Follow these steps to connect to Supervisor using the Tanzu CLI.

Prerequisites

Complete the following prerequisites.
  1. Register with Supervisor an external identity provider that is OIDC compliant. See Register an External IDP with Supervisor.
  2. Grant OIDC users and groups access to a vSphere Namespace. See Configure vSphere Namespace Permissions for External Identity Provider Users and Groups.

Connect to Supervisor Using the Tanzu CLI

Complete the following steps.
Note: If you are using TKG Service 3.1 or later, download the pinniped-auth cli plugin with the same version of the TKG Service, and download the imgpkg cli plugin with latest version. Refer to the Tanzu CLI product documentation for details.
  1. Install and initialize the Tanzu CLI. See Install the Tanzu CLI for Use with TKG Service Clusters.
  2. Connect to Supervisor by running the following command.
    tanzu context create context_name --endpoint https://10.73.27.32
    Where:
    • The context_name value is the name of an OIDC who is granted access
    • The --endpoint value is the Supervisor control plane IP address
    Note: To troubleshoot, append --stderr-only to the command, for example: tanzu login --endpoint https://IP --name USER --stderr-only.
  3. When the challenge is issued, visit the link using your browser.
    Figure 1. Tanzu CLI Login
    Tanzu CLI Login
  4. Copy/paste the authorization code into the Tanzu CLI.
    tanzu context create context_name --endpoint https://10.73.27.32

Detected a vSphere Supervisor being used
Log in by visiting this link:
...
https://10.27.62.33/wcp/pinniped/oauth2/authorize?..
... 
Optionally, paste your authorization code: G2TcS145Q4e6A1YKf743n3BJlfQAQ_UdjXy38TtEEIo.ju4QV3PTsUvOigVUtQllZ7AJFU0YnjuLHTRVoNxvdZc
... 
✔ successfully logged in to management cluster using the kubeconfig oidc-user
Checking for required plugins...
All required plugins are already installed and up-to-date
  5. Once authenticated you can use the Tanzu CLI to provision a TKG cluster in the target vSphere Namespace where you have access. See Workflow for Provisioning TKG Clusters Using the Tanzu CLI.