This article addresses a couple of issues faced while using TDMC, which is currently unsupported.

1. Changing the t-shirt size of postgres or mysql instance, results in "Error checking available data planes in region for provider: tkgs". In Fleet Management, there is only one dataplane and it appears to be in a healthy status. Which component logs should we capture to troubleshoot this?

2. Connecting to the management UI of a postgres instance fails with the error: "Max retries exceeded with url: /api/authservice/oauth2/token (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1006)')))"," while using LetsEncrypt. This error occurs even when  connecting to the management UI of a mysql instance is successful and browser trusts these certs.

TDMC

For the first scenario, retrieve logs for pods managedsvc-controller-service and and managedsvc-infra-connector in the control plane or create a log-bundle (this would include the logs for all pods in the control plane) and search for messages "Fetching dataPlaneIDMap based on provider" and "GET /resource, with CPU". There should be some stack traces around those messages, or some error message stating no data plane is found matching the requested parameters. One possible explanation is that if the target t-shirt size cannot be fulfilled by the existing data plane (i.e. requesting more CPUs than available), then the error would be "Error checking available data planes in region for provider".

For the second scenario, the solution is to configure TDMC with self-signed certificates. An end-to-end scenario (provisioning a cluster and connecting to it) in TDMC with external CA is not tested for all the cluster types. The workaround would be to install TDMC with self-signed certificate.