Use this section to troubleshoot TKG cluster connection problems and log on errors.
Insufficient Permissions Error
If you do not have sufficient permissions on the vSphere Namespace, you cannot connect to Supervisor or to a TKG cluster as a vCenter Single Sign-On user.
The vSphere Plugin for kubectl returns the error message Error from server (Forbidden)
when you attempt to connect to Supervisor or a TKG cluster as a vCenter Single Sign-On user.
You do not have sufficient role permissions on the vSphere Namespace, or your user account has not been granted access.
If you are a DevOps engineer who operates the cluster, verify with your vSphere administrator that you have been granted Edit permissions for the vSphere Namespace. If you are a developer who is using the cluster to deploy workloads, verify with your cluster administrator that you have been granted cluster access.
Kubectl vSphere Login Error
Failed to get available workloads, response from the server was invalid.
-v=10
to get more verbose log output.
kubectl vsphere login --server=10.110.150.56 --vsphere-username [email protected] -v=10
invalid or missing credentials
error.
DEBU[0000] User passed verbosity level: 10 DEBU[0000] Setting verbosity level: 10 DEBU[0000] Setting request timeout: DEBU[0000] login called as: /usr/local/bin/kubectl-vsphere login --server=10.110.150.56 --vsphere-username [email protected] -v=10 DEBU[0000] Creating wcp.Client for --server=10.110.150.56. INFO[0000] Does not appear to be a vCenter or ESXi address. DEBU[0000] Got response: INFO[0000] Using [email protected] as username. DEBU[0000] Env variable KUBECTL_VSPHERE_PASSWORD is present DEBU[0000] Error while getting list of workloads: invalid or missing credentials FATA[0000] Failed to get available workloads, response from the server was invalid.
SSH to Supervisor
- Log in to vCenter using the root user account.
- Type
dcli +i
to use the datacenter CLI in interactive mode. - Run the command
namespacemanagement software clusters list
to return the status of the Supervisor. - Type
exit
to exit thedcli
shell. - Type
shell
to enter bash shell mode. - Type
/usr/lib/vmware-wcp/decyptK8Pwd.py
to get the IP address and password for Supervisor. - Type
ssh 10.100.150.56
to ssh to Supervisor, where you replace the example IP address with the IP address returned by the previous command.