To provision vSphere Pods, TKG clusters, or VMs you connect to the Supervisor by using the vSphere Plugin for kubectl and authenticate with your vCenter Single Sign-On credentials.

After you log in to the Supervisor, the vSphere Plugin for kubectl generates the context for the Supervisor. In Kubernetes, a configuration context contains a Supervisor, a vSphere Namespace, and a user. You can view the cluster context in the file .kube/config. This file is commonly called the kubeconfig file.
Note: If you have an existing kubeconfig file, it is appended with each Supervisor context. The vSphere Plugin for kubectl respects the KUBECONFIG environment variable that kubectl itself uses. Although not required, it can be useful to set this variable before running kubectl vsphere login ... so that the information is written to a new file, instead of being added to your current kubeconfig file.

Prerequisites

  • Get your vCenter Single Sign-On credentials from the vSphere administrator.
  • Get the IP address of the Supervisor control plane from the vSphere administrator. The Supervisor control plane IP address is linked under the user interface of each vSphere Namespace, under Workload Management in the vSphere Client.
  • To log in by using an FQDN instead of the control plane IP address, get an FQDN configured to the Supervisor during enablement.
  • Get the name of the vSphere Namespace for which you have permissions.
  • Get confirmation that you have Edit permissions on the vSphere Namespace.
  • Download and Install the Kubernetes CLI Tools for vSphere.
  • Verify that the certificate served by the Kubernetes control plane is trusted on your system, either by having the signing CA installed as a Trust Root or by adding the certificate as a Trust Root directly. See Configure Secure Login for vSphere IaaS Control Plane Clusters.

Procedure

  1. To view the command syntax and options for logging in, run the following command. 
    kubectl vsphere login --help
  2. To connect to the Supervisor, run the following command. 
    kubectl vsphere login --server=<KUBERNETES-CONTROL-PLANE-IP-ADDRESS> --vsphere-username <VCENTER-SSO-USER>

    You can also log in by using and FQDN:

    kubectl vsphere login --server <KUBERNETES-CONTROL-PLANE-FQDN --vsphere-username <VCENTER-SSO-USER>
    For example: 
    kubectl vsphere login --server=10.92.42.13 --vsphere-username [email protected]
    kubectl vsphere login --server wonderland.acme.com --vsphere-username [email protected]
    This action creates a configuration file with the JSON Web Token (JWT) to authenticate to the Kubernetes API.
  3. To authenticate, enter the password for the user.
    After you connect to the Supervisor, you are presented with the configuration contexts can access. For example: 
    You have access to the following contexts:
tanzu-ns-1
tkg-cluster-1
tkg-cluster-2
  4. To view details of the configuration contexts which you can access to, run the following kubectl command: 
    kubectl config get-contexts
    The CLI displays the details for each available context.
  5. To switch between contexts, use the following command: 
    kubectl config use-context <example-context-name>

What to do next

Connect to a TKG Cluster as a vCenter Single Sign-On. For more information, see Connect to a TKG Cluster as a vCenter Single Sign-On User in Using TKG Service with vSphere IaaS Control Plane.