Unable to create deployments from VCFA 9.x on to supervisor cluster.
search cancel

Unable to create deployments from VCFA 9.x on to supervisor cluster.

book

Article ID: 425861

calendar_today

Updated On:

Products

VCF Automation

Issue/Introduction

  • When attempting to deploy templates, involving PVC creation on supervisor cluster, from VCFA 9.x, it fails with error "Cannot Create VM".
  • Error details from the failed task show the below details, hinting mismatch for certificates used by supervisor cluster pods:
    admission webhook "validate-quota-on-create.k8s.io" denied the request: Operation denied, Post "https://cns-vsphere-vmware-com-service.kube-system.svc.cluster.local:443/getrequestedcapacityforpersistentvolumeclaim": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time yyyy-mm-ddThh:mm:sss is after yyyy-mm-ddThh:mm:sss

Environment

  • VCF Automation 9.x 

Cause

  • The issue occurs because underlying supervisor cluster pods have not picked up the renewed internal certificates thus failing to create PVCs. 

Resolution

  • Kindly follow steps stated in KB417932 to recreate the pods on the supervisor cluster to have the new certificates applied. 
  • Validate by initiating a new deployment from VCFA. 
Powered by Wolken Software