Identity and Access Management

Before you can create clusters using Tanzu Kubernetes Grid (TKG), you must connect to your management cluster. How you do this depends on the type of the management cluster that you plan to use:

• Tanzu Kubernetes Grid with a vSphere with Tanzu Supervisor in vSphere 8. You can connect to the Supervisor using either of the following methods:

  • Connect to the Supervisor as a vCenter single sign-on user with the Kubernetes or Tanzu CLI. For instructions, see:
    • Connect to Supervisor as a vCenter Single Sign-On User with kubectl
    • Connect to Supervisor Using the Tanzu CLI and vCenter SSO Authentication
  • Integrate the Supervisor with an OIDC-compliant identity provider and then use the Tanzu CLI to connect to the Supervisor. For instructions on how to:
    • Integrate the Supervisor with an external identity provider, see Configure an External OIDC Provider and Register an External IDP with Supervisor
    • Use the Tanzu CLI after registering the identity provider, see Connect to Supervisor Using the Tanzu CLI and an External IDP

• TKG with a standalone management cluster. To connect to the standalone management cluster, you integrate the cluster with an OIDC or LDAP identity provider or use the build-in authentication mechanism provided by TKG. For instructions, see Identity and Access Management.

After you create a cluster using a Supervisor or standalone management cluster, you can connect to the cluster using:

• In TKG 2.x with Supervisor:
  • vCenter single sign-on and the vSphere plugin for kubectl by itself or in conjunction with the Tanzu CLI. For instructions, see Connecting to TKG Clusters on Supervisor Using vCenter SSO Authentication.
  • An external OIDC provider in conjunction with the Tanzu CLI. For instructions, see Connect to and Examine Workload Clusters.
• In TKG with a standalone management cluster:
  • The Tanzu CLI, with or without an external OIDC or LDAP identity provider. For instructions, see Configure RBAC.

For conceptual information about identity and access management in TKG, see:

• Tanzu Kubernetes Grid with a vSphere with Tanzu Supervisor in vSphere 8: About Identity and Access Management for TKG 2 Clusters on Supervisor in Using Tanzu Kubernetes Grid 2 with vSphere with Tanzu.
• TKG with a standalone management cluster: About Identity and Access Management.