Connect to the Supervisor as a vCenter Single Sign-On User

To provision vSphere Pods, or Tanzu Kubernetes clusters by using the Tanzu Kubernetes Grid, you connect to the Supervisor by using the vSphere Plugin for kubectl and authenticate with your vCenter Single Sign-On credentials.

After you log in to the Supervisor, the vSphere Plugin for kubectl generates the context for the cluster. In Kubernetes, a configuration context contains a cluster, a namespace, and a user. You can view the cluster context in the file .kube/config. This file is commonly called the kubeconfig file.

Note: If you have an existing kubeconfig file, it is appended with each cluster context. The vSphere Plugin for kubectl respects the KUBECONFIG environment variable that kubectl itself uses. Although not required, it can be useful to set this variable before running kubectl vsphere login ... so that the information is written to a new file, instead of being added to your current kubeconfig file.

Prerequisites

Get your vCenter Single Sign-On credentials.
Get the IP address of the Supervisor control plane.
Get the name of the vSphere Namespace.
Get confirmation that you have Edit permissions on the vSphere Namespace.
Download and Install the Kubernetes CLI Tools for vSphere.
Verify that the certificate served by the Kubernetes control plane is trusted on your system, either by having the signing CA installed as a Trust Root or by adding the certificate as a Trust Root directly. See Configure Secure Login for vSphere with Tanzu Clusters.

Procedure

To view the command syntax and options for logging in, run the following command.
```
kubectl vsphere login --help
```

To connect to the Supervisor, run the following command.

kubectl vsphere login --server=<KUBERNETES-CONTROL-PLANE-IP-ADDRESS> --vsphere-username <VCENTER-SSO-USER>

For example:

kubectl vsphere login --server=10.92.42.13 --vsphere-username administrator@example.com

This action creates a configuration file with the JSON Web Token (JWT) to authenticate to the Kubernetes API.

To authenticate, enter the password for the user.
After you connect to the Supervisor, you are presented with the configuration contexts can access. For example:
```
You have access to the following contexts:
tanzu-ns-1
tkg-cluster-1
tkg-cluster-2
```
To view details of the configuration contexts which you can access to, run the following kubectl command:
```
kubectl config get-contexts
```
The CLI displays the details for each available context.
To switch between contexts, use the following command:
```
kubectl config use-context <example-context-name>
```

What to do next

Connect to a Tanzu Kubernetes Grid Cluster as a vCenter Single Sign-On. For more information, see Connect to a TKG Cluster as a vCenter Single Sign-On User in Using Tanzu Kubernetes Grid 2.2 on Supervisor with vSphere with Tanzu 8.