You can authenticate with the Tanzu Kubernetes cluster environment in various ways depending on your role and purpose.
DevOps engineers provision and operate Tanzu Kubernetes clusters. Developers deploy workloads to Tanzu Kubernetes clusters. Administrators might need to troubleshoot Tanzu Kubernetes clusters. vSphere with Tanzu provides authentication methods supporting each role or objective.
- DevOps engineers connect to the Supervisor Cluster to provision and update Tanzu Kubernetes clusters. Authentication is done using the vSphere Plugin for kubectl and vCenter Single Sign-On credentials. See Connect to the Supervisor Cluster as a vCenter Single Sign-On User.
- Cluster administrators connect to a provisioned Tanzu Kubernetes cluster to operate and manage it.
- A user granted the Edit permission on the vSphere Namespace where the cluster is deployed is assigned to the
cluster-adminrole. Cluster administrators authenticate using the vSphere Plugin for kubectl and their vCenter Single Sign-On credentials. See Connect to a Tanzu Kubernetes Cluster as a vCenter Single Sign-On User. - Alternatively, cluster administrators can connect to a Tanzu Kubernetes cluster as the
kubernetes-adminuser. This method might be appropriate if vCenter Single Sign-On authentication is not available. See Connect to the Tanzu Kubernetes Cluster Control Plane as the Administrator.
- A user granted the Edit permission on the vSphere Namespace where the cluster is deployed is assigned to the
- Cluster users or developers connect to a Tanzu Kubernetes cluster to deploy workloads, including pods, services, load balancers, and other resources.
- A cluster administrator grants cluster access to developers by binding the user or group to default or custom pod security policy. For more information, see Grant Developer Access to Tanzu Kubernetes Clusters.
- Bound developers authenticate with Tanzu Kubernetes clusters using the vSphere Plugin for kubectl and their vCenter Single Sign-On credentials. See Connect to a Tanzu Kubernetes Cluster as a vCenter Single Sign-On User.
- For troubleshooting purposes, system administrators can connect to a Tanzu Kubernetes cluster as the
vmware-system-userusing SSH and a private key. See SSH to Tanzu Kubernetes Cluster Nodes as the System User Using a Private Key.
