Tanzu Kubernetes clusters use secrets to store tokens, keys, and passwords for operating Tanzu Kubernetes clusters.

List of Tanzu Kubernetes Cluster Secrets

A Kubernetes secret is an object that stores a small amount of sensitive data such as a password, a token, or an SSH key. Tanzu Kubernetes cluster administrators might use several secrets while operating clusters. The table lists and describes key secrets cluster administrators might use.

Note: The list is not exhaustive. It includes only those secrets that might need to be manually rotated or used to access cluster nodes for troubleshooting purposes.
Secret Description
TANZU-KUBERNETES-CLUSTER-NAME-ccm-token-RANDOM
A service account token used by the paravirtual cloud provider's cloud controller manager to connect to the vSphere Namespace. To trigger rotation of this credential, delete the secret.
TANZU-KUBERNETES-CLUSTER-NAME-pvcsi-token-RANDOM
A service account token used by the paravirtual CSI plug-in to connect to the vSphere Namespace. To trigger rotation of this credential, delete the secret. See How vSphere with Tanzu Integrates with vSphere Storage.
TANZU-KUBERNETES-CLUSTER-NAME-kubeconfig
A kubeconfig file that can be used to connect to the cluster control plane as the kubernetes-admin user. This secret can be used access a cluster and troubleshoot it when vCenter Single Sign-On authentication is not available. See Connect to the Tanzu Kubernetes Cluster Control Plane as the Administrator.
TANZU-KUBERNETES-CLUSTER-NAME-ssh
An SSH private key that can be used to connect to any cluster node as the vmware-system-user. This secret can be used to SSH to any cluster node and troubleshoot it. See SSH to Tanzu Kubernetes Cluster Nodes as the System User Using a Private Key.
TANZU-KUBERNETES-CLUSTER-NAME-ssh-password
A password that can be used to connect to any cluster node as the vmware-system-user. See SSH to Tanzu Kubernetes Cluster Nodes as the System User Using a Private Key.
TANZU-KUBERNETES-CLUSTER-NAME-ca
The root CA certificate for the Tanzu Kubernetes cluster control plane that is used by kubectl to securely connect to the Kubernetes API server.