Skip to main content
Skip table of contents

NKP 2.15.2 Known Issues and Limitations

The following items are known issues with this release:

Harbor UI Displays Unlimited Quota for Storage Providers

When Harbor is deployed for a storage provider, the Harbor UI incorrectly displays Quota used: X MiB of Unlimited on the dashboard even though the storage provider has pre-configured limits set based on the configured Persistent Volume (PV).

NCN-105785

Unable to Deploy User Applications on Management Cluster Using NCR Private Registry

Deploying user applications on the Management cluster using the NCR Private Registry fails with the following error: "tls: failed to verify certificate: x509: certificate signed by unknown authority".

This issue occurs due to a mismatch or invalid certificate, leading to the failure of image pulls from the private registry.

NCN-105471

PVCs Cause the Pods to Get Stuck During Kommander Installation

During the Kommander installation, Persistent Volume Claims (PVCs) restrict the associated pods, preventing successful installation. This issue occurs when the PVC is not provisioned properly, leading to the pod failing to start.

NCN-105557

Rook Ceph Install Error

An issue might emerge when installing rook-ceph on vSphere clusters using RHEL operating systems.

This issue occurs during the initial installation of rook-ceph, causing the object store used by Velero and Grafana Loki to be unavailable. If the installation of the DKP Kommander component is unsuccessful due to rook-ceph failing, you might need to apply a workaround. For more information, see Troubleshooting the Rook Ceph Install Error.

NCN-104559

Kommander-CA in Workload Clusters Does not Specify a Duration Upon Upgrading the Workload Cluster

The Kommander-ca certificate for workload clusters does not specify a duration and defaults to 90 days. For fresh deployments, the certificate duration is correctly set to 10 years. However, during an upgrade to 2.15.2 version, the duration is not updated as expected.

NCN-108142

Unable to deploy Kommander in TUI

Using the ACME configuration results in a cert-manager ClusterIssuer created on the newly provisioned cluster with the provided values and HTTP-01 solver configuration for default Ingress. The HTTP-01 configuration requires that the ACME server be able to reach the Ingress IP address through the configured DNS record. If your cluster is not accessible from the internet, then the HTTP-01 configuration is not possible for public ACME services.

Workaround: You can provide the ACME configuration for the DNS-01 resolver that works with the private IP addresses after the cluster is provisioned.

NCN-102071

NKP 2.15 Limitations

Harbor Trivy Scan in an Air-gapped Environment

Trivy scanner does not have access to a vulnerability database in an air-gapped environment.

Workaround: To run a Trivy vulnerability scan in an air-gapped environment, you must first fetch the vulnerability database and push it to your registry. For more information, see https://trivy.dev/v0.40/docs/vulnerability/db/.

NCN-105807

Harbor Support on FIPS Clusters

NKP 2.14 does not support Harbor on FIPS clusters.

NCN-105816

Trusting NCR Private Registry's CA Certificate

When creating a Management cluster with default configuration without using a trusted CA certificate as described in Configuring the Kommander Installation with a Custom Domain and Certificate, the deployed NCR registry is only accessible over HTTPS with a self-signed certificate.

Workaround: To use the NCR registry in a workload cluster, you must configure it to trust the self-signed certificate. For instructions, see Using Integrated Private Registry on an NKP Cluster.

NCN-105470

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close