Connect to the Tanzu Kubernetes Cluster Control Plane as the Administrator

You can connect to the Tanzu Kubernetes cluster control plane as the kubernetes-admin user to perform administrative tasks and troubleshoot cluster problems.

A valid kubeconfig file for a provisioned Tanzu Kubernetes cluster is available on the Supervisor Cluster as a secret object named TKGS-CLUSTER-NAME-kubeconfig. You can use this secret to connect to the cluster control plane as the kubernetes-admin user. For more information, see Get Tanzu Kubernetes Cluster Secrets.

Procedure

Connect to the Supervisor Cluster. See Connect to the Supervisor Cluster as a vCenter Single Sign-On User.
Switch context to the vSphere Namespace where the target Tanzu Kubernetes cluster is provisioned.
```
kubectl config use-context VSPHERE-NAMESPACE
```

View the secret objects in the namespace.

kubectl get secrets

The secret is named TKGS-CLUSTER-NAME-kubeconfig.

kubectl config use-context tkgs-cluster-ns
Switched to context "tkgs-cluster-ns".
ubuntu@ubuntu:~$ kubectl get secrets
NAME                                 TYPE                                  DATA   AGE
...
tkgs-cluster-1-kubeconfig            Opaque                                1      23h
...

Decode the secret by running the following command.
The secret is Base64 encoded. To decode it: on Linux use base64 --decode (or base64 -d); on MacOS, use base64 --Decode (or base64 -D); on Windows, use an online tool.
```
kubectl get secret TKGS-CLUSTER-NAME-kubeconfig -o jsonpath='{.data.value}' | base64 -d > tkgs-cluster-kubeconfig-admin
```
This command decodes the secret and writes it to a local file named tkgs-cluster-kubeconfig-admin. Use the cat command to verify the file contents.

Connect to the Tanzu Kubernetes cluster as the Kubernetes administrator using the decoded tkgs-cluster-kubeconfig-admin file.

There are two options to do this:

Option	Description
--kubeconfig <path\to\kubeconfig>	Use the `--kubeconfig` flag and the path to the local kubeconfig file. For example, assuming the kubeconfig file is in the same directory where you are running the command: `kubectl --kubeconfig tkgs-cluster-kubeconfig-admin get nodes`
KUBECONFIG	Set your KUBECONFIG environment variable to point to the decoded kubeconfig file and run kubectl, such as `kubectl get nodes`.

You should see the nodes in the cluster. For example:

kubectl --kubeconfig tkgs-cluster-kubeconfig-admin get nodes
NAME                                            STATUS   ROLES    AGE   VERSION
tkgs-cluster-1-control-plane-4ncm4              Ready    master   23h   v1.18.5+vmware.1
tkgs-cluster-1-control-plane-jj9gq              Ready    master   23h   v1.18.5+vmware.1
tkgs-cluster-1-control-plane-r4hm6              Ready    master   23h   v1.18.5+vmware.1
tkgs-cluster-1-workers-6njk7-84dd7f48c6-nz2n8   Ready    <none>   23h   v1.18.5+vmware.1
tkgs-cluster-1-workers-6njk7-84dd7f48c6-rk9pk   Ready    <none>   23h   v1.18.5+vmware.1
tkgs-cluster-1-workers-6njk7-84dd7f48c6-zzngh   Ready    <none>   23h   v1.18.5+vmware.1