Error Changing Default CNI in vSphere - "The Kubernetes Service configuration failed to update. Your changes were not saved."
search cancel

Error Changing Default CNI in vSphere - "The Kubernetes Service configuration failed to update. Your changes were not saved."

book

Article ID: 423448

calendar_today

Updated On:

Products

VMware vSphere Kubernetes Service

Issue/Introduction

When attempting to update the default CNI in a Supervisor Cluster you see the following error: "The Kubernetes Service configuration failed to update. Your changes were not saved."

In the tkgs-plugin-server pod logs in the Supervisor Cluster you see the following error:

#### ##:##:##.######       1 kube.go:107] "kube.UpdateTkgServiceConfiguration() encountered k8s tkgsClient.Put() error: &errors.StatusError{ErrStatus:v1.Status{TypeMeta:v1.TypeMeta{Kind:\"\", APIVersion:\"\"}, ListMeta:v1.ListMeta{SelfLink:\"\", ResourceVersion:\"\", Continue:\"\", RemainingItemCount:(*int64)(nil)}, Status:\"Failure\", Message:\"tkgserviceconfigurations.run.tanzu.vmware.com \\\"tkg-service-configuration\\\" is forbidden: User \\\"sso:<user name>\\\" cannot update resource \\\"tkgserviceconfigurations\\\" in API group \\\"run.tanzu.vmware.com\\\" at the cluster scope\", Reason:\"Forbidden\", Details:(*v1.StatusDetails)(0xc0003cede0), Code:403}}" logger="plugin.server.backend"

 

Environment

vSphere 8.x

Cause

The user does not have permission to update the "tkg-service-configuration" in the Supervisor Cluster

Resolution

See the following documentation to review user permissions:

Managing Permissions for vCenter Components 

vSphere Permissions and User Management Tasks 

Powered by Wolken Software