An attempt to deploy the NSX Application Platform failed when the system tried to install the Helm chart.

Problem

After completing 10% of the NSX Application Platform deployment process, the system displayed the following error message when it tried to install the Helm chart.
NSX Application Platform deployment failed!
See Troubleshooting Documentation.
Helm install chart operation failed. Error: failed post-install: timed out waiting for the condition.

The

Cause

The deployment process is trying to access a Harbor registry that is configured to use HTTP instead of HTTPS.

Solution

  1. For a production environment, your infrastructure administrator must obtain a CA-signed certificate to configure HTTPS access to the private Harbor registry that they installed. See https://goharbor.io/docs/1.10/install-config/configure-https/ for more information.
  2. (Optional) (Use this step with caution for upstream Kubernetes cluster.) If you want to continue to use a Harbor registry that uses HTTP instead of HTTPS, your infrastructure administrator must use the following information as a workaround. They must apply the workaround on all the control and worker nodes of the upstream Kubernetes cluster that you are using for the NSX Application Platform deployment.
    1. Add the following to your daemon.json file located at: /etc/docker/daemon.json directory.
      {
      "insecure-registries" : ["Harbor FQDN or Harbor IP"]
      }
      
    2. Restart the Docker Engine using the following command.
      systemctl restart docker
  3. (Optional) (Use this step with caution for TKC.) To continue to use a Harbor registry that uses HTTP instead of HTTPS, your infrastructure administrator must apply the following workaround information on all the control and worker nodes of the TKC that you are using for the NSX Application Platform deployment.
    1. Log in to each Tanzu worker node using the steps described in SSH to Tanzu Kubernetes Cluster Nodes as System User Using a Password.
    2. Edit the config.toml file using the following command.
      sudo vim /etc/containerd/config.toml
    3. Add the following entries in the config.toml for the Harbor registry, where "10.222.44.111" is the URL for an example Harbor registry.
       [plugins.cri.registry]
            [plugins.cri.registry.mirrors]
              [plugins.cri.registry.mirrors."docker.io"]
                endpoint = ["https://registry-1.docker.io"]
              [plugins.cri.registry.mirrors."localhost:5000"]
                 endpoint = ["http://localhost:5000"]
              [plugins.cri.registry.mirrors."10.222.44.111"]
                 endpoint = ["http://10.222.44.111"] 
    4. Restart the Docker client using the following command.
      sudo systemctl restart docker