vsphere 7 with kubenetes alway authorized fail

Hi

I set up a vSphere 7 and NSX-T enviroment, and enable workload, all the step is successfully, and after create a new name space and a dev01 user.

Then I try to login by the user dev01. I cannot login and the error as the following 192.168.50.1 is the control plane node IP address in the workload management page. 192.168.30.100 is the control plane vm mangement VIP )

[33mWARN [0m[0026] Error occurred during HTTP request: Post https://192.168.50.1/wcp/login: dial tcp 192.168.50.1:443:

connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or e

stablished connection failed because connected host has failed to respond.

[31mERRO [0m[0026] Login failed: Post https://192.168.50.1/wcp/login: dial tcp 192.168.50.1:443: connectex: A connectio

n attempt failed because the connected party did not properly respond after a period of time, or established connection

failed because connected host has failed to respond.

Logged in successfully.

You have access to the following contexts:

   192.168.30.100

If the context you wish to use is not in this list, you may need to try

I check the log of wcpsvc.log in vCenter, there is alway said that the seems the autorization is passed but the Security Context is missing.

Do you have any advice?

The wcpsvc.log is as the following:

2020-06-16T02:43:04.534Z debug wcp [opID=5edf0f6d] List workloads for dev01@VSPHERE.LOCAL

2020-06-16T02:43:04.534Z debug wcp [opID=5edf0f6d] User dev01@VSPHERE.LOCAL is authorized to access fred.

2020-06-16T02:43:04.534Z debug wcp [opID=5edf0f6d] Got list of user workloads: [{fred 192.168.50.1}]

2020-06-16T02:43:04.534Z debug wcp [opID=vapi] Validating output

2020-06-16T02:43:04.534Z debug wcp [opID=vapi] Request processing complete

2020-06-16T02:43:04.534Z debug wcp [opID=vapi] Sending response with output {"output":[{"STRUCTURE":{"com.vmware.vcenter.namespaces.user.instances.summary":{"master_host":"192.168.50.1","namespace":"red"}}}]}

2020-06-16T02:43:05.93Z debug wcp healthz for 192.168.30.100 = "ok"

2020-06-16T02:43:23.905Z debug wcp Attempting VAC stats push

2020-06-16T02:43:23.905Z debug wcp Pushing VAC data to endpoint: http://localhost:15080/analytics/telemetry/ph/api/hyper/send?_c=vsphere.gcm.1_0_0&_i=3ddbce68-1ffe-4ab7-9d52-42fd745bfaa7

2020-06-16T02:43:25.116Z debug wcp Rest client for vmodl2 API calls exists, checking session validity

2020-06-16T02:43:25.124Z debug wcp Rest client for vmodl2 API calls is still valid.

2020-06-16T02:43:25.169Z debug wcp Found appliance logging forwarding config: []

2020-06-16T02:44:05.934Z debug wcp healthz for 192.168.30.100 = "ok"

2020-06-16T02:45:05.939Z debug wcp healthz for 192.168.30.100 = "ok"

2020-06-16T02:45:36.959Z debug wcp [opID=vapi] opId was not present for the request

2020-06-16T02:45:36.959Z debug wcp [opID=vapi] Handling new request with input {"STRUCTURE":{"operation-input":{}}}

2020-06-16T02:45:36.959Z debug wcp [opID=vapi] Service specific authorization scheme for com.vmware.cis.session not found.

2020-06-16T02:45:36.959Z debug wcp [opID=vapi] Service specific authorization scheme for com.vmware.cis.session not found.

2020-06-16T02:45:36.959Z debug wcp [opID=vapi] Could not find package specific auth scheme for com.vmware.cis.session

2020-06-16T02:45:37.063Z debug wcp Got authz request for com.vmware.cis.session.create

2020-06-16T02:45:37.063Z debug wcp [opID=vapi] Searching for service com.vmware.cis.session

2020-06-16T02:45:37.064Z debug wcp [opID=vapi] Searching for operation create

2020-06-16T02:45:37.064Z debug wcp [opID=vapi] Validating input

2020-06-16T02:45:37.064Z debug wcp [opID=vapi] Invoking operation

2020-06-16T02:45:37.064Z info wcp [opID=5edf0f8a] Created session for dev01@%!s(*string=0xc0019b58f0)

2020-06-16T02:45:37.064Z info wcp [opID=5edf0f8a] Scheduling session cleanup in 2m26.935851009s

2020-06-16T02:45:37.064Z debug wcp [opID=5edf0f8a] Created session, returning session id

2020-06-16T02:45:37.064Z debug wcp [opID=vapi] Validating output

2020-06-16T02:45:37.064Z debug wcp [opID=vapi] Request processing complete

2020-06-16T02:45:37.064Z debug wcp [opID=vapi] Sending response with output {"output":{"SECRET":"*redacted*"}}

2020-06-16T02:45:37.066Z debug wcp [opID=vapi] Processing operation with opId wcp-authproxy-140706487955408

2020-06-16T02:45:37.066Z debug wcp [opID=vapi] Handling new request with input {"STRUCTURE":{"operation-input":{}}}

2020-06-16T02:45:37.066Z debug wcp [opID=vapi] Service specific authorization scheme for com.vmware.vcenter.namespaces.user.instances not found.

2020-06-16T02:45:37.066Z debug wcp [opID=vapi] Service specific authorization scheme for com.vmware.vcenter.namespaces.user.instances not found.

2020-06-16T02:45:37.066Z debug wcp [opID=vapi] Could not find package specific auth scheme for com.vmware.vcenter.namespaces.user.instances

2020-06-16T02:45:37.066Z info wcp Got session for dev01@VSPHERE.LOCAL

2020-06-16T02:45:37.066Z debug wcp Successfully validated session token.

2020-06-16T02:45:37.066Z debug wcp Got authz request for com.vmware.vcenter.namespaces.user.instances.list

2020-06-16T02:45:37.066Z debug wcp [opID=vapi] Searching for service com.vmware.vcenter.namespaces.user.instances

2020-06-16T02:45:37.066Z debug wcp [opID=vapi] Searching for operation list

2020-06-16T02:45:37.066Z debug wcp [opID=vapi] Validating input

2020-06-16T02:45:37.066Z debug wcp [opID=vapi] Invoking operation

2020-06-16T02:45:37.066Z debug wcp [opID=5edf0f8b] List workloads for dev01@VSPHERE.LOCAL

2020-06-16T02:45:37.066Z debug wcp [opID=5edf0f8b] User dev01@VSPHERE.LOCAL is authorized to access fred.

2020-06-16T02:45:37.066Z debug wcp [opID=5edf0f8b] Got list of user workloads: [{fred 192.168.50.1}]

2020-06-16T02:45:37.066Z debug wcp [opID=vapi] Validating output

2020-06-16T02:45:37.066Z debug wcp [opID=vapi] Request processing complete

2020-06-16T02:45:37.066Z debug wcp [opID=vapi] Sending response with output {"output":[{"STRUCTURE":{"com.vmware.vcenter.namespaces.user.instances.summary":{"master_host":"192.168.50.1","namespace":"red"}}}]}

2020-06-16T02:46:05.943Z debug wcp healthz for 192.168.30.100 = "ok"

2020-06-16T02:46:28.283Z error wcp [opID=vapi] Security Context missing in the request

2020-06-16T02:46:28.283Z debug wcp [opID=vapi] SecurityContext not passed in the request. Creating an empty security context

2020-06-16T02:46:28.283Z debug wcp [opID=vapi] opId was not present for the request

2020-06-16T02:46:28.283Z debug wcp [opID=vapi] Handling new request with input {"STRUCTURE":{"operation-input":{}}}

2020-06-16T02:46:28.283Z debug wcp [opID=vapi] Service specific authorization scheme for com.vmware.vapi.std.introspection.service not found.

2020-06-16T02:46:28.283Z debug wcp [opID=vapi] Service specific authorization scheme for com.vmware.vapi.std.introspection.service not found.

2020-06-16T02:46:28.284Z debug wcp [opID=vapi] Could not find package specific auth scheme for com.vmware.vapi.std.introspection.service

2020-06-16T02:46:28.284Z debug wcp [opID=vapi] Authn scheme Id is not provided but NO AUTH is allowed hence invoking the operation

2020-06-16T02:46:28.284Z error wcp [opID=vapi] SecurityCtx doesn't have property AUTHN_IDENTITY

2020-06-16T02:46:28.284Z error wcp [opID=vapi] Invalid authentication result

2020-06-16T02:46:28.284Z debug wcp [opID=vapi] Skipping authorization checks, because there is no authentication data for: com.vmware.vapi.std.introspection.service.list