Tanzu Kubernetes clusters use secrets to store tokens, keys, and passwords for operating Tanzu Kubernetes clusters.
List of Tanzu Kubernetes Cluster Secrets
A Kubernetes secret is an object that stores a small amount of sensitive data such as a password, a token, or an SSH key. Tanzu Kubernetes cluster administrators might use several secrets while operating clusters. The table lists and describes key secrets cluster administrators might use.
Note: The list is not exhaustive. It includes only those secrets that might need to be manually rotated or used to access cluster nodes for troubleshooting purposes.
Secret | Description |
---|---|
TANZU-KUBERNETES-CLUSTER-NAME-ccm-token-RANDOM |
A service account token used by the paravirtual cloud provider's cloud controller manager to connect to the vSphere Namespace. To trigger rotation of this credential, delete the secret. |
TANZU-KUBERNETES-CLUSTER-NAME-pvcsi-token-RANDOM |
A service account token used by the paravirtual CSI plug-in to connect to the vSphere Namespace. To trigger rotation of this credential, delete the secret. See How vSphere with Tanzu Integrates with vSphere Storage. |
TANZU-KUBERNETES-CLUSTER-NAME-kubeconfig |
A kubeconfig file that can be used to connect to the cluster control plane as the kubernetes-admin user. This secret can be used access a cluster and troubleshoot it when vCenter Single Sign-On authentication is not available. See Connect to the Tanzu Kubernetes Cluster Control Plane as the Administrator. |
TANZU-KUBERNETES-CLUSTER-NAME-ssh |
An SSH private key that can be used to connect to any cluster node as the vmware-system-user . This secret can be used to SSH to any cluster node and troubleshoot it. See SSH to Tanzu Kubernetes Cluster Nodes as the System User Using a Private Key. |
TANZU-KUBERNETES-CLUSTER-NAME-ssh-password |
A password that can be used to connect to any cluster node as the vmware-system-user . See SSH to Tanzu Kubernetes Cluster Nodes as the System User Using a Private Key. |
TANZU-KUBERNETES-CLUSTER-NAME-ca |
The root CA certificate for the Tanzu Kubernetes cluster control plane that is used by kubectl to securely connect to the Kubernetes API server. |