.225208
vCenter Uptime: up 2 days
vCenter Load Average: 0.35, 0.35, 0.26
Number of CPUs: 4
Total Memory: 20.5
vCenter Hostname: <VCSA_FQDN>
vCenter PNID: <VCSA_FQDN>
vCenter IP Address: ###.###.###.###
vCenter Version: 8.0.3.00500 - 24674346
_______________________________
VKS SUPERVISOR BASIC INFO
[INFO] VKS Basic Info
Supervisor Name: sv-1
Supervisor Version: v1.29.7+vmware.1-fips-vsc0.1.11-24658526
TKG Service Version: 3.4.0+v1.33
ESXi Node Count: 4
Installed Supervisor Services: 2
Namespace Count: 2
v1beta1 TKC Count: 1
v1alpha3 TKC Count: 0
[INFO] Supervisor Name Detection
Running VDT against Supervisor: sv-1.
If this is not the correct supervisor, please set the environment variable SUPERVISOR_NAME to the correct value.
____________________
VKS WCP CHECKS
[PASS] VKS WCP Pending Upgrade Check
All versions are consistent - no pending upgrade detected.
- VMware-wcpovf: 24658526
- wcp_version: 24658526
- 423e9fb7d2849014e483cd76f5055b06: v1.29.7+vmware.wcp.1
- 423efe57d7bd36dcfebddc0486a48f86: v1.29.7+vmware.wcp.1
- 423e524f1c3f7d035ddc43115735707c: v1.29.7+vmware.wcp.1
________________________
VKS SUPERVISOR VMS
[PASS] Supervisor Port 22 Check
[PASS] Supervisor Port 5000 Check
[PASS] Supervisor Port 6443 Check
[PASS] Supervisor Disk Space Check
[FAIL] Supervisor Certificate Check
/etc/vmware/wcp/tls/wcpagent.cert on 423e9fb7d2849014e483cd76f5055b06 expires in -1 days (2025-10-28).
/etc/vmware/wcp/tls/mgmt-image-proxy.crt on 423e9fb7d2849014e483cd76f5055b06 expires in -1 days (2025-10-28).
/etc/vmware/wcp/tls/apiserver-webhook-client.crt on 423e9fb7d2849014e483cd76f5055b06 expires in -1 days (2025-10-28).
/etc/kubernetes/pki/bootstrapper.crt on 423e9fb7d2849014e483cd76f5055b06 expires in -1 days (2025-10-28).
/etc/vmware/wcp/tls/wcpagent.cert on 423efe57d7bd36dcfebddc0486a48f86 expires in -1 days (2025-10-28).
/etc/vmware/wcp/tls/mgmt-image-proxy.crt on 423efe57d7bd36dcfebddc0486a48f86 expires in -1 days (2025-10-28).
/etc/vmware/wcp/tls/apiserver-webhook-client.crt on 423efe57d7bd36dcfebddc0486a48f86 expires in -1 days (2025-10-28).
/etc/kubernetes/pki/bootstrapper.crt on 423efe57d7bd36dcfebddc0486a48f86 expires in -1 days (2025-10-28).
/etc/vmware/wcp/tls/wcpagent.cert on 423e524f1c3f7d035ddc43115735707c expires in -1 days (2025-10-28).
/etc/vmware/wcp/tls/mgmt-image-proxy.crt on 423e524f1c3f7d035ddc43115735707c expires in -1 days (2025-10-28).
/etc/vmware/wcp/tls/apiserver-webhook-client.crt on 423e524f1c3f7d035ddc43115735707c expires in -1 days (2025-10-28).
/etc/kubernetes/pki/bootstrapper.crt on 423e524f1c3f7d035ddc43115735707c expires in -1 days (2025-10-28).
Refer to KB https://knowledge.broadcom.com/external/article/322994
[PASS] Supervisor VM Node Configured Check
[PASS] Supervisor kubelet Status Check
[PASS] Supervisor containerd Status Check
[PASS] Supervisor wcp-sync Status Check
[PASS] Supervisor Core Container Running Check
________________________________
VKS SUPERVISOR ETCD HEALTH
[PASS] etcd Running Check
[PASS] etcd Member List Check
[PASS] etcd Endpoint Health Check
[PASS] etcd Endpoint Status Check
____________________________
VKS SUPERVISOR CLUSTER
[PASS] Supervisor VM Count
[PASS] Supervisor VIP Availability
[PASS] Supervisor Nodes Are Ready Check
[PASS] Supervisor VMs Roles Check
____________________________
VKS SUPERVISOR OBJECTS
[PASS] Supervisor Clusters Status Check
All 1 clusters are provisioned and ready
[PASS] Supervisor Machines Status Check
All 2 machines are running
[PASS] Supervisor Nodes Status Check
All 7 nodes are ready
[PASS] Supervisor VMs Status Check
All 2 VMs are powered on
[PASS] Supervisor Package Installs Status Check
All 16 package installs are reconcile succeeded
[PASS] Supervisor Deployments Status Check
All 44 deployments are ready
[PASS] Supervisor PVCs Status Check
All 4 PVCs are bound
[WARN] Supervisor Pods Status Check
High restart pods:
kube-system/coredns-f98dcc884-s7kfs: 10 restarts
vmware-system-appplatform-operator-system/vmware-system-psp-operator-mgr-55589bd86-2fg9x: 12 restarts
vmware-system-csi/vsphere-csi-controller-578496977b-bdcfv: 43 restarts
(and 3 more)
[PASS] Supervisor Services/Endpoints Status Check
All 51 services are present
---
Report location: /var/log/vmware/vks/vdt/vdt-2025-10-28-160712.txt
JSON location: /var/log/vmware/vks/vdt/vdt-2025-10-28-160712.json
Log location: /var/log/vmware/vks/vdt/vdt.log
Feedback Contact: [email protected]
---
Feedback
