The TCA UI displays the error: Grant request failed: Error loading Kubernetes API resources: : Unauthorized (CNF130005).

Review of the app-engine.log on the TCA Control Plane (TCA-CP) shows a 401 Unauthorized response when querying the Kubernetes API server for the workload cluster.

3.x

To bypass the Unauthorized (CNF130005) error and allow the instantiation to proceed, you can disable the Grant Request validation feature. This feature performs a pre-instantiation check against the Kubernetes API to ensure resource availability and policy compliance. Disabling it stops the immediate authentication failure from blocking the deployment.

Steps to Disable Grant Request:

1. Log in to the VMware Telco Cloud Automation UI.
2. Navigate to Inventory --> Network function
3. Locate the specific CNF package and click the Options (three dots) icon next to the CNF name.
4. Select Instantiate.
5. In the Inventory Detail tab, scroll down to the Advanced Settings section.
6. Locate the Grant Validation drop-down menu and select Disable.
   Note: This setting ensures that TCA does not run validation or feasibility checks (such as resource dry-runs) for the target Kubernetes cluster, bypassing the current authentication failure.
7. Complete the remaining instantiation wizard steps.

Long-Term Resolution Requirements:
While this workaround allows the instantiation to complete, the underlying authentication or resource validation issue remains.

Vendor Action: Please contact your CNF Vendor and request that they validate their Helm charts and instantiation workflows with the Broadcom Partner Engineering team.

Compliance Check: The vendor must ensure the CNF is fully compliant with VMware Telco Cloud standards, specifically regarding OCI chart structure and RBAC requirements for the Grant phase.