Deployment (Kubernetes Cluster) fails with the following error message: “VCFA: Failed to fetch client certificate, status message = authentication failed”

search cancel

Deployment (Kubernetes Cluster) fails with the following error message: “VCFA: Failed to fetch client certificate, status message = authentication failed”

book

Article ID: 424312

calendar_today

Updated On:

Products

VCF Automation

Issue/Introduction

Error "VCFA: Failed to Fetch Client Certificate – Authentication Failed" occurs while deployment of Kubernetes cluster via VCFA Tenant Portal Catalog on vCenter Namespace.

Environment

VCFA 9.0.0

Cause

The Identity Provider was not registered in the vCenter for the supervisor as part of the region creation in VCFA

Resolution

Tentatively planned to fixed in future release VCF Automation 9.1

To Take a Back Up for VCF Automation 9.0:

On-Demand Backup of VCF Automation

Workaround:

- Remove the Region from the tenant. If necessary, remove all associated resources (like namespaces or networks) before retrying the Region deletion.
- Recreate the Region using the documentation: Create a Region in Your VCF Automation
- Create a new Namespace under the correct Project via the VCFA 9.0 Tenant Portal, which provisions it on the vCenter Supervisor Cluster.
  Create a Namespace in VCF Automation
- Verify that the Identity Provider is successfully registered on the Namespace's Supervisor Cluster with below steps:
  - Log in to the vCenter using the vSphere Client.
  - Select Supervisor Management>>Supervisors>>Configure>>Identity Providers.
  - Confirm the new Namespace's services are visible in the Overview section in VCFA.
- Retry the VKS deployment, which should now succeed in deploying the Kubernetes cluster to the Supervisor Cluster via the Namespace.

Feedback

thumb_up Yes

thumb_down No