During SSP deployment, the workload cluster creation task may stall and eventually fail with a timeout error.

The Installer UI at "Deploy Security Services Platform" stage shows:

Error: Failed 9/17 tasks: [Create workload cluster] Timed out while waiting for all Kubernetes nodes to reach the 'Ready' state. Ensure the nodes are correctly configured, and there are no underlying issues. Check the logs for more details. Nodes status: 0/7 running [<node-names> Provisioned)

All worker and control plane nodes remain in the “Provisioned” state and never transition to “Running/Ready”.

• Security Services Platform (SSP)

• Version: 5.0

The workload cluster nodes require connectivity to vCenter during provisioning.
In this case, the IP pool assigned for Kubernetes nodes and service networks was not allowed to reach vCenter due to firewall restrictions.

As a result, node bootstrap processes could not complete, leaving all nodes stuck in the “Provisioned” state.

• Verify that the IP pools assigned for Kubernetes nodes and services can communicate with vCenter over the required ports.

  • Critical: HTTPS (443) and management ports used by vSphere API. For more information, please refer to https://ports.broadcom.com/home/VMware-vDefend

• Review your firewall logs to confirm if connections from the node/service IP ranges are being dropped.

• Update firewall rules to allow full connectivity between the Kubernetes node IP pool / Service IP pool and vCenter.

• Retry the deployment.