• When editing the cluster manually using: kubectl edit -n <namespace> clusters <cluster-name> to add a new worker node, the change does not take effect.

• In VMware vSphere Kubernetes Service (VKS), adding a new Ubuntu worker pool fails and appears to be stuck. When inspecting the cluster object, the following error is observed: kubectl describe cluster -n <namespace> <cluster-name>:
  
  A persistent TopologyReconcileFailed condition is reported with the following message: message: 'error computing the desired state of the Cluster topology: failed to apply patches: failed to generate patches for patch "default": failed to call extension handler "generate-patches.runtime-extension": got failure response'

• On vCenter, workload management, select <namespace>, Resources, click on services on Kubernetes, select the guest cluster name, in summary page you can see at cluster heath status the message:
  
  
•  

vSphere Kubernetes Service 3.x 

While updating the cluster manually using a previously created YAML file, the ClusterClass referenced in the manifest did not comply with the RFC 1123 DNS label naming requirements enforced by Kubernetes.

Some Kubernetes resource types require names to follow the DNS label standard defined in RFC 1123. According to this specification, names must:

• Contain no more than 63 characters
• Contain only lowercase alphanumeric characters (a–z, 0–9) or hyphens (-)
• Start with a lowercase alphabetic character
• End with an alphanumeric character

If these requirements are not met (for example, if uppercase letters are used), Kubernetes rejects the resource and the cluster update fails.

Check the CAPI controller logs when the customer attempts to deploy a new worker pool: kubeclt logs capi-controller-manager-* -n svc-tkg-domain-c8 

You may see an error similar to the following:

I0130 11:31:24.617927       1 client.go:357] "Failed to call extension handler \"generate-patches.runtime-extension\": got failure response with message could not run mutators: unable to create invalid secret within workload namespace: unable to create or update secret within cluster namespace: Secret \"##-###-####-#####-##-###-####-##-##\" is invalid: Invalid value: \"##-###-####-#####-##-###-####-##-##\": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?')\" controller=topology/cluster controllerKind="Cluster" cluster="##-###-####-##-##" name="##-###-####-#####" namespace="##-###-####-##-##" reconcileID="########-####-####-####-###########" patch="def" inHandler="generate-patches.runtime-extension" hook=GeneratePatches

Check the name in the cluster kubectl get cluster <cluster name> -n <namesce> -o yaml, search for the cluster added and update the worker pool name to use lowercase characters only, then reapply the cluster configuration or retry the cluster update.

        - class: node-pool    
          name: Node-pool-1   --> The name should only contain lowercase. 
          replicas: 3
          metadata:
            annotations:
              run.tanzu.vmware.com/resolve-os-image: os-name=ubuntu

• Kubernetes object names must comply with DNS label naming rules as defined in RFC 1123.
  Refer to: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-label-names
  
  
• When updating or modifying a cluster (for example, adding a worker pool), ensure the configuration follows the supported ClusterClass format as documented by Broadcom:
  https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vsphere-supervisor-services-and-standalone-components/latest/managing-vsphere-kuberenetes-service-clusters-and-workloads/provisioning-tkg-service-clusters/using-the-cluster-v1beta1-api/using-the-versioned-clusterclass/v1beta1-example-cluster-with-ubuntu-tkr.html