Set permissions on the vSphere Namespace so that vCenter Single Sign-On users and groups can access TKG 2 clusters provisioned there.

Once you have created a vSphere Namespace, you configure it for TKG 2 clusters by adding users/groups and assigning roles. See Configure a vSphere Namespace for TKG Clusters on Supervisor.

Prerequisites

Users, groups, and role permissions are set at the vSphere Namespace level. To access Supervisor and TKG 2 clusters, you must first create a vSphere Namespace. See Create a vSphere Namespace for Hosting TKG Clusters on Supervisor.

Procedure

  1. Log into vCenter Server using the vSphere Client.
  2. Select Workload Management > Namespaces.
  3. Select the vSphere Namespace you created.
  4. Select Permissions > Add Permissions.
  5. Identity Source: Select vsphere.local for vCenter SSO users and groups.
    Note: If you are using an external identity provider, see Connecting to TKG Clusters on Supervisor Using an External Identity Provider.
  6. User/Group Search: Select the vCenter SSO user or group configured for TKG cluster operations or TKG developers.
  7. Role: Assign the user or group to a role by selecting the appropriate role: Can View, Can Edit, or Owner.
    Option Description
    Can View Can read TKG cluster objects in the vSphere Namespace.
    Can Edit Can create, read, update, and delete TKG cluster objects in the vSphere Namespace.
    Owner Can create and manage vSphere Namespaces using kubectl.
  8. Complete the configuration of the vSphere Namespace. See Configure a vSphere Namespace for TKG Clusters on Supervisor.