Skip to main content
Skip table of contents

NKP 2.16.0 Known Issues and Limitations

The following items are known issues with this release:

Knative was not Fully Enabled in a FIPS Environment

Knative fails to fully deploy on the FIPS-enabled clusters.

NCN-107401

Generic Error Messages from Preflight Checks in Rancher Desktop

The preflight checks in Rancher desktop generated generic error messages, making it difficult to identify the root cause of failure and resulting in webhook timeouts.

Workaround: The Rancher desktop is not supported for macOS in NKP 2.16. The supported container runtime includes Docker, Colima, and Podman.

Dry-Run Output Directory Generates Files in Incorrect Order for Nutanix Cluster Creation

When using nkp create cluster --dry-run --output=yaml --output-directory=<dir>, the generated resource files for Nutanix cluster are in alphabetical order. This creates the cluster first before its dependencies such as secrets and failure domains, resulting in the preflight check failures due to missing credentials.

Workaround: Create a single YAML manifest by removing the --output-directory flag.

NCN-109240

Harbor UI Displays Unlimited Quota for Storage Providers

When Harbor is deployed for a storage provider, the Harbor UI incorrectly displays Quota used: X MiB of Unlimited on the dashboard even though pre-configured limits are set on the storage provider based on the configured persistent volume (PV).

NCN-105785

Unable to Deploy User Applications on Management Cluster Using NCR Private Registry

Deploying user applications on the Management cluster using the NCR Private Registry fails with the following error: "tls: failed to verify certificate: x509: certificate signed by unknown authority". This issue occurs due to a mismatch or invalid certificate, leading to the failure of image pulls from the private registry.

NCN-105471

PVCs Cause the Pods to Get Stuck During Kommander Installation

During the Kommander installation, persistent volume claims (PVCs) restrict the associated pods, preventing successful installation. This issue occurs only in the Nutanix infrastructure when the PVC is not provisioned properly, leading to the pod failing to start.

Workaround: Delete the pod and proceed with the installation.

NCN-105557

Rook Ceph Install Error

An issue might emerge when installing rook-ceph on vSphere clusters using RHEL operating systems.

This issue occurs during the initial installation of rook-ceph, causing the object store used by Velero and Grafana Loki to be unavailable. If the installation of the DKP Kommander component is unsuccessful due to rook-ceph failing, you might need to apply a workaround. For more information, see Troubleshooting the Rook Ceph Install Error.

NCN-104559

Unable to deploy Kommander in TUI

Using the ACME configuration results in a cert-manager ClusterIssuer created on the newly provisioned cluster with the provided values and HTTP-01 solver configuration for default Ingress. The HTTP-01 configuration requires that the ACME server be able to reach the Ingress IP address through the configured DNS record. If your cluster is not accessible from the internet, then the HTTP-01 configuration is not possible for public ACME services.

Workaround: Provide the ACME configuration for the DNS-01 resolver that works with the private IP addresses after the cluster is provisioned.

NCN-102071

NKP 2.16 Limitations

Harbor Trivy Scan in an Air-gapped Environment

Trivy scanner does not have access to a vulnerability database in an air-gapped environment.

Workaround: To run a Trivy vulnerability scan in an air-gapped environment, you must first fetch the vulnerability database and push it to your registry. For more information, see https://trivy.dev/v0.40/docs/vulnerability/db/.

NCN-105807

Harbor Support on FIPS Clusters

NKP 2.14 does not support Harbor on FIPS clusters.

NCN-105816

Trusting NCR Private Registry's CA Certificate

When creating a Management cluster with default configuration without using a trusted CA certificate as described in Configuring the Kommander Installation with a Custom Domain and Certificate, the deployed NCR registry is only accessible over HTTPS with a self-signed certificate.

Workaround: To use the NCR registry in a workload cluster, you must configure it to trust the self-signed certificate. For instructions, see Using Integrated Private Registry on an NKP Cluster.

NCN-105470

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close