You can connect to the Tanzu Kubernetes cluster control plane as the kubernetes-admin user to perform administrative tasks and troubleshoot cluster problems.

A valid kubeconfig file for a provisioned Tanzu Kubernetes cluster is available on the Supervisor Cluster as a secret object named CLUSTER-NAME-kubeconfig. You can use this secret to connect to the cluster control plane as the kubernetes-admin user. This might be necessary if vCenter Single Sign-On is unavailable. For more information about this secret, see Tanzu Kubernetes Cluster Secrets.

Prerequisites

Connect to the Supervisor Cluster. See Connect to the Supervisor Cluster as a vCenter Single Sign-On User.

Procedure

  1. Switch context to the Supervisor Namespace where the Tanzu Kubernetes cluster is provisioned.
    kubectl config use-context SUPERVISOR-NAMESPACE
  2. View the secret by running the following command.
    kubectl get secrets
    This command returns several secret objects used in the namespace. The secret you need for this purpose is named CLUSTER-NAME-kubeconfig. For more information about this secret object, see Tanzu Kubernetes Cluster Secrets.
  3. Access the secret by running the following command.
    Note: The credential to decrypt the password is Base64 encoded. On Linux use -d to decode it. On Mac use -D.
    kubectl get secret CLUSTER-NAME-kubeconfig -o jsonpath='{.data.value}' | base64 -d > tkg-cluster-kubeconfig-admin
    This command writes the decoded secret to a local file named tkg-cluster-kubeconfig-admin. You can use the cat command to read the file and verify it.
  4. Connect to the Tanzu Kubernetes cluster as the Kubernetes administrator using the decoded tkg-cluster-kubeconfig-admin file.
    There are two options to do this:
    Option Description
    --kubeconfig <path\to\kubeconfig> Use the --kubeconfig flag and the path to the local kubeconfig file. For example, assuming the kubeconfig file is in the same directory where you are running the command: kubectl --kubeconfig tkg-cluster-kubeconfig-admin get nodes
    KUBECONFIG Set your KUBECONFIG environment variable to point to the decoded kubeconfig file and run kubectl, such as kubectl get nodes.