After the vSphere administrator provides you with the IP address of the Kubernetes control plane on the Supervisor, you can log in to the Supervisor and obtain the contexts to which you have access. In vSphere with Tanzu, contexts correspond to the namespaces on the Supervisor.

After you log in to the Supervisor, the vSphere Plugin for kubectl generates the context for the cluster. In Kubernetes, a configuration context contains a cluster, a namespace, and a user. You can view the cluster context in the file .kube/config. This file is commonly called the kubeconfig file.
Note: If you have an existing kubeconfig file, it is appended with each cluster context. The vSphere Plugin for kubectl respects the KUBECONFIG environment variable that kubectl itself uses. Although not required, it can be useful to set this variable before running kubectl vsphere login ... so that the information is written to a new file, instead of being added to your current kubeconfig file.


  • Get your vCenter Single Sign-On credentials.
  • Get the IP address of the Supervisor control plane.
  • Get the name of the vSphere Namespace.
  • Get confirmation that you have Edit permissions on the vSphere Namespace.
  • Download and Install the Kubernetes CLI Tools for vSphere. See the Installing and Configuring vSphere with Tanzu documentation.
  • Verify that the certificate served by the Kubernetes control plane is trusted on your system, either by having the signing CA installed as a Trust Root or by adding the certificate as a Trust Root directly. See Configure Secure Login for vSphere with Tanzu Clusters in the Installing and Configuring vSphere with Tanzu documentation.


  1. To view the command syntax and options for logging in, run the following command.
    kubectl vsphere login --help
  2. To connect to the Supervisor, run the following command.
    kubectl vsphere login --server=<KUBERNETES-CONTROL-PLANE-IP-ADDRESS> --vsphere-username <VCENTER-SSO-USER>
    For example:
    kubectl vsphere login --server= --vsphere-username
    This action creates a configuration file with the JSON Web Token (JWT) to authenticate to the Kubernetes API.
  3. To authenticate, enter the password for the user.
    After you connect to the Supervisor, you are presented with the configuration contexts can access. For example:
    You have access to the following contexts:
  4. To view details of the configuration contexts which you can access to, run the following kubectl command:
    kubectl config get-contexts
    The CLI displays the details for each available context.
  5. To switch between contexts, use the following command:
    kubectl config use-context <example-context-name>

What to do next

To connect to a Tanzu Kubernetes Grid Cluster, see Connect to a TKG Cluster as a vCenter Single Sign-On User in Using Tanzu Kubernetes Grid 2 with vSphere with Tanzu.