Get Tanzu Kubernetes Cluster Secrets

Tanzu Kubernetes clusters use secrets to store tokens, keys, and passwords for operating Tanzu Kubernetes clusters.

List of Tanzu Kubernetes Cluster Secrets

A Kubernetes secret is an object that stores a small amount of sensitive data such as a password, a token, or an SSH key. Tanzu Kubernetes cluster administrators might use several secrets while operating clusters. The table lists and describes key secrets cluster administrators might use.

Note: The list is not exhaustive. It includes only those secrets that might need to be manually rotated or used to access cluster nodes for troubleshooting purposes.


Secret	Description
`TANZU-KUBERNETES-CLUSTER-NAME`-ccm-token-RANDOM	A service account token used by the paravirtual cloud provider's cloud controller manager to connect to the vSphere Namespace. To trigger rotation of this credential, delete the secret.
`TANZU-KUBERNETES-CLUSTER-NAME`-pvcsi-token-RANDOM	A service account token used by the paravirtual CSI plug-in to connect to the vSphere Namespace. To trigger rotation of this credential, delete the secret. See How vSphere with Tanzu Integrates with vSphere Storage.
`TANZU-KUBERNETES-CLUSTER-NAME`-kubeconfig	A kubeconfig file that can be used to connect to the cluster control plane as the `kubernetes-admin` user. This secret can be used access a cluster and troubleshoot it when vCenter Single Sign-On authentication is not available. See Connect to the Tanzu Kubernetes Cluster Control Plane as the Administrator.
`TANZU-KUBERNETES-CLUSTER-NAME`-ssh	An SSH private key that can be used to connect to any cluster node as the `vmware-system-user`. This secret can be used to SSH to any cluster node and troubleshoot it. See SSH to Tanzu Kubernetes Cluster Nodes as the System User Using a Private Key.
`TANZU-KUBERNETES-CLUSTER-NAME`-ssh-password	A password that can be used to connect to any cluster node as the `vmware-system-user`. See SSH to Tanzu Kubernetes Cluster Nodes as the System User Using a Private Key.
`TANZU-KUBERNETES-CLUSTER-NAME`-ca	The root CA certificate for the Tanzu Kubernetes cluster control plane that is used by `kubectl` to securely connect to the Kubernetes API server.