Learn what are the different authentication mechanisms and their use with Tanzu Kubernetes Grid clusters.

Connecting to the Supervisor

As a DevOps engineer, you connect Supervisor to provision Tanzu Kubernetes Grid clusters. You only have access to the namespaces where you have permissions set by the vSphere administrator.

To connect ot the Supervisor on the Kubernetes control plance IP or to provisioned Tanzu Kubernetes Grid clusters you can either use two methods:

  • Your vCenter Single Sign-On and the Kubernetes CLI Tools for vSphere. In this case an authentication token is created that expires every 10 hours.
  • Credentials from a OIDC provider registered with the Supervisor and Tanzu CLI. The session with and OIDC provider is controlled by the settings in the provider itself.

For more information, see the Using TKG Service with vSphere IaaS Control Plane documentation.

Connecting to Tanzu Kubernetes Grid Clusters

As a DevOps engineer you also connect to provisioned Tanzu Kubernetes Grid clusters to operate and manage them. When your user account is granted the Edit permission on the vSphere Namespace where the Tanzu Kubernetes Grid cluster is provisioned, you account is assigned to the cluster-admin role. Alternatively, you can use the kubernetes-admin user to connect to Tanzu Kubernetes Grid clusters as well. You can also grant developers access to Tanzu Kubernetes Grid clusters by binding a user or group to default or custom pod security policy. For more information, see the Using TKG Service with vSphere IaaS Control Plane documentation.