When the Tanzu Kubernetes Grid Service provisions a Tanzu Kubernetes cluster, several status conditions are reported that you can use to get direct insight into key aspects of machine health.
Check TanzuKubernetesCluster Readiness
You can use the TanzuKubernetesCluster readiness conditions to determine which, if any, phase or component is not ready. See ControlPlaneReady Condition and Reasons.
Once you check for cluster readiness, to diagnose further you can use capwcluster and machine conditions to look further in more detail failure. See Check Tanzu Kubernetes Machine Health and Check Tanzu Kubernetes Cluster Health.
To check the readiness of a
Tanzu Kubernetes cluster:
- Log in to the Supervisor Cluster.
- Switch conext to the namespace where the target cluster is provisioned. For example:
kubectl config use-context tkgs-cluster-ns
- Run the command
kubectl get tkc -o yaml
. The system displays the cluster readiness conditions. For example:
status:
addons:
authsvc:
conditions:
- lastTransitionTime: "2021-01-30T19:53:54Z"
status: "True"
type: AuthServiceProvisioned
name: authsvc
status: applied
version: 0.1-66-g8b8f07f
cloudprovider:
conditions:
- lastTransitionTime: "2021-01-30T19:53:53Z"
status: "True"
type: CPIProvisioned
name: vmware-guest-cluster
status: applied
version: 0.1-77-g5875817
cni:
conditions:
- lastTransitionTime: "2021-01-30T19:53:53Z"
status: "True"
type: CNIProvisioned
name: calico
status: applied
version: 1.16.14+vmware.1-tkg.1.ada4837
csi:
conditions:
- lastTransitionTime: "2021-01-30T19:53:54Z"
status: "True"
type: CSIProvisioned
name: pvcsi
status: applied
version: v0.0.1.alpha+vmware.79-7ecdcb1
dns:
conditions:
- lastTransitionTime: "2021-01-30T19:53:48Z"
status: "True"
type: CoreDNSProvisioned
name: CoreDNS
status: applied
version: v1.6.2_vmware.10
proxy:
conditions:
- lastTransitionTime: "2021-01-30T19:53:48Z"
status: "True"
type: KubeProxyProvisioned
name: kube-proxy
status: applied
version: 1.16.14+vmware.1
psp:
conditions:
- lastTransitionTime: "2021-01-30T19:53:47Z"
status: "True"
type: PSPProvisioned
name: defaultpsp
status: applied
version: v1.16.14+vmware.1-tkg.1.ada4837
clusterApiStatus:
apiEndpoints:
- host: 192.168.1.2
port: 6443
phase: Provisioned
conditions:
- lastTransitionTime: "2021-01-30T19:53:54Z"
status: "True"
type: AddonsReady
- lastTransitionTime: "2021-01-30T19:51:11Z"
status: "True"
type: ControlPlaneReady
- lastTransitionTime: "2021-01-30T19:51:04Z"
message: 3/3 Control Plane Node(s) healthy. 1/1 Worker Node(s) healthy
status: "True"
type: NodesHealthy
- lastTransitionTime: "2021-01-31T21:22:45Z"
status: "True"
type: ProviderServiceAccountsReady
- lastTransitionTime: "2021-01-30T19:53:50Z"
status: "True"
type: RoleBindingSynced
- lastTransitionTime: "2021-01-30T19:53:58Z"
status: "True"
type: ServiceDiscoveryReady
- lastTransitionTime: "2021-01-30T19:53:59Z"
status: "True"
type: StorageClassSynced
- lastTransitionTime: "2021-01-27T11:34:53Z"
status: "True"
type: TanzuKubernetesReleaseCompatible
- lastTransitionTime: "2021-01-27T11:34:54Z"
message: '[1.17.13+vmware.1-tkg.2.2c133ed]'
severity: Info
status: "True"
type: UpdatesAvailable
ControlPlaneReady Condition and Reasons
The table lists and describes the
ControlPlaneReady
condition.
Table 1.
ControlPlaneReady Condition
Condition Type |
Description |
ControlPlaneReady |
Reports if the control plane nodes are ready and functional for the cluster. |
The table lists and describes the reasons why the ControlPlaneReady
condition may be false.
Table 2.
ControlPlaneReady False Reasons
Reason |
Severity |
Description |
WaitingForClusterInfrastructure |
|
Indicates that the cluster is waiting for prerequisites that are necessary for running machines, such as a a load balancer. This reason is only used if the InfrastructureCluster is not reporting its own ready condition. |
WaitingForControlPlaneInitialized |
|
Indicates that the first control plane node is initializing. |
WaitingForControlPlane |
|
Reflects the condition of KubeadmControlPlane. This reason is used if the KubeadmControlPlane is not reporting its own ready condition. |
Waiting for cluster infrastructure to be ready |
Message |
Indicates that the cluster is waiting for prerequisites that are necessary for running machines, such as networking and load balancers. |
NodesHealthy Condition and Reasons
The table lists and describes the
NodesHealthy
condition.
Table 3.
NodesHealthy Condition
Condition Type |
Description |
NodesHealthy |
Reports the status of TanzuKubernetesCluster nodes. |
The table lists and describes the reason for the NodesHealthy
condition not being true.
Table 4.
NodesHealthy False Reason
Reason |
Severity |
Description |
WaitingForNodesHealthy |
|
Documents that not all the Nodes are healthy. |
Addons Conditions and Reasons
The table lists and describes the conditions related to cluster addon components.
Table 5.
Addons Conditions
Condition Type |
Description |
AddonsReady |
Summary of conditions for TanzuKubernetesCluster addons (CoreDNS, KubeProxy, CSP, CPI, CNI, AuthSvc) . |
CNIProvisioned |
Documents the status of TanzuKubernetesCluster container network interface (CNI) addon. |
CSIProvisioned |
Documents the status of TanzuKubernetesCluster container storage interface (CSI) addon. |
CPIProvisioned |
Documents the status of TanzuKubernetesCluster cloud provider inteface (CPI) addon. |
KubeProxyProvisioned |
Documents the status of TanzuKubernetesCluster KubeProxy addon. |
CoreDNSProvisioned |
Documents the status of TanzuKubernetesCluster CoreDNS addon. |
AuthServiceProvisioned |
Documents the status of TanzuKubernetesCluster AuthService addon. |
PSPProvisioned |
Documents the status of PodSecurityPolicy. |
The table lists and describes the reasons addon conditions not being true.
Table 6.
Addons False Reasons
Reason |
Severity |
Description |
AddonsReconciliationFailed |
|
Summarized reason for all addons reconciliation failures. |
CNIProvisioningFailed |
Warning |
Documents CNI addon failed to create or update. |
CSIProvisioningFailed |
Warning |
Documents CSI addon failed to create or update. |
CPIProvisioningFailed |
Warning |
Documents CPI addon failed to create or update. |
KubeProxyProvisioningFailed |
Warning |
Documents KubeProxy addon failed to create or update. |
CoreDNSProvisioningFailed |
Warning |
Documents CoreDNS addon failed to create or update. |
AuthServiceProvisioningFailed |
Warning |
Documents AuthService addon failed to create or update. |
AuthServiceUnManaged |
|
Documents AuthService is not managed by controller. |
PSPProvisioningFailed |
Warning |
Documents PodSecurityPolicy addons failed to create or update. |
Other Conditions and Reasons
The table lists and describes conditions for StorageClass and RoleBinding synchronization, ProviderServiceAccount resource reconciliation, ServiceDiscovery, and TanzuKubernetesCluster compatability.
Table 7.
Other Conditions
Condition |
Description |
StorageClassSynced |
Documents the status of StorageClass synchronization from Supervisor Cluster to workload cluster. |
RoleBindingSynced |
Documents the status of RoleBinding synchronization from the Supervisor Cluster to the workload cluster. |
ProviderServiceAccountsReady |
Documents the status of provider service accounts and related Roles, RoleBindings and Secrets are created. |
ServiceDiscoveryReady |
Documents the status of service discoveries. |
TanzuKubernetesReleaseCompatible |
Indicates if the TanzuKubernetesCluster is compatible with the TanzuKubernetesRelease. |
The table lists and describes the reasons for other conditions not being true.
Table 8.
Other Reasons
Reason |
Severity |
Description |
StorageClassSyncFailed |
|
Reports the StorageClass synchronization failed. |
RoleBindingSyncFailed |
|
Reports the RoleBinding synchronization failed. |
ProviderServiceAccountsReconciliationFailed |
|
Reports that provider service accounts related resources reconciliation failed. |
SupervisorHeadlessServiceSetupFailed |
|
Documents the headless service setup for Supervisor Cluster API server failed. |