Connect to a TKG cluster using the vSphere Plugin for kubectl and authenticate with your vCenter Single Sign-On credentials.
After you log in to the
TKG cluster, the
vSphere Plugin for kubectl generates the context for the cluster. In Kubernetes, a configuration context contains a cluster, a namespace, and a user. You can view the cluster context in the file
.kube/config. This file is commonly called the
kubeconfig file.
Note: If you have an existing
kubeconfig
file, it is appended with each cluster context. The
vSphere Plugin for kubectl respects the KUBECONFIG environment variable that
kubectl itself uses. Although not required, it can be useful to set this variable before running
kubectl vsphere login ...
so that the information is written to a new file, instead of being added to your current
kubeconfig
file.
Prerequisites
Obtain the following information from your vSphere administrator:
Procedure
- To view the command syntax and options for logging in, run the following command.
kubectl vsphere login --help
- To connect to the TKG cluster, run the following command.
kubectl vsphere login --server=SUPERVISOR-CLUSTER-CONTROL-PLANE-IP-OR-FQDN
--tanzu-kubernetes-cluster-name TKG-CLUSTER-NAME
--tanzu-kubernetes-cluster-namespace VSPHERE-NAMESPACE
--vsphere-username VCENTER-SSO-USER-NAME
For example:
kubectl vsphere login --server=10.92.42.137
--tanzu-kubernetes-cluster-name tkg-cluster-01
--tanzu-kubernetes-cluster-namespace tkg-cluster-ns
--vsphere-username operator@example.com
Or, if
Supervisor has been enabled with a fully qualified domain name (FQDN):
kubectl vsphere login --server=wonderland.acme.com
--tanzu-kubernetes-cluster-name tkg-cluster-01
--tanzu-kubernetes-cluster-namespace tkg-cluster-ns
--vsphere-username operator@example.com
This action creates a configuration file with the JSON Web Token (JWT) to authenticate to the Kubernetes API.
- To authenticate, enter your vCenter Single Sign-On password.
If the operation is successful, you see the message
Logged in successfully
, and you can run
kubectl commands against the cluster. If the command returns
Error from server (Forbidden)
, typically this error means you do not have the required permissions.
- To get a list of contexts available to you, run the following command:
kubectl config get-contexts
This command lists the configuration contexts you have access to. You see a configuration context for the target cluster, such as
tkg-cluster-01.
- To use the context for the target cluster, run the following command:
kubectl config use-context CLUSTER-NAME
- To list cluster nodes, run the following command:
You see the control plane and worker nodes in this cluster.
- To list all the cluster pods, run the following command:
You see all the pods in this cluster across all Kubernetes namespaces that you have access to. If you have not deployed any workloads, you do not see any pods in the default namespace.