Installing Pivotal Container Service failed with "pks-nsx-t-osb-proxy"

Question

Trying to deploy pks 1.1.0 with NSX-t 2.1 , during the installation pks deployment failed with below pks-nsx-t-osb-proxy

Any pointers on this would be really helpful

Install log

#################

Task 97 | 11:58:33 | Updating instance pivotal-container-service: pivotal-container-service/3fdaef2e-216e-4099-9fff-127215e82fba (0) (canary) (00:06:09)

L Error: 'pivotal-container-service/3fdaef2e-216e-4099-9fff-127215e82fba (0)' is not running after update. Review logs for failed jobs: pks-nsx-t-osb-proxy

Task 97 | 12:04:42 | Error: 'pivotal-container-service/3fdaef2e-216e-4099-9fff-127215e82fba (0)' is not running after update. Review logs for failed jobs: pks-nsx-t-osb-proxy

Task 97 Started Wed Jul 18 11:58:23 UTC 2018

Task 97 Finished Wed Jul 18 12:04:42 UTC 2018

Task 97 Duration 00:06:19

Task 97 error

osb-proxy-log

+++++++++++++

time="2018-07-18T09:22:24Z" level=error msg="Failed to extract edge cluster ID from router 5b258978-fb7f-4f41-8c98-0b13952c86b2" pks-networking=networkManager

2018/07/18 09:22:24 Error initializing a NSX-T client: Error getting network manager for cluster Get https://pksnsxmgr.sfo01.rainpole.local/api/v1/logical-routers/5b258978-fb7f-4f41-8c98-0b13952c86b2: x509: certificate is valid for nsx-manager, not pksnsxmgr.sfo01.rainpole.local

time="2018-07-18T09:23:03Z" level=error msg="Failed to extract edge cluster ID from router 5b258978-fb7f-4f41-8c98-0b13952c86b2" pks-networking=networkManager

2018/07/18 09:23:03 Error initializing a NSX-T client: Error getting network manager for cluster Get https://pksnsxmgr.sfo01.rainpole.local/api/v1/logical-routers/5b258978-fb7f-4f41-8c98-0b13952c86b2: x509: certificate is valid for nsx-manager, not pksnsxmgr.sfo01.rainpole.local

time="2018-07-18T09:24:13Z" level=error msg="Failed to extract edge cluster ID from router 5b258978-fb7f-4f41-8c98-0b13952c86b2" pks-networking=networkManager

2018/07/18 09:24:13 Error initializing a NSX-T client: Error getting network manager for cluster context deadline exceeded

time="2018-07-18T09:24:44Z" level=error msg="Failed to extract edge cluster ID from router 5b258978-fb7f-4f41-8c98-0b13952c86b2" pks-networking=networkManager

2018/07/18 09:24:44 Error initializing a NSX-T client: Error getting network manager for cluster context deadline exceeded

time="2018-07-18T09:25:10Z" level=error msg="Failed to extract edge cluster ID from router 5b258978-fb7f-4f41-8c98-0b13952c86b2" pks-networking=networkManager

2018/07/18 09:25:10 Error initializing a NSX-T client: Error getting network manager for cluster Get https://pksnsxmgr.sfo01.rainpole.local/api/v1/logical-routers/5b258978-fb7f-4f41-8c98-0b13952c86b2: net/http: TLS handshake timeout

time="2018-07-18T09:25:26Z" level=error msg="Failed to extract edge cluster ID from router 5b258978-fb7f-4f41-8c98-0b13952c86b2" pks-networking=networkManager

2018/07/18 09:25:26 Error initializing a NSX-T client: Error getting network manager for cluster Get https://pksnsxmgr.sfo01.rainpole.local/api/v1/logical-routers/5b258978-fb7f-4f41-8c98-0b13952c86b2: net/http: TLS handshake timeout

time="2018-07-18T09:25:37Z" level=error msg="Failed to extract edge cluster ID from router 5b258978-fb7f-4f41-8c98-0b13952c86b2" pks-networking=networkManager

2018/07/18 09:25:37 Error initializing a NSX-T client: Error getting network manager for cluster Get https://pksnsxmgr.sfo01.rainpole.local/api/v1/logical-routers/5b258978-fb7f-4f41-8c98-0b13952c86b2: net/http: TLS handshake timeout

time="2018-07-18T09:25:47Z" level=error msg="Failed to extract edge cluster ID from router 5b258978-fb7f-4f41-8c98-0b13952c86b2" pks-networking=networkManager

2018/07/18 09:25:47 Error initializing a NSX-T client: Error getting network manager for cluster Get https://pksnsxmgr.sfo01.rainpole.local/api/v1/logical-routers/5b258978-fb7f-4f41-8c98-0b13952c86b2: x509: certificate is valid for nsx-manager, not pksnsxmgr.sfo01.rainpole.local

time="2018-07-18T09:25:49Z" level=error msg="Failed to extract edge cluster ID from router 5b258978-fb7f-4f41-8c98-0b13952c86b2" pks-networking=networkManager

2018/07/18 09:25:49 Error initializing a NSX-T client: Error getting network manager for cluster Get https://pksnsxmgr.sfo01.rainpole.local/api/v1/logical-routers/5b258978-fb7f-4f41-8c98-0b13952c86b2: x509: certificate is valid for nsx-manager, not pksnsxmgr.sfo01.rainpole.local

Answer

Hi,

The PKS side has flag bypass verification but bosh ops manager doesn't have that flag so in the bosh deployment you can't

bypass NSX-T CA verification and therefor you can't select any NSX-T network for mgmt channel you have to use only DVS.

So PKS will be use mgmt DVS.

Bosh Ops need to have option bypass cert validation.

VMware Tanzu Kubernetes Grid Integrated Edition

Installing Pivotal Container Service failed with "pks-nsx-t-osb-proxy"