If you do not have sufficient permissions on the vSphere Namespace, you cannot connect to the Supervisor Cluster or to a Tanzu Kubernetes cluster as a vCenter Single Sign-On user.

Problem

The vSphere Plugin for kubectl returns the error message Error from server (Forbidden) when you attempt to connect to a Supervisor Cluster or a Tanzu Kubernetes cluster as a vCenter Single Sign-On user.

Cause

You do not have sufficient permissions on the vSphere Namespace, or do not have cluster access.

Solution

If you are a DevOps engineer who operates the cluster, verify with your vSphere administrator that you have been granted Edit permissions for the vSphere Namespace. See Create and Configure a vSphere Namespace.

If you are a developer who is using the cluster to deploy workloads, verify with your cluster administrator that you have been granted cluster access. See Grant Developer Access to Tanzu Kubernetes Clusters.