Tanzu Kubernetes 1.2 Part 3: Authenticating Tanzu Kubernetes Guest Clusters with Kubectl

In my previous posts, I spoke about deploying Tanzu Kubernetes Grid and then Tanzu Kubernetes Clusters. See the posts below:

  1. Tanzu Kubernetes 1.2 Part 1: Deploying a Tanzu Kubernetes Management Cluster
  2. Tanzu Kubernetes 1.2 Part 2: Deploying a Tanzu Kubernetes Guest Cluster
  3. Tanzu Kubernetes 1.2 Part 3: Authenticating Tanzu Kubernetes Guest Clusters with Kubectl

So we are up and running!

Quick shout out to Jon Owings who helped with some much needed background on a few things.

So now if you run want to see the available clusters you can run:

tkg get clusters

You can also use kubectl to see the clusters. Since one is in a non-default namespace I need to query for that namespace.

With kubectl, when you run a command, let’s say kubectl get nodes, it will return the nodes (VMs in this case) from the kubernetes cluster that your kubectl environment is currently focused on. In other words–its context.

Above are the nodes in my management cluster. But I have a lot more nodes, other clusters and therefore more contexts. How do I see them?

If I run kubectl get contexts

I only currently only have one context–my management cluster. Why? Well, while your clusters are authenticated together, your management VM you are using does not officially know about, nor is not authenticated to those clusters. You need to get the credentials from that cluster. This information and the related credentials are stored in a default (or user specified) config file. The is a YAML (but of course) file stored in .kube/config.

The simplest way to add this is via the tkg get credentials command. I will repeat this for both of my guest clusters, one of which has a non-default namespace, so I will add that.

Once added, we will see that in my kubeconfig file now:

If we re-run get-contexts we will see them show up:

The current context (a.k.a. target) of the kubectl commands is still my management cluster. To switch context, I can use the kubectl config use-context command:

kubectl config use-context cody-prod-admin@cody-prod

Note that you do not specify the cluster name, but instead user@clustername:

My context is now cody-prod:

And if I run get nodes, I will see the nodes from that cluster:

Okay so now my kubectl is all ready to go and I can move on to storage configuration!

By the way, a quick shout out to a tool called kubectx


This really makes context switching and management a lot easier, well certainly reduces the amount of typing! Check it out.

kubectx demo GIF