• The group on NSX is configured with match criteria of "Kubernetes Cluster equal", however, the IP is not reflected as an effective member of the Group on NSX.
• Kubernetes upgrade was performed after which the issue is observed.
• If the match criteria of "Kubernetes Cluster equal" is removed from the Group, all cluster IPs appear as effective members in the Group.

VMware NSX

vSphere Kubernetes Service

In Container inventory on NSX, when Container cluster is deleted, Cluster Delete API is called first without deleting child objects.
This can cause stale entries in CCP which will result in incorrect group evaluation on NSX.

This is a known issue on NSX which will be fixed in upcoming releases.

Workaround:

Restart nsx-ccp service on all 3 Manager node:

/etc/init.d/nsx-ccp restart