Unable to list the TKR and vmimages (virtualmachineimages) from the supervisor cluster
search cancel

Unable to list the TKR and vmimages (virtualmachineimages) from the supervisor cluster

book

Article ID: 406541

calendar_today

Updated On:

Products

Tanzu Kubernetes Runtime VMware vSphere Kubernetes Service

Issue/Introduction

- When you run the kubectl get tkr or vmimges on the supervisor the output shows no resources.

# kubectl get tkr -A
No resources found

# kubectl get virtualmachineimages -A
No resources found


- While looking at the vmware-system-vmop-controller-manager pod log, we see events similar to the following:

YYYY-MM-DDThh:hh:hhZ stderr F E0731 hh:hh:hh       1 logr.go:265] vsphere/contentlibrary "msg"="error extracting the OVF envelope from the library item" "error"="POST https://VCSA-FQDN:443/rest/com/vmware/content/library/item/download-session: 500 Internal Server Error"  "itemName"="ob-24481438-ubuntu-2204-amd64-v1.30.8---vmware.1-fips
-vkr.1"
YYYY-MM-DDThh:hh:hhZ stderr F E0731 hh:hh:hh       1 contentsource_controller.go:297] controllers/ContentSource "msg"="error listing images from provider" "error"="POST https://VCSA-FQDN:443/rest/com/vmware/content/library/item/download-session: 500 Internal Server Error" "clProviderName"="cf86f646-a1a0-4997-8d54-18c26d8928da" "clProvi
derUUID"="cf86f646-a1a0-4997-8d54-18c26d8928da"
YYYY-MM-DDThh:hh:hhZ stderr F E0731 hh:hh:hh       1 contentsource_controller.go:328] controllers/ContentSource "msg"="Error listing VirtualMachineImages from the content provider" "error"="POST https://VCSA-FQDN:443/rest/com/vmware/content/library/item/download-session: 500 Internal Server Error"  "contentSourceName"="cf86f646-a1a0-499
7-8d54-18c26d8928da"
YYYY-MM-DDThh:hh:hhZ stderr F E0731 hh:hh:hh       1 contentsource_controller.go:343] controllers/ContentSource "msg"="failed to difference images" "error"="POST https://VCSA-FQDN:443/rest/com/vmware/content/library/item/download-session: 500 Internal Server Error"
YYYY-MM-DDThh:hh:hhZ stderr F E0731 hh:hh:hh       1 contentsource_controller.go:458] controllers/ContentSource "msg"="Error in syncing image from the content provider" "error"="POST https://VCSA-FQDN:443/rest/com/vmware/content/library/item/download-session: 500 Internal Server Error" "name"="cf86f646-a1a0-4997-8d54-18c26d8928da"

Environment

vSphere with Tanzu 7.x

Cause

When creating the content library in VMware vSphere with Tanzu, enabling the Apply Security Policy option can lead to issues if the OVF template is custom and unsigned. In such cases, the template fails strict validation, preventing the VM Service from discovering and processing it.

Resolution

From vCenter UI:

  • Navigate to Menu -> Content Libraries
  • Right-click a content library and select the ->  edit the content library
  • Uncheck  Apply Security Policy box 

  • Restart the content library service from VCSA SSH

    # service-control --restart content-library

 Run the TKR commands on Supervisor cluster

> kubectl get tkr -A
> kubectl get virtualmachineimages -A

You will successfully able to access the TKRs and vmimages

    Additional Information

    Starting with vSphere 7.0 Update 3, you can protect the OVF items by applying default OVF security policy to a content library. The OVF security policy enforces strict validation on OVF items when you deploy or update the item, import items, or synchronize OVF and OVA templates. To make sure that the OVF and OVA templates are signed by a trusted certificate, you can add the OVF signing certificate from a trusted CA.

    Document reference: https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere-supervisor/7-0/using-content-libraries.html

     

    Powered by Wolken Software