• Local Consumption Interface service is not able to install and getting below error.
  “Reason: ReconcileFailed. Message: kapp: Error: waiting on reconcile deployment/cci-ns-controller-manager (apps/v1) namespace: ##-##-##-domain-c10: Finished waiting unsuccessfully: Deployment is not progressing: ProgressDeadlineExceeded, message: ReplicaSet "##-##-controller-manager-#######c76" has timed out progressing..”
• When a Supervisor Service is installed, the kapp-controller running on the Supervisor control plane VMs pulls the Carvel imgpkg bundle that defines the service from projects.packages.broadcom.com over HTTPS. This bundle is pulled on the Supervisor management network.
• kapp-controller then deploys the YAML extracted from the service bundle.
• This results in a PodVM being created that will pull its container image(s) via the image-fetcher component running on each ESX host on the Supervisor workload network. If you are using a vSphere Distributed Switch (VDS) networking stack solution (NSX Advanced Load Balancer or HAProxy) the primary workload will be used to pull the container images.
• For services that run on the Supervisor control plane (vSphere Kubernetes Service, Velero, etc.), the container images will be pulled from the Supervisor control plane VMs over the management network.
• If the Supervisor is using the proxy to access the projects.packages.broadcom.com then Verify the network connectivity to the projects.packages.broadcom.com via proxy IP form the eth1 (Workload network.) which is failing.

• Validate the management interface eth0 able to communicate to projects.packages.broadcom.com via proxy IP.

VMware NSX 9.0.2
VMware vSphere Kubernetes Service

The Local Consumption Interface (LCI) service installation will fail if connectivity to the external proxy over eth1 (used for workload traffic) is unsuccessful.

The physical firewall to allow traffic from the NSX VPC (private subnet connected to eth1) external blocks CIDR to the external proxy IP.