• VMware Kubernetes Service
• VMware NSX

This log indicates the image pull is failing due to connectivity. The exact network path may vary but on an NSX backed deployment the traffic will be from the supervisor control VM's eth1 segment that is created to the IP shown in the error message (which is the resolved IP of projects.packages.broadcom.com).

The full network path needs to allow and route for the egress IP range assigned to the VKS workload network.This can be an  environmental issue where an external firewall (northbound of the NSX Tier-0 Gateway) is blocking outbound traffic eventing communication with the Broadcom package repository on port 443.

Investigate the datapath and ensure there is connectivity from the CCI segment to projects.packages.broadcom.com or the resolved IP as indicated in the error message.

To validate if you can reach image repository from Supervisor Workload network

root@################# [ ~ ]# curl --interface eth1 https://projects.packages.broadcom.com -vvv

*   Trying #.#.#.#:443...

In order to resolve the issue, allow access to repository from Frontend/Workload network gateway on your network or Proxy server if configured.
Once the configuration has been updated, validate using the same command (above).

Sample:

# root@############### [ ~ ]# curl --interface eth1 projects.packages.broadcom.com -vvv

Connected to projects.packages.broadcom.com (#.#.#.#) port 443 (#0)

In an NSX environment, a traceflow can also be performed from the supervisor control VM to the relevant IP using layer 2 traceflow.

For Supervisor setup with VDS also refer: vSphere Pod Traffic to ClusterIP Time-outs

If you're unable to implement the resolution's connectivity requirements to projects.packages.broadcom.com, you can implement an air-gapped solution to store the images locally. Reference VKS Deployment Guide for Air-Gapped Environments

Similar issue for Contour deployment - Enabling Contour service on Supervisor fails with error: Deployment is not progressing