Enabling Debug Logging for Supervisor Management Proxy in vSphere Supervisor Cluster.
search cancel

Enabling Debug Logging for Supervisor Management Proxy in vSphere Supervisor Cluster.

book

Article ID: 436552

calendar_today

Updated On:

Products

VMware vSphere Kubernetes Service

Issue/Introduction

This article outlines the procedure to enable debug logging for Supervisor Management Proxy in a vSphere Supervisor Cluster.

Debug logging may be required when troubleshooting issues related to:

  • TLS/certificate validation
  • Network connectivity
  • DNS resolution
  • Upstream communication failures

Environment

  • vSphere 9.0 and later
  • vSphere Kubernetes Service 

Resolution

 
1. Identify the Supervisor Management Proxy Pod by logging in to Supervisor Cluster (Troubleshooting vSphere Supervisor Control Plane VMs)
 
k get pods -n svc-supervisor-management-proxy-domain-<id>
 
NAME                                           READY   STATUS    RESTARTS   AGE
supervisor-management-proxy-xxxxxxxxx-xxxxx     1/1     Running   0          <age>
 
2. Review Existing pod Logs.By default, logs are limited
 
k logs -n svc-supervisor-management-proxy-domain-<id> supervisor-management-proxy-<pod-name>
 
[2026-03-13T07:07:24.049Z] "- - -" 0 - 0 0 2 - "-" "-" "-" "-" "-"
[2026-03-13T07:07:25.858Z] "- - -" 0 - 0 0 2 - "-" "-" "-" "-" "-"
[2026-03-13T07:07:26.517Z] "- - -" 0 - 0 0 3 - "-" "-" "-" "-" "-"
[2026-03-13T07:07:27.135Z] "- - -" 0 - 0 0 2 - "-" "-" "-" "-" "-"
[2026-03-13T07:07:27.378Z] "- - -" 0 - 0 0 2 - "-" "-" "-" "-" "-"
 
3. Verify Package Installation
 
k get pkgi -n vmware-system-supervisor-services
 
NAME                                               PACKAGE NAME                                VERSION   DESCRIPTION
svc-supervisor-management-proxy.vmware.com          supervisor-management-proxy.vmware.com      <version> Reconcile succeeded
 
 
4.Pause package reconciliation to prevent system from overwriting manual changes.
 
k edit pkgi -n vmware-system-supervisor-services svc-supervisor-management-proxy.vmware.com
 
spec:
 packageRef:
  refName: supervisor-management-proxy.vmware.com
  
Modify spec as follows:
 
spec:
 paused: true
 packageRef:
  refName: supervisor-management-proxy.vmware.com
  
5.Enable Debug Logging in the Deployment by editing the deployment:
  
k edit deployment -n svc-supervisor-management-proxy-domain-<id> supervisor-management-proxy
 
spec:
  containers:
    - command:
      - envoy
      - --config-path
      - /etc/envoy/envoy.yaml
      env:
      - name: Supervisor_Management_Proxy_POD_IP
        valueFrom:
          fieldRef:
            apiVersion: v1
            fieldPath: status.podIP
 
Update it to include debug logging:
 
spec:
  containers:
    - command:
      - envoy
      - --config-path
      - /etc/envoy/envoy.yaml
      - --log-level
      - debug
      env:
      - name: Supervisor_Management_Proxy_POD_IP
        valueFrom:
          fieldRef:
            apiVersion: v1
            fieldPath: status.podIP
 
6.After saving the changes, The pod will automatically restart and a new pod instance will be created with debug logging enabled
 
k logs -n svc-supervisor-management-proxy-domain-<id> supervisor-management-proxy-<pod name>
 
[debug][connection] TLS handshake error: certificate verification failed
[debug][connection] closing socket
[debug][conn_handler] new connection established
[debug][dns] DNS resolution returned no records
 
 
7.Once troubleshooting is complete, revert the changes by removing "paused: true"
 
kubectl edit pkgi -n vmware-system-supervisor-services svc-supervisor-management-proxy.vmware.com
 
Powered by Wolken Software