This post is part of a short series that builds on our minimal VMware Cloud Foundation (VCF) 9.0 deployment (2x Minisforum MS-A2) and showcases how to fully leverage the exciting new capabilities in the VCF 9 platform, all while maintaining a minimal resource footprint, which is ideal for lab and learning purposes.
In this blog post, we will walk through the configurations steps to enable vSphere Supervisor with NSX VPC networking for our VCF 9 environment and enable the new asynchronous update feature for vSphere Supervisor, which no long requires updating vCenter Server to recieved new updates.
Here are some additional NSX VPC Resources that might be of interests if you would like to learn more:
Requirements:
- VCF 9.0 environment deployed
- NSX VPC configured with Centralized Transit Gateway
- 5 x consecutive IP Addresses for the vSphere Supervisor Control Plane VM (required even for single node deployment)
- If you are using vSAN, make sure to silence any alerts you might have or it will prevent vSphere Supervisor from completing the configuration
Step 1 - If the vSphere Cluster that you wish to enable vSphere Supervisor only contains a single or dual ESXi hosts, you will probably run into a vSphere HA Admission check issue in Step 2. To workaround this, simply adjust the vSphere HA Admission Control (select vSphere Cluster under Configure->vSphere Availability) and disable the default host failover configuration.
Step 2 - Right click on your vSphere Cluster and select the Activate Supervisor action and then click on Advanced Topologies and choose VCF Networking with VPC
Step 2 - Select Cluster Deployment option since we will not have existing vSphere Zones defined and you should see your vSphere Cluster under the Compatible filter. Provide a name for your Supervisor Cluster along with an optional name for vSphere Zone.
Step 3 - Select the VM Storage Policy for the vSphere Supervisor Control Plane VM, you can default to VCF VM Storage Policy that was created automatically for you as part of deploying VCF 9.0.
Step 4 - Specify the network mode for the vSphere Supervisor Control VMs, recommend using static and select the desired vSphere Network along with 5 consecutive IP Addresses along with the rest of the required networking configurations.
Step 5 - The Workload Network will automatically use the default NSX Project and VPC Connectivity Profile configurations, simply fill out the DNS and NTP Server to continue.
Step 6 - Select the desired vSphere Supervisor Control Plane VM size and optionally if you want a friendly DNS name for accessing the vSphere Supervisor endpoint, provide an FQDN that will resolve to the first IP Address in Step 4. If you plan on rebuilding your environment or you simply want to avoid going through the vSphere UI to re-enable vSphere Supervisor, select the export option and that will provide you with a configuration download to use the next time you enable vSphere Supervisor.
After reviewing the summary of your input, you can complete the wizard to begin vSphere Supervisor enablement which will take some time, but should complete in less than an hour if not sooner.
Note: If you have configured Live Patching enforcement and you see A general system error occurred: Solution specification in the image are incompatible with host error message while enabling vSphere Supervisor, you will need to disable Live Patching under vSphere Lifecycle Manager (vLCM). See this blog post for more details.
Step 7 - During or after vSphere Supervisor enablement, create a new vSphere Content Library which will contain vSphere Supervisor updates, which has now been decoupled from vCenter Server updates. Navigate to Content Libraries->Create and create a subscribed library with following URL: https://wp-content.vmware.com/supervisor/v1/latest/lib.json
Step 8 - Once the vSphere Supervisor Content Library has been created and sync'ed, we need to associate that with our vSphere Supervisor. Navigate from inventory menu to Supervisor Management->Content Distribution and assign the vSphere Content Library that you had created from the previous step.
Step 9 - Navigate over to the Updates tab and check whether a new vSphere Supervisor update is available and apply if applicable to ensure it is running the latest version.
Note: If you wish to enable ArgoCD Supervisor Service, you will need to vSphere Supervisor version 9.0.0.0100, which should be available if you are installing the GA version of VCF 9.0
Do you have any scripts that can stage all these files needed to support offline depot side of things?
I've currently got this powershell script. https://github.com/ketchup57/VCF9-Scripts
I'm slowly compiling things as we move forward with configurations of vcf 9. Just finding things like Step 7 that we still have to manually go grab.
IF you have any other item's that we would have to manually go download and stage, I know I'd definitely appreciate it.
Keep up the great work and thanks for sharing!
You should be able to leverage this script https://williamlam.com/2023/10/how-to-download-offline-copy-of-the-tanzu-kubernetes-releases-tkr-content-library.html to help with pulling down this CL as well
Did you deploy the local consumption interface with this?
I found that it uses the transit private block for the pods so the plugin doesnt get deployed
Yes. See https://williamlam.com/2025/08/ms-a2-vcf-9-0-lab-configuring-vsphere-kubernetes-service-vks.html
If you've setup your networking simliar to mines https://williamlam.com/2025/07/ms-a2-vcf-9-0-lab-configuring-nsx-virtual-private-cloud-vpc.html than it'll deploy correctly and when you access the LCI interface, it'll get proxy through the vSphere Supervisor API endpoint (see Step 6 from mention blog post above)
Hi William, I faced same problem on my Lab today with "A general system error occurred: Solution specification in the image are incompatible with host error...", however, I already had live patch disabled (after I live-patched esxi to 9.0.0.0100), but I am still getting the error message in vLCM "Live Patch cannot be performed together with solution(s) com.vmware.vsphere-wcp that will be enabled or disabled live."... Could this be actually some bug, or am I missing some piece of puzzle? Thank you.
I figured it out, Even though I had LivePatch disabled globally, I missed that the cluster has it's own customized values for LivePatch and there, it was still enabled. So for anyone looking for the solution, disable LivePatch in "Edit remediation settings" on the cluster.