Get and Use the Supervisor Context in vSphere IaaS Control Plane

After the vSphere administrator provides you with the IP address of the Kubernetes control plane on the Supervisor, you can log in to the Supervisor and obtain the contexts to which you have access. In vSphere IaaS control plane, contexts correspond to the namespaces on the Supervisor.

After you log in to the Supervisor, the vSphere Plugin for kubectl generates the context for the cluster. In Kubernetes, a configuration context contains a cluster, a namespace, and a user. You can view the cluster context in the file .kube/config. This file is commonly called the kubeconfig file.

Note: If you have an existing kubeconfig file, it is appended with each cluster context. The vSphere Plugin for kubectl respects the KUBECONFIG environment variable that kubectl itself uses. Although not required, it can be useful to set this variable before running kubectl vsphere login ... so that the information is written to a new file, instead of being added to your current kubeconfig file.

Prerequisites

Get your vCenter Single Sign-On credentials.
Get the IP address of the Supervisor control plane.
Get the name of the vSphere Namespace.
Get confirmation that you have Edit permissions on the vSphere Namespace.
Download and Install the Kubernetes CLI Tools for vSphere. See the Installing and Configuring vSphere IaaS Control Plane documentation.
Verify that the certificate served by the Kubernetes control plane is trusted on your system, either by having the signing CA installed as a Trust Root or by adding the certificate as a Trust Root directly. See Configure Secure Login for vSphere IaaS Control Plane Clusters in the Installing and Configuring vSphere IaaS Control Plane documentation.

Procedure

To view the command syntax and options for logging in, run the following command.
```
kubectl vsphere login --help
```

To connect to the Supervisor, run the following command.

kubectl vsphere login --server=<KUBERNETES-CONTROL-PLANE-IP-ADDRESS> --vsphere-username <VCENTER-SSO-USER>

For example:

kubectl vsphere login --server=10.92.42.13 --vsphere-username [email protected]

This action creates a configuration file with the JSON Web Token (JWT) to authenticate to the Kubernetes API.

To authenticate, enter the password for the user.
After you connect to the Supervisor, you are presented with the configuration contexts can access. For example:
```
You have access to the following contexts:
tanzu-ns-1
tkg-cluster-1
tkg-cluster-2
```
To view details of the configuration contexts which you can access to, run the following kubectl command:
```
kubectl config get-contexts
```
The CLI displays the details for each available context.
To switch between contexts, use the following command:
```
kubectl config use-context <example-context-name>
```

What to do next

To connect to a Tanzu Kubernetes Grid Cluster, see Connect to a TKG Cluster as a vCenter Single Sign-On User in Using TKG Service with vSphere IaaS Control Plane.