Workload Management NSX-T 3 – Unable to access CLI tool download page
When deploying workload management into your vSphere infrastructure with NSX-T 3 you may encounter an issue where it is not possible to access the vSphere hosted site to download the kubectl-vsphere binary.
The fix for this issue is documented in this VMware Cloud Foundation documentation
As stated in the article when deploying Workload Management, the route maps created on the NSX-T Edge Tier-0 router in eBGP mode contains an IP prefix with only a deny rule. This blocks routes from getting advertised to the ToR switches.
If you are hosting only Kubernetes Workloads in the cluster then the documentation guides how to ‘disable advertisement of Tier-1 connected networks through the tier-0 router’. If you are hosting both Kubernetes and other workloads then the documentation guides how to ‘create a new allow rule and apply route re-distribution’.
I’ve seen the question asked a few time on VMTN already, so posting here to help boost visibility of the required configuration.
Hopefully this is helpful to someone