This topic describes how to use the tkgi get-credentials
command in VMware Tanzu Kubernetes Grid Integrated Edition using the TKGI Command Line Interface (TKGI CLI).
The tkgi get-credentials
command performs the following actions:
CLUSTER-NAME
providedWhen you run tkgi get-credentials CLUSTER-NAME
, TKGI sets the context to the cluster you provide as the CLUSTER-NAME
. TKGI binds your username to the cluster and populates the kubeconfig file on your local workstation with cluster credentials and configuration.
The default path for your kubeconfig is $HOME/.kube/config
.
If you access multiple clusters, you can choose to use a custom kubeconfig file for each cluster. To save cluster credentials to a custom kubeconfig, use the KUBECONFIG
environment variable when you run tkgi get-credentials
. For example:
$ KUBECONFIG=/path/to/my-cluster.config tkgi get-credentials my-cluster
Perform the following steps to populate your local kubeconfig with cluster credentials and configuration:
On the command line, run the following command to log in:
tkgi login -a TKGI-API -u USERNAME -kWhere:
TKGI-API
is the domain name for the TKGI API that you entered in Ops Manager > Tanzu Kubernetes Grid Integrated Edition > TKGI API > API Hostname (FQDN). For example, api.tkgi.example.com
.USERNAME
is your user name. tkgi login
command. Note: If your operator has configured Tanzu Kubernetes Grid Integrated Edition to use a SAML identity provider, you must include an additional SSO flag to use the above command. For information about the SSO flags, see the section for the above command in TKGI CLI. For information about configuring SAML, see Connecting Tanzu Kubernetes Grid Integrated Edition to a SAML Identity Provider
Run the following command:
tkgi get-credentials CLUSTER-NAMEWhere
CLUSTER-NAME
is the unique name for your cluster. For example:
$ tkgi get-credentials tkgi-example-clusterFetching credentials for cluster tkgi-example-cluster. Context set for cluster tkgi-example-cluster.
You can now switch between clusters by using: $kubectl config use-context <cluster-name>
Note: If you enable OpenID Connect (OIDC) in the Tanzu Kubernetes Grid Integrated Edition tile, TKGI requires your password to run the tkgi get-credentials CLUSTER-NAME
command. This allows TKGI to retrieve valid tokens for the kubeconfig file. You can provide your password at the prompt or as the TKGI_USER_PASSWORD
environment variable. For more information, see the Configure OpenID Connect section of Installing Tanzu Kubernetes Grid Integrated Edition for your IaaS.
Note: If your operator has configured Tanzu Kubernetes Grid Integrated Edition to use a SAML identity provider, you must include an additional SSO flag to use the above command. For information about the SSO flags, see the section for the above command in TKGI CLI. For information about configuring SAML, see Connecting Tanzu Kubernetes Grid Integrated Edition to a SAML Identity Provider
After TKGI populates your kubeconfig, you can use the Kubernetes Command Line Interface (kubectl) to run commands against your Kubernetes clusters.
See Installing the Kubernetes CLI for information about installing kubectl.
For information about using kubectl, see Command line tool (kubectl) in the Kubernetes documentation.