This topic describes how to use the tkgi get-credentials command in VMware Tanzu Kubernetes Grid Integrated Edition using the TKGI Command Line Interface (TKGI CLI).

The tkgi get-credentials command performs the following actions:

  • Fetch the cluster’s kubeconfig
  • Add the cluster’s kubeconfig to the existing kubeconfig
  • Create a new kubeconfig, if none exists
  • Switch the context to the CLUSTER-NAME provided

When you run tkgi get-credentials CLUSTER-NAME, TKGI sets the context to the cluster you provide as the CLUSTER-NAME. TKGI binds your username to the cluster and populates the kubeconfig file on your local workstation with cluster credentials and configuration.

The default path for your kubeconfig is $HOME/.kube/config.

If you access multiple clusters, you can choose to use a custom kubeconfig file for each cluster. To save cluster credentials to a custom kubeconfig, use the KUBECONFIG environment variable when you run tkgi get-credentials. For example:

$ KUBECONFIG=/path/to/my-cluster.config tkgi get-credentials my-cluster

Retrieve Cluster Credentials

Perform the following steps to populate your local kubeconfig with cluster credentials and configuration:

  1. On the command line, run the following command to log in:

     tkgi login -a TKGI-API -u USERNAME -k 
    Where:

    • TKGI-API is the domain name for the TKGI API that you entered in Ops Manager > Tanzu Kubernetes Grid Integrated Edition > TKGI API > API Hostname (FQDN). For example, api.tkgi.example.com.
    • USERNAME is your user name.

      See Logging in to Tanzu Kubernetes Grid Integrated Edition for more information about the tkgi login command.

      Note: If your operator has configured Tanzu Kubernetes Grid Integrated Edition to use a SAML identity provider, you must include an additional SSO flag to use the above command. For information about the SSO flags, see the section for the above command in TKGI CLI. For information about configuring SAML, see Connecting Tanzu Kubernetes Grid Integrated Edition to a SAML Identity Provider

  2. Run the following command:

     tkgi get-credentials CLUSTER-NAME 
    Where CLUSTER-NAME is the unique name for your cluster.

    For example:

    $ tkgi get-credentials tkgi-example-cluster

    Fetching credentials for cluster tkgi-example-cluster. Context set for cluster tkgi-example-cluster.

    You can now switch between clusters by using: $kubectl config use-context &ltcluster-name&gt

    Note: If you enable OpenID Connect (OIDC) in the Tanzu Kubernetes Grid Integrated Edition tile, TKGI requires your password to run the tkgi get-credentials CLUSTER-NAME command. This allows TKGI to retrieve valid tokens for the kubeconfig file. You can provide your password at the prompt or as the TKGI_USER_PASSWORD environment variable. For more information, see the Configure OpenID Connect section of Installing Tanzu Kubernetes Grid Integrated Edition for your IaaS.

    Note: If your operator has configured Tanzu Kubernetes Grid Integrated Edition to use a SAML identity provider, you must include an additional SSO flag to use the above command. For information about the SSO flags, see the section for the above command in TKGI CLI. For information about configuring SAML, see Connecting Tanzu Kubernetes Grid Integrated Edition to a SAML Identity Provider

Run kubectl Commands

After TKGI populates your kubeconfig, you can use the Kubernetes Command Line Interface (kubectl) to run commands against your Kubernetes clusters.

See Installing the Kubernetes CLI for information about installing kubectl.

For information about using kubectl, see Command line tool (kubectl) in the Kubernetes documentation.

check-circle-line exclamation-circle-line close-line
Scroll to top icon