Configured Load Balancer fronting the kubernetes API Server Failed to realize kubernetes api-server LoadBalancer service. Reason: "FailedRealizeNSXResource". Please check the NSX Edge cluster associated with the kubernetes cluster.
search cancel

Configured Load Balancer fronting the kubernetes API Server Failed to realize kubernetes api-server LoadBalancer service. Reason: "FailedRealizeNSXResource". Please check the NSX Edge cluster associated with the kubernetes cluster.

book

Article ID: 406469

calendar_today

Updated On:

Products

VMware NSX VMware Cloud Foundation VMware vSphere Kubernetes Service

Issue/Introduction

  • VCF 9.0 is in use.
  • Attempting to configure a Supervisor Cluster within vCenter fails with the following:

    Configured Load Balancer fronting the kubernetes API Server Failed to realize kubernetes api-server LoadBalancer service. Reason: "FailedRealizeNSXResource". Please check the NSX Edge cluster associated with the kubernetes cluster.

  • From within the NSX User Interface, the Load Balancer is realized.
  • Within the vCenter the WCP logs shows the following:

    /var/log/vmware/wcp/wcpsvc.log
    [Timestamp] debug wcp [apiserver/manager.go:247] [opID=[UUID]] Added event for kube-apiserver-lb-svc service: &Event{ObjectMeta:{kube-apiserver-lb-svc.  kube-system  [UUID] 0 [Timestamp] <nil> <nil> map[] map[] [] [] [{nsx-ncp Update v1 [Timestamp] FieldsV1 {"f:count":{},"f:firstTimestamp":{},"f:involvedObject":{},"f:lastTim
    estamp":{},"f:message":{},"f:reason":{},"f:source":{"f:component":{},"f:host":{}},"f:type":{}} }]},InvolvedObject:ObjectReference{Kind:Service,Namespace:kube-system,Name:kube-apiserver-lb-svc,[UUID],APIVers
    ion:,ResourceVersion:[UUID],FieldPath:,},Reason:FailedRealizeNSXResource,Message:Generic error occurred during realizing network for Service,Source:EventSource{Component:nsx-container-ncp,Host:[UUID],},FirstTimest
    amp:[Timestamp],LastTimestamp:2025-07-30 14:09:44 +0000 UTC,Count:1301,Type:Warning,EventTime:0001-01-01 00:00:00 +0000 UTC,Series:nil,Action:,Related:nil,ReportingController:,ReportingInstance:,}

  • On the K8s Master node the NCP logs shows the following:

    ncp.log
    [Timestamp] stderr F [ncp GreenThread-38 W] nsx_ujo.ncp.k8s.service_lb_controller Encountered retryable error while processing L4 Lb service [UUID]: Lbs kube-system is not found
    [Timestamp] stderr F [ncp GreenThread-38 I] nsx_ujo.common.controller ServiceLbController worker 3 failed to sync [UUID] due to retryable exception: Lbs kube-system is not found
    [Timestamp] stderr F [ncp GreenThread-37 W] nsx_ujo.ncp.k8s.service_lb_controller Encountered retryable error while processing L4 Lb service [UUID]: Lbs kube-system is not found
    [Timestamp] stderr F [ncp GreenThread-37 I] nsx_ujo.common.controller ServiceLbController worker 2 failed to sync [UUID] due to retryable exception: Lbs kube-system is not found

  • On the K8s Master node the kube-apiserver-lb-svc is in a pending state.

    kubectl get svc -A -o wide
    ...
    kube-system   kube-apiserver-lb-svc   LoadBalancer   [IP]    <pending>     [Port]:[Port]/TCP,[Port]:[Port]/TCP    [X]d   component=kube-apiserver
    ..

  • Describe on the service shows the FailedRealizeNSXResource event.

    root@node# kubectl describe services kube-apiserver-lb-svc -n kube-system
    Name:                     kube-apiserver-lb-svc
    Namespace:                kube-system
    Labels:                   service.route.lbapi.run.tanzu.vmware.com/gateway-name=kube-apiserver-lb-svc
                              service.route.lbapi.run.tanzu.vmware.com/gateway-namespace=kube-system
                              service.route.lbapi.run.tanzu.vmware.com/type=direct
    Annotations:              <none>
    Selector:                 component=kube-apiserver
    Type:                     LoadBalancer
    IP Family Policy:         SingleStack
    IP Families:              IPv4
    IP:                       [UUID]
    IPs:                      [UUID]
    Port:                     nginx  [Port]/TCP
    TargetPort:               [Port]/TCP
    NodePort:                 nginx  [Port]/TCP
    Endpoints:                [IP]:[Port]
    Port:                     kube-apiserver  [Port]/TCP
    TargetPort:               [Port]/TCP
    NodePort:                 kube-apiserver  [Port]/TCP
    Endpoints:                [IP]:[Port]
    Session Affinity:         None
    External Traffic Policy:  Cluster
    Events:
      Type     Reason                    Age                   From               Message
      ----     ------                    ----                  ----               -------
      Warning  FailedRealizeNSXResource  18m (x1296 over 18d)  nsx-container-ncp  Generic error occurred during realizing network for Service

  • Within the VPC Connectivity Profile the N-S Services and/or the Default Output NAT is disabled.

Environment

VMware vSphere Kubernetes Service 9.0
VMware Cloud Foundation 9.0
VMware NSX 9.0


Resolution

This error is caused by a configuration issue.

To resolve:

  1. Enable N-S Services and the Default Output NAT in the VPC Connectivity Profile
  2. Restart the WCP service on the vCenter 

    service-control --restart wcp

 

Powered by Wolken Software