Release Notes

Page last updated:

This topic contains release notes for Tanzu Kubernetes Grid Integrated Edition (TKGI) v1.11.

Warning: Before installing or upgrading to Tanzu Kubernetes Grid Integrated Edition v1.11, review the Breaking Changes below.

TKGI v1.11.1

Release Date: June 14, 2021

Product Snapshot

Release Details
Version v1.11.1
Release date June 14, 2021
Component Version
Antrea v0.11.3
cAdvisor v0.36.0
CSI Driver for vSphere v2.2.0
CoreDNS v1.7.0+vmware.8
Docker Linux: v19.03.14
Windows: v19.03.14
etcd v3.4.13
Harbor v2.2.1
Kubernetes v1.20.6
Metrics Server v0.3.6
NCP v3.1.2
Percona XtraDB Cluster (PXC) v0.33.0
UAA v74.5.22
Velero v1.6.0
VMware Cloud Foundation (VCF) v4.3 L1
Wavefront Wavefront Collector: v1.3.4
Wavefront Proxy: v9.7
Compatibilities Versions
Ops Manager v2.10.11 or later
NSX-T See VMware Product Interoperability Matrices.
vSphere
Windows stemcells v2019.34 or later
Xenial stemcells See VMware Tanzu Network.

* Components marked with an asterisk have been updated.

Upgrade Path

The supported upgrade paths to TKGI v1.11.1 are from Tanzu Kubernetes Grid Integrated Edition v1.10.0 and later.

Resolved Issues

TKGI v1.11.1 has the following resolved issues:

Upcoming Deprecations

For information on the upcoming deprecations, see Upcoming Deprecations in the TKGI 1.11.0 Release Notes.

Known Issues

Except where noted, the known issues in Tanzu Kubernetes Grid Integrated Edition v1.11.0 are also in Tanzu Kubernetes Grid Integrated Edition v1.11.1. See the TKGI v1.11.0 Known Issues below.

TKGI Management Console v1.11.1

Release Date: June 14, 2021

Note: Tanzu Kubernetes Grid Integrated Edition Management Console provides an opinionated installation of TKGI. The supported versions may differ from or be more limited than what is generally supported by TKGI.

Product Snapshot

Element Details
Version v1.11.1
Release date June 14, 2021
Installed Tanzu Kubernetes Grid Integrated Edition version v1.11.1
Installed Ops Manager version v2.10.11
Component Version
Installed Kubernetes version v1.20.6
Installed Harbor Registry version v2.2.1
Linux stemcell v621.125
Windows stemcells v2019.34 and later

* Components marked with an asterisk have been updated.

Upgrade Path

The supported upgrade path to Tanzu Kubernetes Grid Integrated Edition Management Console v1.11.1 is from Tanzu Kubernetes Grid Integrated Edition v1.10.0 and later.

Features and Resolved Issues

TKGI Management Console v1.11.1 has the following resolved issues:

Known Issues

Except where noted, the known issues in Tanzu Kubernetes Grid Integrated Edition Management Console v1.11.0 are also in Tanzu Kubernetes Grid Integrated Edition Management Console v1.11.1. See the TKGI Management Console v1.11.0 Known Issues below.

TKGI v1.11.0

Release Date: May 27, 2021

Product Snapshot

Release Details
Version v1.11.0
Release date May 27, 2021
Component Version
Antrea v0.11.3*
cAdvisor v0.36.0*
CSI Driver for vSphere v2.2.0*
CoreDNS v1.7.0+vmware.8
Docker Linux: v19.03.14
Windows: v19.03.14
etcd v3.4.13
Harbor v2.2.1
Kubernetes v1.20.6*
Metrics Server v0.3.6
NCP v3.1.2*
Percona XtraDB Cluster (PXC) v0.33.0
UAA v74.5.22
Velero v1.6.0*
VMware Cloud Foundation (VCF) v4.3 L1
Wavefront Wavefront Collector: v1.3.4*
Wavefront Proxy: v9.7*
Compatibilities Versions
Ops Manager v2.10.11 or later
NSX-T See VMware Product Interoperability Matrices.
vSphere
Windows stemcells v2019.34 or later
Xenial stemcells See VMware Tanzu Network.

* Components marked with an asterisk have been updated.

Upgrade Path

The supported upgrade paths to TKGI v1.11.0 are from Tanzu Kubernetes Grid Integrated Edition v1.10.0 and later.

Warning: If you have nodes with more than 30 stateful Pods or nodes with a total of more than 50 Pods, do not upgrade to TKGI v1.11.0. For more information, see Nodes with More Than 30 Stateful Pods Are in a NotReady State below.

Breaking Changes

TKGI v1.11.0 has the following breaking changes:

  • The built-in Clair container image scanner is deprecated in favor of Trivy. If you have enabled Clair, do one of the following before upgrading to Harbor tile v2.2.1:
    • In the Harbor tile, select the Trivy scanner as the default in “Interrogation Service”.
    • Install the Clair scanner outside the Harbor tile VM and configure the Clair scanner as the default scanner in “Interrogation Service”. For more information about installing Clair, see Getting Started With Clair in the Clair documentation. For information about upgrading TKGI with Clair enabled, see Update Default Scanner in Upgrade Preparation Checklist for Tanzu Kubernetes Grid Integrated Edition v1.10.

Features

TKGI v1.11.0 has the following features and enhancements:

Support for Per-Cluster CA and Custom CA

TKGI v1.11 updates the security of the platform by removing the shared cluster CA and introducing a per-cluster CA. By default a new or updated cluster is given its own unique CA that is used to sign the TLS certificates specific to that cluster. No action is needed to take advantage of the per-cluster CA; it is injected automatically for any Kubernetes cluster provisioned by TKGI v1.11 and later. For more information, see TKGI Certificates.

A byproduct of the introduction of the per-cluster CA is that you can now use a custom CA when you create a cluster. While this is an advanced use case, it may be appropriate for some customers with specific security requirements. See Use a Custom CA for Kubernetes Clusters and Creating Clusters for more information.

Automatic vSphere CSI Driver Integration

TKGI v1.11.0 supports automatic vSphere CSI Driver installation on vSphere. Automatic vSphere CSI Driver integration provides CNS as a process, allowing CNS volumes to be deployed to clusters without requiring access to IaaS credentials. For more information, see Deploying Cloud Native Storage (CNS) on vSphere.

Add DNS Server IPs to Clusters Using Network Profiles

Supports using Network Profiles to add additional DNS server IPs to existing clusters. For information about using a Network Profile to update a cluster with additional DNS server IPs, see Confirm the Network Profile Property Supports Updates in Creating and Deleting Network Profiles (NSX-T Only).

Kubernetes Host Port Support

Supports the Kubernetes Host Port feature. The Kubernetes Host Port feature allows you to expose an application to be externally accessible through a single port. Host Port support requires a Host Port-compatible CNI. Host Port support does not require privileged mode. For more information, see Creating and Deleting Network Profiles (NSX-T Only).

Supports Kubernetes NodeLocal DNSCache

Supports enabling the NCP 3.1 Kubernetes NodeLocal DNSCache feature. NodeLocal DNSCache improves cluster DNS performance by running a DNS caching agent on cluster nodes. The agent runs on the nodes as a DaemonSet. For more information, see Creating and Deleting Network Profiles (NSX-T Only).

CoreDNS is Highly Available

CoreDNS in TKGI v1.11.0 and later is highly available. CoreDNS functions in multi-node Pods are automatically distributed across Pods across your designated AZs. CoreDNS in an existing TKGI multi-node Pod is automatically reconfigured for high availability when the cluster is upgraded to TKGI v1.11.

Support for BOSH VM Extensions

TKGI v1.11.0 supports configuring new and existing TKGI-provisioned Kubernetes clusters using BOSH VM Extensions. For more information, see Using BOSH VM Extensions.

VMware vSphere Bitfusion Interoperability

VMware vSphere Bitfusion supports TKGI v1.11.0.

Bitfusion decouples physical resources from servers within an environment. The Bitfusion platform can share graphical processing units (GPUs) in a virtualized infrastructure, as a pool of network-accessible resources, rather than isolated resources per server. Bitfusion works across AI frameworks, clouds, networks, and in environments such as virtual machines and containers.

For information about integrating your TKGI clusters with Bitfusion, see the VMware Kubernetes Integration with Bitfusion solutions guide. For information about Bitfusion, see the VMware vSphere Bitfusion Documentation.

Additional Features

TKGI v1.11.0 includes the following additional features:

  • Returns an error if a network profile configuration changes a parameter that does not support modification.
  • Supports integration with Tanzu Mission Control. For more information about Tanzu Mission Control, see the Tanzu Mission control documentation.

Resolved Issues

TKGI v1.11.0 has the following resolved issues:

Upcoming Deprecations

The following TKGI features will be deprecated or removed in future versions of TKGI:

  • Flannel Support: Support for the Flannel Container Networking Interface (CNI) will be deprecated in TKGI v1.13. VMware recommends that you upgrade your Flannel CNI-configured clusters to the Antrea CNI. For more information about Flannel CNI deprecation, see About Upgrading from the Flannel CNI to the Antrea CNI in About Tanzu Kubernetes Grid Integrated Edition Upgrades.

  • Docker Support: kubelet support for Docker images has been deprecated and Docker support will be completely removed in Kubernetes v1.24. TKGI support for containerd is scheduled to begin in TKGI v1.12.

  • VCP Support: VCP support has been deprecated and support will be completely removed in a future TKGI version.

Known Issues

TKGI v1.11.0 has the following known issues:

Nodes with More Than 30 Stateful Pods Are in a NotReady State

This issue is fixed in TKGI v1.11.1.

Warning: If you have nodes with more than 30 stateful Pods or nodes with a total of more than 50 Pods, do not upgrade to TKGI v1.11.0.

Symptom

Nodes that have more than 50 Pods or more than 30 stateful Pods are in a NotReady state, and you see the following errors in kubelet logs:

Error syncing pod ... skipping: rpc error: code = DeadlineExceeded desc = context deadline exceeded
skipping pod synchronization - PLEG is not healthy: pleg was last seen active...
skipping pod synchronization - PLEG is not healthy: pleg was last seen active...
failed to collect filesystem stats - rootDiskErr: could not stat .. to get inode usage: stat ...: no such file or directory, extraDiskErr: could not stat

Explanation

The runc component has introduced instability into nodes consisting of 50 or more Pods or 30 or more statefulset Pods. For more information, see loading seccomp filter: invalid argument in the runc GitHub repository.

Pods Stop After Upgrading From NSX-T v3.0.2 to v3.1.0 on vSphere 7.0 and 7.0.1

Symptom

Your TKGI-provisioned Pods stop after upgrading from NSX-T v3.0.2 to NSX-T v3.1.0 on vSphere 7.0 and 7.0.1.

Explanation

For information, see Issue 2603550: Some VMs are vMotioned and lose network connectivity during UA nodes upgrade in the VMware NSX-T Data Center 3.1.1 Release Notes.

Workaround

To avoid the loss of network connectivity during UA node upgrade, ensure DRS is set to manual mode during your upgrade from NSX-T v3.0.2 to v3.1.0.

If you upgraded to NSX-T v3.1.0 with DRS in automation mode, run the following on the affected Pods’ master VMs to restore Pod connectivity:


monit restart ncp

For more information on upgrading NSX-T v3.0.2 to NSX-T v3.1.0, see Upgrade NSX-T Data Center to v3.0 or v3.1.

Error: Could Not Execute “Apply-Changes” in Azure Environment

Symptom

After clicking Apply Changes on the TKGI tile in an Azure environment, you experience an error ’…could not execute “apply-changes”…’ with either of the following descriptions:

  • {“errors”:{“base”:[“undefined method 'location’ for nil:NilClass”]}}
  • FailedError.new(“Resource Groups in region ’#{location}’ do not support Availability Zones”))

For example:

INFO | 2020-09-21 03:46:49 +0000 | Vessel::Workflows::Installer#run | Install product (apply changes)
2020/09/21 03:47:02 could not execute "apply-changes": installation failed to trigger: request failed: unexpected response from /api/v0/installations:
HTTP/1.1 500 Internal Server Error
Transfer-Encoding: chunked
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Mon, 21 Sep 2020 17:51:50 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Server: Ops Manager
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: f5fc99c1-21a7-45c3-7f39
X-Runtime: 9.905591
X-Xss-Protection: 1; mode=block

44
{"errors":{"base":["undefined method `location' for nil:NilClass"]}}
0

Explanation

The Azure CPI endpoint used by Ops Manager has been changed and your installed version of Ops Manager is not compatible with the new endpoint.

Workaround

Run the following Ops Manager CLI command:

om --skip-ssl-validation --username USERNAME --password PASSWORD --target https://OPSMAN-API curl --silent --path /api/v0/staged/director/verifiers/install_time/IaasConfigurationVerifier -x PUT -d '{ "enabled": false }'

Where:

  • USERNAME is the account to use to run Ops Manager API commands.
  • PASSWORD is the password for the account.
  • OPSMAN-API is the IP address for the Ops Manager API

For more information, see Error 'undefined method location’ is received when running Apply Change on Azure in the VMware Tanzu Knowledge Base.

VMware vRealize Operations Does Not Support Windows Worker-Based Kubernetes Clusters

VMware vRealize Operations (vROPs) does not support Windows worker-based Kubernetes clusters and cannot be used to manage TKGI-provisioned Windows workers.

TKGI Wavefront Requires Manual Installation for Windows Workers

To monitor Windows-based worker node clusters with a Wavefront collector and proxy, you must first install Wavefront on the clusters manually, using Helm. For instructions, see the Wavefront section of the Monitoring Windows Worker Clusters and Nodes topic.

Pinging Windows Worker Kubernetes Clusters Does Not Work

TKGI-provisioned Windows worker-based Kubernetes clusters inherit a Kubernetes limitation that prevents outbound ICMP communication from workers. As a result, pinging Windows workers does not work.

For information about this limitation, see Limitations > Networking in the Windows in Kubernetes documentation.

Velero Does Not Support Backing Up Stateful Windows Workloads

You can use Velero to back up stateless TKGI-provisioned Windows workers only. You cannot use Velero to back up stateful Windows applications. For more information, see Velero on Windows in Basic Install in the Velero documentation.

Tanzu Mission Control Integration Not Supported on GCP

TKGI on Google Cloud Platform (GCP) does not support Tanzu Mission Control (TMC) integration, which is configured in the Tanzu Kubernetes Grid Integrated Edition tile > the Tanzu Mission Control pane.

If you intend to run TKGI on GCP, skip this pane when configuring the Tanzu Kubernetes Grid Integrated Edition tile.

TMC Data Protection Feature Requires Privileged TKGI Containers

TMC Data Protection feature supports privileged TKGI containers only. For more information, see Plans in the Installing TKGI topic for your IaaS.

Windows Worker Kubernetes Clusters with Group Managed Service Account Do Not Support Compute Profiles

Windows worker-based Kubernetes clusters integrated with group Managed Service Account (gMSA) cannot be managed using compute profiles.

Windows Worker Kubernetes Clusters on Flannel Do Not Support Compute Profiles

On vSphere with NSX-T networking you can use compute profiles with both Linux and Windows worker‑based Kubernetes clusters. On vSphere with Flannel networking, you can apply compute profiles only to Linux clusters.

TKGI CLI Does Not Prevent Reducing the Control Plane Node Count

TKGI CLI does not prevent accidentally reducing a cluster’s control plane node count using a compute profile.

Warning: Reducing a cluster’s control plane node count can destroy the cluster. Do not scale out or scale in existing master nodes by reconfiguring the TKGI tile or by using a compute profile. Reducing a cluster’s number of control plane nodes may remove a master node and cause the cluster to become inactive.

Windows Cluster Nodes Not Deleted After VM Deleted

Symptom

After you delete a VM using the management console of your infrastructure provider, you notice a Windows worker node that had been on that VM is now in a notReady state.

Solution

  1. To identify the leftover node:

    kubectl get no -o wide
    
  2. Locate nodes on the returned list that are in a notReady state and have the same IP address as another node in the list.

  3. To manually delete a notReady node:

    kubectl delete node NODE-NAME
    

    Where NODE-NAME is the name of the node in the notReady state.

502 Bad Gateway After OIDC Login

Symptom

You experience a “502 Bad Gateway” error from the NSX load balancer after you log in to OIDC.

Explanation

A large response header has exceeded your NSX-T load balancer maximum response header size. The default maximum response header size is 10,240 characters and should be resized to 50,000.

Workaround

If you experience this issue, manually reconfigure your NSX-T request_header_size and response_header_size to 50,000 characters. For information about configuring NSX-T default header sizes, see OIDC Response Header Overflow in the Knowledge Base.

Difficulty Changing Proxy for Windows Workers

You must configure a global proxy in the Tanzu Kubernetes Grid Integrated Edition tile > Networking pane before you create any Windows workers that use the proxy.

You cannot change the proxy configuration for Windows workers in an existing cluster.

Character Limitations in HTTP Proxy Password

For vSphere with NSX-T, the HTTP Proxy password field does not support the following special characters: & or ;.

Error After Modifying Your Harbor Storage Configuration

Symptom

You receive the following error after modifying your existing Harbor installation’s storage configuration:

Error response from daemon: manifest for ... not found: manifest unknown: manifest unknown

Explanation

Harbor does not support modifying an existing Harbor installation’s storage configuration.

Workaround

To modify your Harbor storage configuration, re-install Harbor. Before starting Harbor, configure the new Harbor installation with the desired configuration.

Unexplained Errors After Interrupting a Log Stream When Using Antrea Networking

Symptom

While using Antrea networking, you observe unexplainable errors after you interrupt a log stream started using kubectl logs -f POD-NAME. The errors could include any of the following:

  • kubectl returns the error: “Error from server (TooManyRequests): the server has received too many”.
  • kube-apiserver returns an http code 429.

Explanation

When using Antrea networking there is a chance that konnectivity-agent will become unstable after interrupting your kubectl log steam.

Workaround

To resolve the issue:

  1. Log in to the master VM:

    bosh -d DEPLOYMENT-NAME ssh master/0
    
  2. Change to root:

    sudo -i
    
  3. Restart proxy-server:

    monit restart proxy-server
    
  4. Wait for proxy-server restart:

    monit summary
    

Ingress Controller Statefulset Fails to Start After Resizing Worker Nodes

Symptom

Permissions are removed from your cluster’s files and processes after resizing the persistent disk during a cluster upgrade. The ingress controller statefulset fails to start.

Explanation

When resizing a persistent disk, Bosh migrates the data from the old disk to the new disk but does not copy the files’ extended attributes.

Workaround

To resolve the problem, complete the steps in Ingress controller statefulset fails to start after resize of worker nodes with permission denied in the VMware Tanzu Knowledge Base.

Azure Default Security Group Is Not Automatically Assigned to Cluster VMs

Symptom

You experience issues when configuring a load balancer for a multi-master Kubernetes cluster or creating a service of type LoadBalancer. Additionally, in the Azure portal, the VM > Networking page does not display any inbound and outbound traffic rules for your cluster VMs.

Explanation

As part of configuring the Tanzu Kubernetes Grid Integrated Edition tile for Azure, you enter Default Security Group in the Kubernetes Cloud Provider pane. When you create a Kubernetes cluster, Tanzu Kubernetes Grid Integrated Edition automatically assigns this security group to each VM in the cluster. However, on Azure the automatic assignment may not occur.

As a result, your inbound and outbound traffic rules defined in the security group are not applied to the cluster VMs.

Workaround

If you experience this issue, manually assign the default security group to each VM NIC in your cluster.

One Plan ID Longer than Other Plan IDs

Symptom

One of your plan IDs is one character longer than your other plan IDs.

Explanation

In TKGI, each plan has a unique plan ID. A plan ID is normally a UUID consisting of 32 alphanumeric characters and 4 hyphens. However, the Plan 4 ID consists of 33 alphanumeric characters and 4 hyphens.

Solution

You can safely configure and use Plan 4. The length of the Plan 4 ID does not affect the functionality of Plan 4 clusters.

If you require all plan IDs to have identical length, do not activate or use Plan 4.

The TKGI API FQDN Must Not Include Trailing Whitespace

Symptom

Your TKGI logs include the following error:

'uaa'. Errors are:- Error filling in template 'uaa.yml.erb' (line 59: Client redirect-uri is invalid: uaa.clients.pks_cli.redirect-uri Client redirect-uri is invalid: uaa.clients.pks_cluster_client.redirect-uri)

Explanation

The TKGI API fully-qualified domain name (FQDN) for your cluster contains leading or trailing whitespace.

Workaround

Do not include whitespace in the TKGI tile API Hostname (FQDN) field.

Database Cluster Stops After a DB Instance Is Stopped

Symptom

After you stop one instance in a multiple-instance database cluster, the cluster stops, or communication between the remaining databases times out, and the entire cluster becomes unreachable.

The following might be in your UAA log:

WSREP has not yet prepared node for application use

Explanation

The database cluster is unable to recover automatically because a member is no longer available to reconcile quorum.

Windows Workloads With Attached Dynamic PVs Must Be Removed before Deleting a Cluster

Symptom

Your tkgi delete-cluster operation hangs while draining a Windows worker VM containing a Pod bound to one or more dynamic persistent volumes (PVs).

Workaround

Before deleting your Windows cluster, remove all workloads.

Velero Back Up Fails for vSphere PVs Attached to Clusters on Kubernetes v1.20 and Later

Symptom

Backing up vSphere persistent volumes using Velero fails and your Velero backup log includes the following error:

rpc error: code = Unknown desc = Failed during IsObjectBlocked check: Could not translate selfLink to CRD name

Explanation

This is a known issue when backing up clusters on Kubernetes v1.20 and later using the Velero Plugin for vSphere v1.1.0 or earlier.

Workaround

To resolve the problem, complete the steps in Velero backups of vSphere persistent volumes fail on Kubernetes clusters version 1.20 or higher (83314) in the VMware Tanzu Knowledge Base.

NSX-T Pre-Check Errand Fails Due to Edge Node CPU Count Configuration

This issue is fixed in TKGI v1.8.0 and later and was incorrectly included in the TKGI v1.11 Release Notes.

Symptom

You have configured your NSX-T Edge Node VM as medium size, and the NSX-T Pre-Check Errand fails with the following error: “ERROR: NSX-T Precheck failed due to Edge Node … no of cpu cores is less than 8”.

Explanation

The NSX-T Pre-Check Errand is erroneously returning the “cpu cores is less than 8” error.

Solution

You can safely configure your NSX-T Edge Node VMs as medium size and ignore the error.

TKGI Management Console v1.11.0

Release Date: May 27, 2021

Note: Tanzu Kubernetes Grid Integrated Edition Management Console provides an opinionated installation of TKGI. The supported versions may differ from or be more limited than what is generally supported by TKGI.

Product Snapshot

Element Details
Version v1.11.0
Release date May 27, 2021
Installed Tanzu Kubernetes Grid Integrated Edition version v1.11.0
Installed Ops Manager version v2.10.11
Component Version
Installed Kubernetes version v1.20.6*
Installed Harbor Registry version v2.2.1*
Linux stemcell v621.125*
Windows stemcells v2019.34 and later*

* Components marked with an asterisk have been updated.

Upgrade Path

The supported upgrade path to Tanzu Kubernetes Grid Integrated Edition Management Console v1.11.0 is from Tanzu Kubernetes Grid Integrated Edition v1.10.0 and later.

Warning: If you have nodes with more than 30 stateful Pods or nodes with a total of more than 50 Pods, do not upgrade to TKGI v1.11.0. For more information, see Nodes with More Than 30 Stateful Pods Are in a NotReady State above.

Features and Resolved Issues

TKGI Management Console v1.11.0 has the following resolved issues:

Known Issues

The Tanzu Kubernetes Grid Integrated Edition Management Console v1.11.0 has the following known issues:

Warning: If you have nodes with more than 30 stateful Pods or nodes with a total of more than 50 Pods, do not upgrade to TKGI v1.11.0. For more information, see Nodes with More Than 30 Stateful Pods Are in a NotReady State above.

vRealize Log Insight Integration Does Not Support HTTPS Connections

Symptom

The Tanzu Kubernetes Grid Integrated Edition Management Console integration to vRealize Log Insight does not support connections to the HTTPS port on the vRealize Log Insight server.

Workaround

  1. Use SSH to log in to the Tanzu Kubernetes Grid Integrated Edition Management Console appliance VM.
  2. Open the file /lib/systemd/system/pks-loginsight.service in a text editor.
  3. Add -e LOG_SERVER_ENABLE_SSL_VERIFY=false.
  4. Set -e LOG_SERVER_USE_SSL=true.

    The resulting file should look like the following example:

    ExecStart=/bin/docker run --privileged --restart=always --network=pks
    -v /var/log/journal:/var/log/journal
    --name=pks-loginsight
    -e TYPE=gear2-vm
    -e LOG_SERVER_HOST=${LOGINSIGHT_HOST}
    -e LOG_SERVER_PORT=${LOGINSIGHT_PORT}
    -e LOG_SERVER_ENABLE_SSL_VERIFY=false
    -e LOG_SERVER_USE_SSL=true
    -e LOG_SERVER_AGENT_ID=${LOGINSIGHT_ID}
    pksoctopus/vrli-journald:v07092019
    
  5. Save the file and run systemctl daemon-reload.

  6. To restart the vRealize Log Insight service, run systemctl restart pks-loginsight.service.

Tanzu Kubernetes Grid Integrated Edition Management Console can now send logs to the HTTPS port on the vRealize Log Insight server.

vSphere HA causes Management Console ovfenv Data Corruption

Symptom

If you enable vSphere HA on a cluster, if the TKGI Management Console appliance VM is running on a host in that cluster, and if the host reboots, vSphere HA recreates a new TKGI Management Console appliance VM on another host in the cluster. Due to an issue with vSphere HA, the ovfenv data for the newly created appliance VM is corrupted and the new appliance VM does not boot up with the correct network configuration.

Workaround

  • In the vSphere Client, right-click the appliance VM and select Power > Shut Down Guest OS.
  • Right-click the appliance again and select Edit Settings.
  • Select VM Options and click OK.
  • Verify under Recent Tasks that a Reconfigure virtual machine task has run on the appliance VM.
  • Power on the appliance VM.

Base64 encoded file arguments are not decoded in Kubernetes profiles

Symptom

Some file arguments in Kubernetes profiles are base64 encoded. When the management console displays the Kubernetes profile, some file arguments are not decoded.

Workaround

Run echo "$content" | base64 --decode

Network profiles not immediately selectable

Symptom

If you create network profiles and then try to apply them in the Create Cluster page, the new profiles are not available for selection.

Workaround

Log out of the management console and log back in again.

Real-Time IP information not displayed for network profiles

Symptom

In the cluster summary page, only default IP pool, pod IP block, node IP block values are displayed, rather than the real-time values from the associated network profile.

Workaround

None

Error After Modifying Your Harbor Storage Configuration

Symptom

You receive the following error after modifying your existing Harbor installation’s storage configuration:

Error response from daemon: manifest for ... not found: manifest unknown: manifest unknown

Explanation

Harbor does not support modifying an existing Harbor installation’s storage configuration.

Workaround

To modify your Harbor storage configuration, re-install Harbor. Before starting Harbor, configure the new Harbor installation with the desired configuration.

Windows Stemcells Must be Re-Imported After Upgrading Ops Manager

Symptom

After upgrading Ops Manager, your Management Console does not recognize a Windows stemcell imported when using the prior version of Ops Manager.

Workaround

If your Management Console does not recognize a Windows stemcell after upgrading Ops Manager:

  1. Re-import your previously imported Windows stemcell.
  2. Apply Changes to TKGI MC.

Your New Clusters Are Not Shown In Tanzu Mission Control

Symptom

After you create a cluster, Tanzu Mission Control does not include the cluster in cluster lists. You have a “Resource not found” error similar to the following in your BOSH logs:

Cluster Name in TMC: cluster-1
Cluster Name Prefix: tkgi-my-prefix-
Group Name in TMC: my-prefix-clusters
Cluster Description in TMC: VMware Enterprise PKS Attaching cluster ''tkgi-my-prefix-cluster-1'' to TMC 
Fetching token successful 
request POST:/v1alpha1/clusters, 
response 404 Not Found:{"error":"Resource not found - clustergroup(my-prefix-clusters) 
org id(d859dc9f-g622-426d-8c91-939a9f13dea9)",
"code":5,"message":"Resource not found - clustergroup(my-prefix-clusters)

Explanation

The cluster group you assign a cluster to must be defined in Tanzu Mission Control before you assign your cluster to the cluster group in the TKGI Management Console.

Workaround

To resolve the problem, complete the steps in Attaching a Tanzu Kubernetes Grid Integrated (TKGI) cluster to Tanzu Mission Control (TMC) fails with “Resource not found - clustergroup(cluster-group-name)” in the VMware Tanzu Knowledge Base.

Management Console Incorrectly Displays Kubernetes Version as 1.20.5

TKGI v1.11 installs Kubernetes v1.20.6, but the TKGI Management Console incorrectly displays the shipped Kubernetes version as 1.20.5.


Please send any feedback you have to pks-feedback@pivotal.io.