After the vSphere administrator provides you with the IP address of the Kubernetes control plane on the Supervisor Cluster, you can log in to the Supervisor Cluster and obtain the contexts to which you have access. Contexts correspond to the namespaces on the Supervisor Cluster.


  • Get the IP address of the Kubernetes control plane on the Supervisor Cluster from your vSphere administrator.
  • Get your user account in vCenter Single Sign-On.
  • Verify with your vSphere administrator that you have permissions to access the contexts that you need.
  • Verify that the certificate served by the Kubernetes control plane is trusted on your system, either by having the signing CA installed as a Trust Root or by adding the certificate as a Trust Root directly.


  1. In a browser window, open the URL of the Kubernetes control plane.
  2. Verity that the SHA256 checksum of the matches the checksum from the sha256sum.txt file.
  3. Download the file on you machine and set it on your OS's executable search path.
  4. In a command prompt window, run the following command to log in to vCenter Server:
    kubectl vsphere login --server=https://<server_adress> --vsphere-username <your user account name>
  5. To view details of the configuration contexts which you can access to, run the following kubectl command:
    kubectl config get-contexts
    The CLI displays the details for each available context.
  6. To switch between contexts, use the following command:
    kubectl config use-context <example-context-name>


The login API on the Kubernetes control plane is invoked. An authenticating proxy redirects a request for authentication to vCenter Single Sign-On. vCenter Server returns a JSON Web token and adds it to the kubeconfig file. That token is sent to the Kubernetes control plane with every new kubectl command to authenticate the user.