VKr/TKr 1.33 is not listed when running command 'kubectl get kubernetesreleases'
search cancel

VKr/TKr 1.33 is not listed when running command 'kubectl get kubernetesreleases'

book

Article ID: 437340

calendar_today

Updated On:

Products

VMware vSphere Kubernetes Service

Issue/Introduction

VKr/TKr 1.33.x is part of VKS 3.4.2+v1.33 as per interoperability matrix (screenshot below)

When checking the Content Library the subscription url was set to https://wp-content.vmware.com/v2/latest/lib.json.

Example below 

{
  "vcspVersion": "2",
  "contentVersion": "1",
  "version": "142",
  "name": "s72",
  "created": "2020-04-01T23:26:27.787701",
  "itemsHref": "items.json",
  "id": "urn:uuid:8bae5c5d-170d-4044-b35c-90def77c8b88",
  "capabilities": {
    "transferIn": [
      "httpGet"
    ],
    "transferOut": [
      "httpGet"
    ]
  }
}

If performing a resync of the Content Library an error message "A specified parameter was not correct: The remote library is not reachable" is displayed.

Also when in Edit Settings for the Content Library and after clicking OK same message the message "The remote library is not reachable" is displayed.

Testing connection from the vCenter CLI to the content library by running below curt test:

curl -kv https://wp-content.vmware.com/v2/latest/lib.json


Timeouts similar to below were observed.

* Host wp-content.vmware.com:443 was resolved.
* IPv6: (none)
* IPv4: ###.###.###.###, ###.###.###.###
* Trying ###.###.###.###:443...
* connect to ###.###.###.### port 443 failed: Connection timed out
* Failed to connect to wp-content.vmware.com port 443 after 130541 ms: Connection timed out
* Closing connection 0
curl: (28) Failed to connect to wp-content.vmware.com port 443 after 130541 ms: Connection timed out

No proxy is set on vCenter side.

Environment

VKS 3.4.2+v1.33
Supervisor v1.31.11+vmware.1-fips
Guest cluster 1.32 to 1.33

Cause

Connectivity or timeout issues between vCenter and the Content Library subscription url existed.

Curl test from the vCenter to the Content Library subscription url showed timeouts.

Positive curl test should look similar to below:

curl -kv https://wp-content.vmware.com/v2/latest/lib.json
* Host wp-content.vmware.com:443 was resolved.
* IPv6: (none)
* IPv4: ###.###.###.###, ###.###.###.###
*   Trying ###.###.###.###:443...
* Connected to wp-content.vmware.com (###.###.###.###) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: C=US; ST=California; L=Palo Alto; O=Broadcom Inc.; CN=wp-content.vmware.com
*  start date: Mar 28 00:00:00 2026 GMT
*  expire date: Oct 12 23:59:59 2026 GMT
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://wp-content.vmware.com/v2/latest/lib.json
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: wp-content.vmware.com]
* [HTTP/2] [1] [:path: /v2/latest/lib.json]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: */*]
> GET /v2/latest/lib.json HTTP/2
> Host: wp-content.vmware.com
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/2 200
< date: Fri, 17 Apr 2026 07:47:11 GMT
< content-type: application/json
< content-length: 326
< server: cloudflare
< cf-ray: 9ed9d1fdfb6afba6-AMS
< cf-cache-status: HIT
< accept-ranges: bytes
< age: 20264
< cache-control: max-age=86400, no-store
< etag: "188acda7e16b7ab5cb0dcdb623ee58d4"
< last-modified: Mon, 13 Apr 2026 06:27:05 GMT
< strict-transport-security: max-age=31536000; includeSubDomains
< content-security-policy: *
< expect-ct: enforce, max-age=300
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-xss-protection: 1; mode=block
<
{
  "vcspVersion": "2",
  "contentVersion": "1",
  "version": "142",
  "name": "s72",
  "created": "2020-04-01T23:26:27.787701",
  "itemsHref": "items.json",
  "id": "urn:uuid:########-####-####-####-############",
  "capabilities": {
    "transferIn": [
      "httpGet"
    ],
    "transferOut": [
      "httpGet"
    ]
  }
* Connection #0 to host wp-content.vmware.com left intact

Resolution

Have network team add a network policy rule to allow the communication between vCenter and the Content Library subscription url.

By allowing this traffic the vCenter can communicate with the Content Library subscription url thus allowing the VKr/TKr list to update and display correctly when requested via the Supervisor context using CLI command below:

kubectl get kubernetesreleases
Powered by Wolken Software