Unable to Upgrade Velero Supervisor Service or vSphere Kubernetes Service (VKS) to Embedded Version - Unable to Verify Developer's Identity - Manifest Unknown
search cancel

Unable to Upgrade Velero Supervisor Service or vSphere Kubernetes Service (VKS) to Embedded Version - Unable to Verify Developer's Identity - Manifest Unknown

book

Article ID: 409240

calendar_today

Updated On:

Products

Tanzu Kubernetes Runtime

Issue/Introduction

After performing multiple Supervisor cluster version upgrades, starting an upgrade on the Velero and/or VKS service to an embedded version returns a warning similar to the following:

"Unable to verify the developer's identity"

When proceeding with the Velero and/or VKS service Supervisor service upgrade despite the above warning, the corresponding Supervisor service enters into Error state with a message similar to the below:

"MANIFEST_UNKNOWN: manifest unknown; map[Tag:#.#.#]"

Environment

vSphere 9.0.1

Multiple Supervisor Cluster version upgrades were performed before VKS and velero supervisor services were upgraded

VKS service Supervisor Service upgrading to an embedded version

Velero Supervisor Service upgrading to an embedded version

Cause

During a Supervisor cluster version upgrade, embedded packages are not copied from the previous Supervisor cluster version to the desired Supervisor cluster version.

Built-in compatibility checks do not validate that the package's image is available.

As a result, the "Unable to verify developer's identity" and "Manifest unknown" errors occur because the non-existent package's image cannot be verified or trusted.

This prevents upgrading the Supervisor service to an embedded version that was included with an older Supervisor cluster version.

Embedded versions are packaged with Supervisor cluster upgrades for Core Supervisor services only.

Velero and VKS service are considered Core Supervisor services and should not be manually deleted or removed from the environment.

Resolution

Velero and VKS service are considered Core Supervisor services and should not be manually deleted or removed from the environment.

 

Core Supervisor services should be upgraded to an asynchronous version or to the latest embedded version available in the environment.

  • An asynchronous version is a version that is manually uploaded into the environment.

Proceed with the Supervisor service version upgrade only if there are no warnings regarding untrusted or unverified signatures.

 

If you wish to use an older embedded core supervisor service version, upload the asynchronous release for the same version.

See the following documentation for more information on installing Supervisor Services, including installing a version manually:

Additional Information

Starting in vCenter Server 9, Supervisor cluster versioning is decoupled from vCenter and can be upgraded to a higher version without needing to upgrade vCenter.

 

Deletion of Core Supervisor services will cause inevitable downtime as these services are system processes critical for workload cluster management to function.

Powered by Wolken Software